Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
Analysis ID:1393283
MD5:095cb2ef9c61816f0f00562532b04e54
SHA1:e111d19f0e798ac0fcf06ef6047bc1139a44c045
SHA256:79ca78f685ac8f3b6ca6d8edbbfd0227a171ebd7b461d1ab993b240c45b759a3
Tags:exe
Infos:

Detection

Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to detect sleep reduction / modifications
Detected VMProtect packer
Hides threads from debuggers
Machine Learning detection for sample
Sample is protected by VMProtect
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Detected potential crypto function
Entry point lies outside standard sections
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 7600 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://txz.qq.com/p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 7832 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1752,i,6384267855548143656,6449548652770198848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1988 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3032 --field-trial-handle=1752,i,6384267855548143656,6449548652770198848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeReversingLabs: Detection: 39%
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeVirustotal: Detection: 44%Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeJoe Sandbox ML: detected
Source: https://v.qq.com/thumbplayer-offline-log.html?max_age=3600HTTP Parser: No favicon
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49736 version: TLS 1.0
Source: unknownHTTPS traffic detected: 129.226.103.162:443 -> 192.168.2.7:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 180.95.234.204:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 203.205.136.80:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 129.226.103.162:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 43.135.106.65:443 -> 192.168.2.7:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 129.226.107.134:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 157.255.220.168:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 43.152.136.177:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 129.226.106.26:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.7:49973 version: TLS 1.2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00432160 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA,1_2_00432160
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00494C1D __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,1_2_00494C1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0043B3A0 FindNextFileA,FindClose,FindFirstFileA,FindClose,1_2_0043B3A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00443540 FindFirstFileA,FindClose,1_2_00443540
Source: Joe Sandbox ViewIP Address: 129.226.107.134 129.226.107.134
Source: Joe Sandbox ViewIP Address: 129.226.102.234 129.226.102.234
Source: Joe Sandbox ViewIP Address: 203.205.136.80 203.205.136.80
Source: Joe Sandbox ViewJA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownHTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49736 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 52.165.165.26
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknownTCP traffic detected without corresponding DNS query: 104.98.116.138
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_004733C0 InternetConnectA,HttpOpenRequestA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,1_2_004733C0
Source: global trafficHTTP traffic detected: GET /cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: ui.ptlogin2.qq.com
Source: global trafficHTTP traffic detected: GET /ptlogin/v4/style/40/images/logo.png HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imgcache.qq.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/theme/theme_0.css HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /style/11/images/icon_24_c_3.png HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ui.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b
Source: global trafficHTTP traffic detected: GET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/error_icon_ie.png HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_left_ie.png HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ptlogin/v4/style/40/images/onekey_tips.png HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imgcache.qq.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ptlogin/v4/style/40/images/icon_3_tiny.png HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: imgcache.qq.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_right_ie.png HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.js HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /style/0/images/load.gif HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ui.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /cross_proxy.html HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ui.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/20/images/shouQ_v2/qr_tips.png HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: qq-web-legacy.cdn-go.cnConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /report/007?app=qfingerprint-device-id&url=device-id%2Funsupport&type=1&httpcode=undefined&retcode=9999&cost=10086 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: report.qqweb.qq.comConnection: Keep-AliveCookie: _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrshow?appid=21000124&e=2&l=M&s=3&d=72&v=4&t=0.07547320607663266&daid=8&pt_3rd_aid=0&u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /cgi-bin/report?id=2732844 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ui.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=h7TpwPWTnx9b8Nd&MD=UGSOSwfe HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /TCaptcha.js HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.captcha.qq.comConnection: Keep-AliveCookie: _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /1/tcaptcha-frame.28d99140.js HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: captcha.gtimg.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069890529&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124 HTTP/1.1Host: txz.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /template/drag_ele.html HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: t.captcha.qq.comConnection: Keep-AliveCookie: _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /js/c_login_2.js?v=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ui.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /1/dy-ele.b2eedcdd.js HTTP/1.1Accept: */*Referer: https://t.captcha.qq.com/template/drag_ele.htmlAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: captcha.gtimg.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /1/dy-jy.js HTTP/1.1Accept: */*Referer: https://t.captcha.qq.com/template/drag_ele.htmlAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: captcha.gtimg.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /mobileqq/ HTTP/1.1Host: im.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069893516&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /aegis/aegis-sdk/latest/aegis.min.js HTTP/1.1Host: cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/js/vue-chunk.bc9c2585.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/css/other-chunk.b343dd17.css HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/css/chunk-vendors.120b3a4b.css HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/js/other-chunk.ddf042d1.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/js/chunk-vendors.e3b9a42f.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/js/mobile.0d250445.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/css/mobile.c220a045.css HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /library/latest/qqapi/qqapi.wk.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069896531&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp HTTP/1.1Host: cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: im.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://im.qq.com/mobileqq/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=64fb0a5a1e6bde98b2cf602a7e28e948
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/qq9.03144aa7.svg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/mobile.c220a045.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/qq9_introduce_poster.afa30316.jpg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/mobile.c220a045.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /thumbplayer-offline-log.html?max_age=3600 HTTP/1.1Host: v.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1 HTTP/1.1Host: v.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sdk/4.5.16/beacon_web.min.js HTTP/1.1Host: beacon.cdn.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /index HTTP/1.1Host: im.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=64fb0a5a1e6bde98b2cf602a7e28e948
Source: global trafficHTTP traffic detected: GET /qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp HTTP/1.1Host: cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069899531&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /index/ HTTP/1.1Host: im.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=64fb0a5a1e6bde98b2cf602a7e28e948
Source: global trafficHTTP traffic detected: GET /aegis/aegis-sdk/latest/aegis.min.js HTTP/1.1Host: cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-Modified-Since: Thu, 18 Jan 2024 04:18:18 GMTsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/css/pc.de353407.css HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/js/pc.5c234203.js HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069902540&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /collect/pv?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://im.qq.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://im.qq.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/scene-bg-x.6a1a9834.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/qq9.03144aa7.svg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/qq9logo.2a076d03.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/phone.55b5179d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/poster.712f34ab.jpg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /thumbplayer-offline-log.html?max_age=3600 HTTP/1.1Host: v.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /web/im.qq.com/qq9_introduction_poster.jpg HTTP/1.1Host: static-res.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /web/im.qq.com/qq9_introduction_poster.jpg HTTP/1.1Host: static-res.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /collect/events?payload=%5B%7B%22name%22%3A%22QQ%E6%96%B0%E7%89%88%E5%AE%98%E7%BD%91%E9%A6%96%E9%A1%B5%E6%9B%9D%E5%85%89%22%2C%22ext1%22%3A%22%22%2C%22ext2%22%3A%22%22%2C%22ext3%22%3A%22%22%7D%5D&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://im.qq.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069905601&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/qq9.03144aa7.svg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/qq9logo.2a076d03.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/phone.55b5179d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/poster.712f34ab.jpg HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/scene-bg-x.6a1a9834.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-1.9d39f9ad.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-2.f6af1bfb.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-1.45f490cc.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-logo-1.c1c08300.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-2.bb8e2315.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-logo-1.c1c08300.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-4.cf504f86.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069908611&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-1.9d39f9ad.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-2.bb8e2315.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-1.45f490cc.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-2.f6af1bfb.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-logo-4.2763deef.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-4.cf504f86.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-5.fe6684a7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-logo-5.87d757fd.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-5-1.cae9b87a.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-6.1dc4108f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-7.12c86460.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-logo-4.2763deef.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069911609&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-8.2357f6e0.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-5.fe6684a7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-11.dabd0e54.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-logo-11.b87d994b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-1.b1b04c2f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-logo-5.87d757fd.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-5-1.cae9b87a.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-6.1dc4108f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-2.3e3799e7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-7.12c86460.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-3.2b846208.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-8.2357f6e0.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-4.8c005656.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-5.8836fb89.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sdk/4.5.16/beacon_web.min.js HTTP/1.1Host: beacon.cdn.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-6.1922815c.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-11.dabd0e54.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-7.c9b84e44.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1 HTTP/1.1Host: v.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tencentvideo/txp/style/img/loading.png HTTP/1.1Host: vm.gtimg.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/guild-logo-11.b87d994b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-8.492bed09.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-1.b1b04c2f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-2.3e3799e7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /speed/performance?dnsLookup=0&tcp=0&ssl=0&ttfb=356&contentDownload=37&domParse=2235&resourceDownload=1070&firstScreenTiming=4583&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1Host: aegis.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://im.qq.comSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069914610&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-3.2b846208.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tencentvideo/txp/style/img/loading.png HTTP/1.1Host: vm.gtimg.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-4.8c005656.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-5.8836fb89.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-6.1922815c.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-7.c9b84e44.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-8.492bed09.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /tencentvideo/txp/style/img/loading.png HTTP/1.1Host: vm.gtimg.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069917611&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-9.32e87ba4.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-10.fdbd43f2.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-me.8d49096f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-yd.e89120ca.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-wz.c59f5aa3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-gm.6afa3939.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /web/im.qq.com/qq9_1080.mp4 HTTP/1.1Host: static-res.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://im.qq.com/Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global trafficHTTP traffic detected: GET /web/im.qq.com/qq9-introduction.mp4 HTTP/1.1Host: static-res.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept-Encoding: identity;q=1, *;q=0sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: videoReferer: https://im.qq.com/Accept-Language: en-US,en;q=0.9Range: bytes=0-
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-ql.44e6743e.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-10.fdbd43f2.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-xx.0c154e87.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-9.32e87ba4.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-jy.26b790ff.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-sd.a5b9101b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-me.8d49096f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-1.25daaddf.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/bg.252a624b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://im.qq.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-2.47e8b6d6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-yd.e89120ca.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-wz.c59f5aa3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-gm.6afa3939.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069920609&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-3.13d69f7b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-4.4a2b7aa6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-5.497658cf.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-6.7bfb07b7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-ql.44e6743e.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-xx.0c154e87.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-7.814d1434.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-jy.26b790ff.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-8.c0d3424b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-1.25daaddf.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/role-sd.a5b9101b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-2.47e8b6d6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/bg.252a624b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-9.348ed857.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-4.4a2b7aa6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-10.de84dd3b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-11.1e3d5127.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-12.a1354ef0.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-13.5bb4e455.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /kv?attaid=05700050920&token=3619167286&topUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&pageUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&domain=im.qq.com&channel=0&from=2&version=1.15.2&platform=&kernel=origin&_dc=0.5179496214337087 HTTP/1.1Host: h.trace.qq.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/user-profile.a6a93e4d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-3.13d69f7b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-6.7bfb07b7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-7.814d1434.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069923625&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-5.497658cf.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /kv?attaid=05700050920&token=3619167286&topUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&pageUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&domain=im.qq.com&channel=0&from=2&version=1.15.2&platform=&kernel=origin&_dc=0.5179496214337087 HTTP/1.1Host: h.trace.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/boy.c5ae9f89.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/girl.031060e3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/preview-all.ad0b1649.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-1.31d4bb78.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-4.a0581c94.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1Host: otheve.beacon.qq.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-8.c0d3424b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-11.1e3d5127.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-9.348ed857.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-10.de84dd3b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-5.587b1e5e.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-7.17756db7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-8.18097ed7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-9.39b61a69.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-12.a1354ef0.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/room-13.5bb4e455.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-10.4f6a1e0d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/user-profile.a6a93e4d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=h7TpwPWTnx9b8Nd&MD=UGSOSwfe HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-12.963691a2.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/boy.c5ae9f89.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-13.f040bb44.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069926627&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-14.6ebef64d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-17.ca026495.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-1.31d4bb78.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-18.49af16e6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-4.a0581c94.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/girl.031060e3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/preview-all.ad0b1649.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-22.77473c1b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-23.132fbdba.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-26.3e460242.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-5.587b1e5e.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-28.cf48975b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-7.17756db7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-9.39b61a69.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-10.4f6a1e0d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-29.bf39516b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-1.e3569743.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-12.963691a2.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-2.9a3b1afa.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-3.f961bc34.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/brand-text.561ce6a3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-13.f040bb44.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-17.ca026495.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069929617&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-1.5a6a85fe.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-2.5d02382f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-18.49af16e6.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-22.77473c1b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-8.18097ed7.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-14.6ebef64d.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-3.88e518ac.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-23.132fbdba.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-26.3e460242.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-28.cf48975b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/ornament-29.bf39516b.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/brand-text.561ce6a3.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-3.f961bc34.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-1.e3569743.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET //im.qq.com_new/7bce6d6d/asset/favicon.ico HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-1.5a6a85fe.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069932675&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-2.9a3b1afa.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-2.5d02382f.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /im.qq.com_new/de9c920b/img/page-3.88e518ac.png HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET //im.qq.com_new/7bce6d6d/asset/favicon.ico HTTP/1.1Host: qq-web.cdn-go.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069935674&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /qzone/qzact/act/external/tiqq/logo.png HTTP/1.1Host: qzonestyle.gtimg.cnConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://im.qq.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069938667&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /qzone/qzact/act/external/tiqq/logo.png HTTP/1.1Host: qzonestyle.gtimg.cnConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069941673&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069944665&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069947677&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069950679&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069953699&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069956719&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069959715&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069962714&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069966106&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069968739&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069971755&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069974766&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069977771&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069980791&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000A83DEAB4AE HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069983802&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069986807&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069989816&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069992816&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069995819&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069998824&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708070001825&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708070004829&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708070007827&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1Accept: */*Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htmAccept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ssl.ptlogin2.qq.comConnection: Keep-AliveCookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
Source: global trafficHTTP traffic detected: GET /cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm HTTP/1.1Accept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: ui.ptlogin2.qq.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124 HTTP/1.1Host: txz.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /index/ HTTP/1.1Host: im.qq.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: tgw_l7_route=64fb0a5a1e6bde98b2cf602a7e28e948
Source: unknownDNS traffic detected: queries for: ui.ptlogin2.qq.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=nNadqW9uTcY0OP6I3afnr71o6EzaYLsdpW4UEYN3vYq_rbRrNFxM1jozPGuhjORBZKKMz2tdDpVe7dNuTWp4CyK-zt5Is6wVElveWAfKQgwNJiKKtXHCCCmrlgzZTl5CiKjTeA2iQqf6zlRK2h8wg1hVpIsWsaKqaWJyHMPF3JA
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: application/xmlDate: Fri, 16 Feb 2024 07:43:00 GMTServer: tencent-cosx-cos-request-id: NjVjZjEyMDRfNjczNTJjMGJfMjEyYzRfNzk0MmY4ZQ==x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWRlZDk5YzgyOTg0ZTg2ODA1ODFjOGY0MWFhYWFhOTdmZWZiMTE1MDY5YzA1ZGY5MzIyY2I1OTg3YjI4MDViMDI=Content-Length: 511X-NWS-LOG-UUID: 1295915586044575746Connection: closeX-Cache-Lookup: Cache HitAccess-Control-Allow-Origin: *Vary: User-Agent,OriginCache-Control: max-age=666Is-Immutable-In-The-Future: false
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 16 Feb 2024 07:51:48 GMTContent-Type: text/plainContent-Length: 13Connection: closeServer: openrestyX-Powered-By: ExpressAccess-Control-Allow-Origin: *
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3225513953.000000000D321000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http:///checkqq.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.game.qq.com/cf/a20130607zc/doInvite.php?action=doinvite&uin=
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.game.qq.com/cf/a20130607zc/doInvite.php?action=doinvite&uin=http://apps.game.qq.com/cf/a
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.game.qq.com/cf/a20130607zc/getInviteList.php?action=getlist&rd=0.9517322121812509&_=1371
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.game.qq.com/cf/a20130607zc/getInviteNum.php?action=getInviteNum&rd=0.06503603369466354&_
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.game.qq.com/cgi-bin/lottery_MS/5111/mileStoneMain.cgi?iActivityId=5111&sArea=343&iSex=&s
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://apps.game.qq.com/cgi-bin/lottery_MS/displayPersonalPackage.cgi?iActivityId=5111%7C111&iPageSi
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.000000000401A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206611129.0000000004034000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cf.qq.com/act/a20130607zc/index.htm
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://cf.qq.com/act/a20130607zc/index.htmhttp://apps.game.qq.com/cf/a20130607zc/getInviteList.php?a
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://count.2881.com/count/count.asp?id=28688&sx=1&ys=43
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481238626.00000000040A6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3224030171.000000000D288000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214577216.000000000BDE0000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js0.1.drString found in binary or memory: http://dldir2.qq.com/invc/xfspeed/qqpcmgr/clinic/image/tipsicon_qq.png
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: http://im.qq.com/browserupgrade.html
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1523848309.000000000BCE6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598123299.000000000D24C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524915745.000000000BCEC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598239465.000000000D253000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524345151.000000000BCE9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524302918.000000000BCE8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1597411690.000000000D249000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598191395.000000000D24F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524953772.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481238626.00000000040A6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213258182.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524460217.000000000BCEA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3223495179.000000000D258000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598411134.000000000D257000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598060908.000000000D24B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598365305.000000000D256000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598287202.000000000D255000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1525076994.000000000BCEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://im.qq.com/macqq/index.shtml#im.qqformac.plusdown
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://im.qq.com/mobileqq/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: http://im.qq.com/mobileqq/#from=login
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://im.qq.com/mobileqq/#from=login1
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://im.qq.com/mobileqq/#from=loginH
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://im.qq.com/mobileqq/#from=loginl
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://im.qq.com/mobileqq/#from=loginv
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://im.qq.com/mobileqq/5
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1523848309.000000000BCE6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598123299.000000000D24C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524915745.000000000BCEC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598239465.000000000D253000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524345151.000000000BCE9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524302918.000000000BCE8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1597411690.000000000D249000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598191395.000000000D24F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524953772.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481238626.00000000040A6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213258182.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524460217.000000000BCEA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3223495179.000000000D258000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598411134.000000000D257000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598060908.000000000D24B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598365305.000000000D256000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598287202.000000000D255000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1525076994.000000000BCEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://im.qq.com/qq/2013/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511830340.000000000BC62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512022813.000000000BC64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511792229.000000000BC61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3212393934.000000000BC60000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512138028.000000000BC66000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511737035.000000000BC60000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511923133.000000000BC63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512101104.000000000BC65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://imgcache.qq.com/ptlogin/v4/style/0/images/1.gif
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221404970.000000000D02B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://imgcache.qq.com/ptlogin/v4/style/0/images/1.gif:
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481238626.00000000040CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://imgcache.qq.com/ptlogin/v4/style/0/images/1.gif_
Source: c_login_2[1].js0.1.drString found in binary or memory: http://isdspeed.qq.com/cgi-bin/r.cgi?
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1522781249.000000000BCC0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1522838396.000000000BCC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://isdspeed.qq.com/cgi-bin/r.cgi?http://isdspeed.qq.com/cgi-bin/r.cgi?SSOAxCtrlForPTLogin.SSOFor
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221907729.000000000D165000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://isdspeed.qq.com/cgi-bin/r.cgi?http://isdspeed.qq.com/cgi-bin/r.cgi?kH
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207634829.00000000043F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mat1.gtimg.com/www/js/common_v2.js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mat1.gtimg.com/www/js/common_v2.jsf
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214011274.000000000BDA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://qq.com/check
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3210255617.000000000AE9F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C49A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://t.captcha.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000903000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.co
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aegis.qq.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214920266.000000000BE42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://captcha-static-1258476245.cos.ap-guangzhou.myqcloud.com/img/noborder_six.pngNatK
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213258182.000000000BCE6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com//
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213626713.000000000BD24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, drag_ele[1].htm.1.drString found in binary or memory: https://captcha.gtimg.com/1/dy-ele.b2eedcdd.js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/dy-ele.b2eedcdd.jsY
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/dy-ele.b2eedcdd.jses/logo.pngptlogin/v4/style/theme/theme_0.cssp
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/dy-ele.b2eedcdd.jspadding:0;margin-top:1px;position:absolute
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/dy-ele.b2eedcdd.jsrag_ele.html...
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, drag_ele[1].htm.1.drString found in binary or memory: https://captcha.gtimg.com/1/dy-jy.js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/dy-jy.js9
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214011274.000000000BDA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/dy-jy.jsS
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/dy-jy.jsg
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/dy-jy.jsgz
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/dy-jy.jstemplate/drag_ele.html...FFF
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360893014.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360494509.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360687228.00000000039EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360668344.0000000003A03000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360547866.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360526055.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207397912.00000000043B0000.00000004.00000800.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://captcha.gtimg.com/1/tcaptcha-frame
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/tcaptcha-frame.28d99140.js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/tcaptcha-frame.28d99140.js.
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/tcaptcha-frame.28d99140.js6610m1
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/tcaptcha-frame.28d99140.jsS
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/tcaptcha-frame.28d99140.jsd
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/1/tcaptcha-frame.28d99140.jsn%22%3A%22resize%22%2C%22width%22%3A493%2C%22h
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/16
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/O
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214011274.000000000BDA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://captcha.gtimg.com/public/res/tcaptcha-icons-merge.34d219bf.png)
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://cdn-go.cn/aegis/aegis-sdk/latest/aegis.min.js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1484365493.00000000040DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3224971065.000000000D2CB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214829247.000000000BE34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zloirock/core-js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221595705.000000000D0F7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214829247.000000000BE20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zloirock/core-js/blob/v3.21.1/LICENSE
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213626713.000000000BD33000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://global.captcha.gtimg.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214717360.000000000BE09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://global.captcha.gtimg.comGET_CAPTCHA_CONFIG_REQUEST_ERROR
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2035352287.000000000D388000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3226469755.000000000D388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://global.captcha.gtimg.comt
Source: c_login_2[1].js0.1.drString found in binary or memory: https://huatuospeed.weiyun.com/cgi-bin/r.cgi?
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593332154.000000000D1C2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593295684.000000000D1C0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3222573227.000000000D1C3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207489659.00000000043E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://huatuospeed.weiyun.com/cgi-bin/r.cgi?NatK
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481238626.00000000040CE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596491878.000000000D224000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511830340.000000000BC62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596672539.000000000D22A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3223193319.000000000D230000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596809481.000000000D22E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596768788.000000000D22C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596452339.000000000D223000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596398918.000000000D221000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596642836.000000000D229000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512022813.000000000BC64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596601503.000000000D226000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511792229.000000000BC61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3212393934.000000000BC60000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512138028.000000000BC66000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596844160.000000000D22F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596522095.000000000D225000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511737035.000000000BC60000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596718299.000000000D22B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511923133.000000000BC63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512101104.000000000BC65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://i.gtimg.cn/huatuo/sdk/huatuoping-sdk.min-0.1.js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481238626.00000000040A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://id.qq.com/index.html#account
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2035352287.000000000D388000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3226469755.000000000D388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://id.qq.com/index.html#accounteahttps://support.qq.com/products/14800a
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3212560186.000000000BC7C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214577216.000000000BDEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://im.qq.com/index
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1484365493.00000000040DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://im.qq.com/mobile
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214829247.000000000BE20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://im.qq.com/mobileqq
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3223960058.000000000D284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://im.qq.com/mobileqq(
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207634829.00000000043F0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481192889.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/-FB
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214577216.000000000BDEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/20/images/c_icon_1.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1591962360.000000000D168000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3222015698.000000000D171000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1592197150.000000000D16A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1592095565.000000000D169000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1592304570.000000000D170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/20/images/c_icon_1.png:
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481192889.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/20/images/c_icon_1.pngE.insertInlineCss
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3191564781.0000000000190000.00000004.00000010.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png...
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png=
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngA
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngIE5
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngM
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngw
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/logo.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.png/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.png2d
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.pngW
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.pnga
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.pnge
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.pngs
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://imgcache.qq.com/ptlogin/v4/style/40/images/onekey_tips.pngt
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360893014.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360494509.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360687228.00000000039EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360668344.0000000003A03000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360547866.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360526055.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207397912.00000000043B0000.00000004.00000800.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://localhost.ptlogin2
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593332154.000000000D1C2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593295684.000000000D1C0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3222573227.000000000D1C3000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js0.1.drString found in binary or memory: https://localhost.ptlogin2.
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207489659.00000000043DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://localhost.ptlogin2.ptui_qqprotect_querystatus_CB
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.ptlogin2.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.ptlogin2.qq.com:4301/pt_get_uins?callback=ptui_getuins_CB&r=0.6062235004893671&pt_
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.ptlogin2.qq.com:4303/pt_get_uins?callback=ptui_getuins_CB&r=0.6062235004893671&pt_
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.ptlogin2.qq.com:4305/pt_get_uins?callback=ptui_getuins_CB&r=0.6062235004893671&pt_
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1510509409.000000000C3E0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065D9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.ptlogin2.qq.com:4307/pt_get_uins?callback=ptui_getuins_CB&r=0.6062235004893671&pt_
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.ptlogin2.qq.com:4309/pt_get_uins?callback=ptui_getuins_CB&r=0.6062235004893671&pt_
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360893014.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360494509.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360687228.00000000039EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360668344.0000000003A03000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360547866.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360526055.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207397912.00000000043B0000.00000004.00000800.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://localhost.sec
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.0000000006716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.sec.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.0000000006716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.sec.qq.com/1
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596491878.000000000D224000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.0000000004024000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596672539.000000000D22A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3223193319.000000000D230000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596809481.000000000D22E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596768788.000000000D22C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596452339.000000000D223000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596398918.000000000D221000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596642836.000000000D229000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596601503.000000000D226000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596844160.000000000D22F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596522095.000000000D225000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1596718299.000000000D22B000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js0.1.drString found in binary or memory: https://localhost.sec.qq.com:
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509444818.00000000067AE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509863312.00000000067B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.sec.qq.com:16873/?cmd=101&service=1&action=undefined&timeout=5000&_tk=0.6974370274
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://localhost.sec.qq.com:9410/?cmd=101&service=1&action=undefined&timeout=5000&_tk=0.69743702743
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000930000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598123299.000000000D24C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598239465.000000000D253000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1597411690.000000000D249000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598191395.000000000D24F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3223495179.000000000D258000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598411134.000000000D257000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598060908.000000000D24B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598365305.000000000D256000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481192889.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598287202.000000000D255000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js0.1.drString found in binary or memory: https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_open
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1523848309.000000000BCE6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524915745.000000000BCEC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524345151.000000000BCE9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524302918.000000000BCE8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524953772.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213258182.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524460217.000000000BCEA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1525076994.000000000BCEE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524828698.000000000BCEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_openbackground:
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593332154.000000000D1C2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593439486.000000000D1CC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3222696689.000000000D1D0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593386448.000000000D1C9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593295684.000000000D1C0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593413205.000000000D1CA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593500321.000000000D1CE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214011274.000000000BDA8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481192889.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593469447.000000000D1CD000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593359525.000000000D1C7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593525685.000000000D1CF000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js0.1.drString found in binary or memory: https://ping.huatuo.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360893014.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360494509.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360687228.00000000039EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360668344.0000000003A03000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360547866.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360526055.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207397912.00000000043B0000.00000004.00000800.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://pre.cdn-go.cn/
Source: login[1].htm.1.drString found in binary or memory: https://pre.cdn-go.cn/qq-web/any.ptlogin2.qq.com/33d4907a
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/0
Source: login[1].htm.1.drString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1414742871.00000000043F2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1414790390.00000000043F3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207634829.00000000043F0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207397912.00000000043B0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065C6000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/js/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.00000000008D2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.0000000004013000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480678223.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480678223.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.js3
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.js7r
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.jsnsT
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/20/images/shouQ_v2/qr_t
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/checkbox_chec
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/checkbox_unch
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/error_icon.pn
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/error_icon_ie
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_left.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.0000000006662000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_left_ie.pn
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A2B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_right.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000065DE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480678223.00000000066FD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_right_ie.p
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/phone.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/phone_ie.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/vip.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/vip_ie.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/theme/theme_0.css
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/theme/theme_0.css2~
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.cu
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214829247.000000000BE34000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3225659093.000000000D333000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://qq-web-other.cdn-go.cn/biz-libs/latest/any.ptlogin2.qq.com/fingerprintjs/index.umd.js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360893014.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360494509.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360687228.00000000039EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360668344.0000000003A03000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360547866.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360526055.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207397912.00000000043B0000.00000004.00000800.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://qq-web.cdn-go.cn/
Source: chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn//im.qq.com_new/7bce6d6d/asset/favicon.ico
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/chunk-vendors.120b3a4b.css
Source: chromecache_293.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/mobile.c220a045.css
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/other-chunk.b343dd17.css
Source: chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/chunk-vendors-legacy.0330ee43.js
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/chunk-vendors.e3b9a42f.js
Source: chromecache_293.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/mobile-legacy.5466a840.js
Source: chromecache_293.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/mobile.0d250445.js
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/other-chunk-legacy.69fda2fc.js
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/other-chunk.ddf042d1.js
Source: chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/pc-legacy.3fcdcc55.js
Source: chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/pc.5c234203.js
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/vue-chunk-legacy.c1f73fbf.js
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/vue-chunk.bc9c2585.js
Source: chromecache_293.7.dr, chromecache_232.7.drString found in binary or memory: https://qzonestyle.gtimg.cn/qzone/qzact/act/external/tiqq/logo.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.0000000006716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://report.qqweb.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://report.qqweb.qq.com/report/007?app=
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.000000000401A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3212623508.000000000BC8E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214829247.000000000BE20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://report.qqweb.qq.com/report/007?app=.
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://report.qqweb.qq.com/report/007?app=qfingerprint-device-id&url=device-id%2Funsupport&type=1&h
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213626713.000000000BD24000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sg.captcha.qcloud.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213904584.000000000BD80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.&auth_token=ptlogin2.&pt4_shttps=1superuinauth_nickauth_areaauth_uin/getface?appid=authH
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3225513953.000000000D321000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.&pt4_shttps=1P22
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213904584.000000000BD80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl./ptgetimageptlogin2.captcha.http://check./getimagegdi
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.0000000006716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.captcha.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3209816188.000000000ADF0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1543605858.000000000ADF8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481192889.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214717360.000000000BE01000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.js
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.jsh
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.captcha.qq.com/TCaptcha.jshtml#%7B%22action%22%3A%22resize%22%2C%22width%22%3A493%2C%22h
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.0000000006716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.captcha.qq.com/W
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481238626.00000000040CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.e
Source: c_login_2[1].js0.1.drString found in binary or memory: https://ssl.ptlogin2.
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207489659.00000000043DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2./pt_fetch_dev_uin?r=
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221595705.000000000D0E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2./ptqrshow?qr_push_uin=guanjia_checkbox
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207489659.00000000043DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.8
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213904584.000000000BD8F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3225579973.000000000D327000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.domLoaded
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207489659.00000000043DB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3225579973.000000000D327000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.http://ptlogin2.
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213904584.000000000BD8F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.http://ptlogin2.f
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214717360.000000000BE09000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.ptqrshowqrlogin_step2qrlogin_step3qrlogin_step1onekey_step2:
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509612400.000000000C3E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214829247.000000000BE20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.qq.com/20133D6E2DFEAF8D23229A81028C3
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.qq.com/87EC057F44029A20133D6E2DFEAF8D23229A81028C3
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509612400.000000000C3E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.qq.com/F#
Source: login[1].htm.1.drString found in binary or memory: https://ssl.ptlogin2.qq.com/j_newreg_url
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221404970.000000000D02B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.qq.com/onhttps://ssl.ptlogin2.qq.com/on
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2067279209.000000000D3D3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2186845325.000000000D3C6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.0000000004029000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqr
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509612400.000000000C3E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.qq.com/ptqrshow?appid=21000124&e=2&l=M&s=3&d=72&v=4&t=0.07547320607663266&d
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1510465206.000000000C3DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3201876500.00000000036C8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1510509409.000000000C3E0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509444818.00000000067AE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.qq.com/ptqrshow?appid=21000124&e=2&l=M&s=3&d=72&v=4&t=0.07547320607663266&daid=
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://ssl.ptlogin2.qq.com/ptui_forgetpwd
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.ptlogin2.qq.com/ptui_forgetpwd7
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512492214.000000000BC6C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511830340.000000000BC62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512310015.000000000BC6B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512646351.000000000BC6E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512022813.000000000BC64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511792229.000000000BC61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512571777.000000000BC6D000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512284786.000000000BC6A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512138028.000000000BC66000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221404970.000000000D023000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511737035.000000000BC60000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512173121.000000000BC68000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512240273.000000000BC69000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511923133.000000000BC63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512101104.000000000BC65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.uiptlogin2/cgi-bin/mNatKH$6
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221595705.000000000D0E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.xtbottom_webon
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.qq.com/produ
Source: login[1].htm.1.drString found in binary or memory: https://support.qq.com/products/14800
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.qq.com/products/14800G
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1522781249.000000000BCC0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1522838396.000000000BCC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.qq.com/products/14800https://id.qq.com/index.html#account
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000065DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.qq.com/products/14800rl.__onekeyUin)&.G
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221595705.000000000D0F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sv.aq.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207489659.00000000043DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t-captcha.gjacky.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214717360.000000000BE09000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213626713.000000000BD24000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221404970.000000000D02B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214829247.000000000BE20000.00000004.00000800.00020000.00000000.sdmp, drag_ele[1].htm.1.drString found in binary or memory: https://t.captcha.qq.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/Nd
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/a
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360893014.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360494509.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360687228.00000000039EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360668344.0000000003A03000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360547866.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360526055.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207397912.00000000043B0000.00000004.00000800.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://t.captcha.qq.com/cap_union_prehandle
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/e
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/tcapicon.eot
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/tcapicon.eotP#
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3198878516.00000000023C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065C6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000929000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html#
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C47B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html#.
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html.
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C49A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3198878516.00000000023C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html...
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html...p/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3198878516.00000000023C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html...qq.com/ptqrshow?appid=21000124&e=2&l=M&s=3&d=72&v=
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html140.js0px;
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3198878516.00000000023CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html22action%22%3A%22resize%22%2C%22width%22%3A4932C%22he
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html48.1N
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html=
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3198878516.00000000023C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.html=1&ys=43T
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlColorstr=#D8FFFFFF
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlH
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlag_ele.html...es/shouQ_v2/qr_tips.png...
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlc
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlg
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214011274.000000000BDA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlhttps://t.captcha.qq.com/template/drag_ele.html
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2546496798.000000000D38B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2576863106.000000000D38C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3226469755.000000000D388000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2546563110.000000000D38C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2576834517.000000000D38B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlhttps://t.captcha.qq.com/template/drag_ele.htmld
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmll
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlo
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlp
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.com/template/drag_ele.htmlv
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.captcha.qq.comm
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213904584.000000000BD80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://trpc-test.captcha.qq.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214717360.000000000BE1A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://trpc-test.captcha.qq.com/tdx.js?app_data=6835480660924280832&t=1008091571?t=1629705586
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2035352287.000000000D388000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3226469755.000000000D388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://trpc-test.captcha.qq.comNatKH$:
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3218665487.000000000CB84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.cBk
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479824242.0000000006714000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000909000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509612400.000000000C3E8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-b
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/login
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/login?app
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_ur
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerror
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000674F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.c
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/report?id=2732844
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/report?id=2732844.
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.0000000006716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/report?id=27328447
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1543605858.000000000ADF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/report?id=2732844Q
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/report?id=2732844S
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://ui.ptlogin2.qq.com/cgi-bin/report?id=301240
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1510465206.000000000C3DA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1510509409.000000000C3E0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1543605858.000000000ADF8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.html
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3191564781.0000000000190000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.html#%7B%22action%22%3A%
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3191564781.0000000000190000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.html#%7B%22action%22%3A%22resize%2
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.html#%7B%22action%22%3A%22resize%22%2C%22width%22%3A493%2C%22
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.html%7B%22action%22%3A%22resize%22%2C%22width%22%3A493%2C%22h
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.html...~
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3209816188.000000000ADF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.html0
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.htmlT
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.html_proxy.html.../index.htm&no_verifyimg=1&qlogin_jumpname=j
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3211874171.000000000BC20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.htmlhttps://ui.ptlogin2.qq.com/cross_proxy.html
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/cross_proxy.htmlss
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3210255617.000000000AEB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/js/c_login_2.js?v=v1.48.1
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/js/c_login_2.js?v=v1.48.1I/m
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/js/c_login_2.js?v=v1.48.1X/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/js/c_login_2.js?v=v1.48.1h
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214920266.000000000BE42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/js/c_login_2.js?v=v1.48.1m
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/js/c_login_2.js?v=v1.48.1rence:1MStore
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207206901.0000000004210000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://ui.ptlogin2.qq.com/style.ssl/40
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.000000000401A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style.ssl/40T
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481192889.00000000040FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style/
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style/-area
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481238626.00000000040CE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207634829.00000000043F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/1.gif
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3209816188.000000000ADF0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1543605858.000000000ADF8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065C6000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gif
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509444818.00000000067AE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509863312.00000000067B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gif...
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gif/n
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style/0/images/load.gif4
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479888925.0000000003A49000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479824242.0000000006714000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://ui.ptlogin2.qq.com/style/11/images/icon_24_c_3.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style/11/images/icon_24_c_3.png...
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A47000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479888925.0000000003A49000.00000004.00000020.00020000.00000000.sdmp, login[1].htm.1.drString found in binary or memory: https://ui.ptlogin2.qq.com/style/11/images/icon_3.png
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1523848309.000000000BCE6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598123299.000000000D24C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524915745.000000000BCEC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598239465.000000000D253000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524345151.000000000BCE9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524302918.000000000BCE8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1597411690.000000000D249000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598191395.000000000D24F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524953772.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213258182.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524460217.000000000BCEA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3223495179.000000000D258000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598411134.000000000D257000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598060908.000000000D24B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598365305.000000000D256000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481192889.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598287202.000000000D255000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1525076994.000000000BCEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style/34/images/icon_5.png)
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1522781249.000000000BCC0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1522838396.000000000BCC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ui.ptlogin2.qq.com/style/https://ssl.captcha.qq.com/TCaptcha.js
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49956
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49954
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49952
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49945 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49956 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49929 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 49952 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49954 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50032 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50032
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
Source: unknownHTTPS traffic detected: 129.226.103.162:443 -> 192.168.2.7:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 180.95.234.204:443 -> 192.168.2.7:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 203.205.136.80:443 -> 192.168.2.7:49702 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.7:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.7:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 129.226.103.162:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 43.135.106.65:443 -> 192.168.2.7:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 129.226.107.134:443 -> 192.168.2.7:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.7:49725 version: TLS 1.2
Source: unknownHTTPS traffic detected: 157.255.220.168:443 -> 192.168.2.7:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 43.152.136.177:443 -> 192.168.2.7:49741 version: TLS 1.2
Source: unknownHTTPS traffic detected: 129.226.106.26:443 -> 192.168.2.7:49745 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.7:49973 version: TLS 1.2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00456CE0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_00456CE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00456CE0 GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,GlobalFree,EmptyClipboard,SetClipboardData,CloseClipboard,1_2_00456CE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00456E30 OpenClipboard,GetClipboardData,CloseClipboard,GlobalSize,GlobalLock,GlobalUnlock,CloseClipboard,1_2_00456E30
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_004993D1 GetKeyState,GetKeyState,GetKeyState,GetKeyState,1_2_004993D1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00455540 GetKeyState,GetKeyState,GetKeyState,CopyRect,1_2_00455540
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_004436F0 GetKeyState,GetKeyState,GetKeyState,GetKeyState,1_2_004436F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_004977D5 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,1_2_004977D5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00441AB0 IsWindowEnabled,TranslateAcceleratorA,IsChild,GetFocus,PostMessageA,PostMessageA,SendMessageA,IsChild,IsWindow,IsWindowVisible,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetParent,SendMessageA,WinHelpA,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,IsWindow,1_2_00441AB0

System Summary

barindex
Detected VMProtect packer
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeStatic PE information: .vmp0 and .vmp1 section names
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_7600_253672122Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0044C0901_2_0044C090
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_004901411_2_00490141
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0048C3C61_2_0048C3C6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0042A7801_2_0042A780
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0046E8301_2_0046E830
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00496A711_2_00496A71
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00484AF01_2_00484AF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0043CE901_2_0043CE90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0045F7D01_2_0045F7D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_004398101_2_00439810
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0043B9C01_2_0043B9C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_004459E01_2_004459E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0045D9801_2_0045D980
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00451A001_2_00451A00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0046DD901_2_0046DD90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00443DB01_2_00443DB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: String function: 00495B31 appears 51 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: String function: 0048462F appears 35 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: String function: 00485704 appears 159 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: rasapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: rasman.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: oledlg.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: msiso.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: mshtml.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: msimtf.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: jscript9.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: d2d1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dxtrans.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: atl.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: ddrawex.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: ddraw.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dciman32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: dxtmsft.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: imgutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeSection loaded: xmllite.dllJump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal68.evad.winEXE@18/371@70/31
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00429E90 CoCreateInstance,CoCreateInstance,CoCreateInstance,1_2_00429E90
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0047C7D6 FindResourceA,LoadResource,LockResource,1_2_0047C7D6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\login[1].htmJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeReversingLabs: Detection: 39%
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeVirustotal: Detection: 44%
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://txz.qq.com/p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1752,i,6384267855548143656,6449548652770198848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3032 --field-trial-handle=1752,i,6384267855548143656,6449548652770198848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1752,i,6384267855548143656,6449548652770198848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3032 --field-trial-handle=1752,i,6384267855548143656,6449548652770198848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Data Obfuscation

barindex
Sample is protected by VMProtect
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeStatic PE information: Section: .vmp1 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0043AE00 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,1_2_0043AE00
Source: initial sampleStatic PE information: section where entry point is pointing to: .vmp1
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeStatic PE information: section name: .vmp0
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeStatic PE information: section name: .vmp1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00508000 push 97757C1Dh; mov dword ptr [esp], ecx1_2_00509B89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00484010 push eax; ret 1_2_0048403E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00508036 push A02DE3E9h; mov dword ptr [esp], eax1_2_0050A417
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_005094BF push 97757C1Dh; mov dword ptr [esp], ecx1_2_00509B89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00485704 push eax; ret 1_2_00485722
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0BF06E76 push es; ret 1_2_0BF06E78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0BF031E1 push 8B000002h; iretd 1_2_0BF031E6
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0BF0340E push ds; iretd 1_2_0BF0340F
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeStatic PE information: section name: .vmp1 entropy: 7.923481993036869
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0043EAD0 DestroyCursor,IsWindowVisible,IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMenu,DeleteMenu,GetSystemMenu,1_2_0043EAD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00442CA0 IsIconic,IsZoomed,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,IsWindow,ShowWindow,1_2_00442CA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0043F1A0 IsIconic,IsZoomed,1_2_0043F1A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0047B4D3 IsIconic,GetWindowPlacement,GetWindowRect,1_2_0047B4D3
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00439810 IsWindow,IsIconic,SetActiveWindow,IsWindow,IsWindow,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,DestroyAcceleratorTable,DestroyMenu,SetParent,SetWindowPos,IsWindow,SendMessageA,SendMessageA,DestroyAcceleratorTable,IsWindow,IsWindow,IsWindow,IsWindow,IsWindow,GetParent,GetFocus,IsWindow,SendMessageA,IsWindow,GetFocus,SetFocus,1_2_00439810
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Contains functionality to detect sleep reduction / modifications
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00474CC01_2_00474CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: 36A0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: 4210000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: 43B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: 4410000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: 4430000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: ADC0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BC00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BC40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BCA0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BD00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BD40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BDC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BE60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BE80000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BEC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BF30000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BF50000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BF70000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BF90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BFB0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: C8F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BFF0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: BD60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: CD90000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: CDC0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: CDE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: CE00000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: CE20000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: CE40000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: CE60000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: CFE0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D180000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D200000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D260000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D2E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D3A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D3E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D580000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D5C0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D5E0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D620000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D640000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D660000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D680000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D6A0000 memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D5A0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D600000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D7B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D7D0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D7F0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D810000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D830000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D850000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D870000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D890000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D8B0000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: D000000 memory commit | memory reserve | memory write watchJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeAPI coverage: 3.9 %
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00474CC01_2_00474CC0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00432160 FindFirstFileA,SendMessageA,SendMessageA,FindNextFileA,FindClose,SendMessageA,1_2_00432160
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00494C1D __EH_prolog,GetFullPathNameA,lstrcpynA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrcpyA,1_2_00494C1D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0043B3A0 FindNextFileA,FindClose,FindFirstFileA,FindClose,1_2_0043B3A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00443540 FindFirstFileA,FindClose,1_2_00443540
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.00000000008D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
Source: chromecache_233.7.drBinary or memory string: chGfs
Source: SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0043AE00 GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,FreeLibrary,FreeLibrary,1_2_0043AE00
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0045F1A0 GetProcessHeap,OleInitialize,GetModuleFileNameA,SetCurrentDirectoryA,LoadCursorA,GetStockObject,GetCurrentThreadId,1_2_0045F1A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0048F44F SetUnhandledExceptionFilter,1_2_0048F44F
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0048F43D SetUnhandledExceptionFilter,1_2_0048F43D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeMemory allocated: page read and write | page guardJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_00485CEA GetLocalTime,GetSystemTime,GetTimeZoneInformation,1_2_00485CEA
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_004746B0 GetTimeZoneInformation,1_2_004746B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exeCode function: 1_2_0049ED70 GetVersion,GetProcessVersion,LoadCursorA,LoadCursorA,LoadCursorA,1_2_0049ED70

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		1
Process Injection		11
Masquerading		1
Input Capture		2
System Time Discovery		Remote Services1
Input Capture		11
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		12
Virtualization/Sandbox Evasion		LSASS Memory331
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Disable or Modify Tools		Security Account Manager12
Virtualization/Sandbox Evasion		SMB/Windows Admin Shares3
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
Obfuscated Files or Information		Cached Domain Credentials13
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Software Packing		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1393283 Sample: SecuriteInfo.com.Win32.Evo-... Startdate: 16/02/2024 Architecture: WINDOWS Score: 68 18 ui.ptlogin2.qq.com 2->18 20 t.captcha.qq.com 2->20 22 20 other IPs or domains 2->22 40 Multi AV Scanner detection for submitted file 2->40 42 Detected VMProtect packer 2->42 44 Sample is protected by VMProtect 2->44 46 Machine Learning detection for sample 2->46 7 SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe 3 39 2->7         started        11 chrome.exe 1 2->11         started        signatures3 process4 dnsIp5 24 ins-ojz90ij2.ias.tencent-cloud.net 129.226.103.162, 443, 49699, 49700 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN Singapore 7->24 26 ins-2n7ixenz.ias.tencent-cloud.net 129.226.106.26 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN Singapore 7->26 32 11 other IPs or domains 7->32 48 Hides threads from debuggers 7->48 50 Contains functionality to detect sleep reduction / modifications 7->50 28 192.168.2.7, 443, 49699, 49700 unknown unknown 11->28 30 239.255.255.250 unknown Reserved 11->30 13 chrome.exe 11->13         started        16 chrome.exe 11->16         started        signatures6 process7 dnsIp8 34 best.ovslegodl.sched.ovscdns.com 101.33.21.91 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN China 13->34 36 weixin.f1weixin.download.ettdnsv.com 119.28.165.18 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN China 13->36 38 42 other IPs or domains 13->38

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe39%ReversingLabsWin32.Trojan.Generic
SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe44%VirustotalBrowse
SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
ins-u4xprfqu.ias.tencent-cloud.net0%VirustotalBrowse
ins-yf1um8dh.ias.tencent-cloud.net0%VirustotalBrowse
gsylhj3x.ovslegodl.sched.ovscdns.com0%VirustotalBrowse
404984.d1.download.ettdnsv.com0%VirustotalBrowse
ins-ojz90ij2.ias.tencent-cloud.net0%VirustotalBrowse
301yjo64.sched.sma-dk.tdnsstic1.cn0%VirustotalBrowse
imgcache.qq.com.sched.legopic1.tdnsv6.com0%VirustotalBrowse
ins-2n7ixenz.ias.tencent-cloud.net0%VirustotalBrowse
best.ovslegodl.sched.ovscdns.com0%VirustotalBrowse
ins-diu1q33u.ias.tencent-cloud.net0%VirustotalBrowse
qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com0%VirustotalBrowse
weixin.f1weixin.download.ettdnsv.com0%VirustotalBrowse
404801.d1.download.ettdnsv.com0%VirustotalBrowse
any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com0%VirustotalBrowse
count.2881.com0%VirustotalBrowse
ins-ck07kq9h.ias.tencent-cloud.net0%VirustotalBrowse
qq-web-legacy.cdn-go.cn0%VirustotalBrowse
cdn-go.cn0%VirustotalBrowse
qq-web.cdn-go.cn0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/vip_ie.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-12.963691a2.png0%Avira URL Cloudsafe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/20/images/shouQ_v2/qr_tips.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-26.3e460242.png0%Avira URL Cloudsafe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/error_icon.pn0%Avira URL Cloudsafe
https://ssl.ptlogin2.ptqrshowqrlogin_step2qrlogin_step3qrlogin_step1onekey_step2:0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-22.77473c1b.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-13.f040bb44.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-6.1922815c.png0%Avira URL Cloudsafe
https://localhost.ptlogin2.ptui_qqprotect_querystatus_CB0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/library/latest/qqapi/qqapi.wk.js0%Avira URL Cloudsafe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_left_ie.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/vue-chunk-legacy.c1f73fbf.js0%Avira URL Cloudsafe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.js7r0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-logo-11.b87d994b.png0%Avira URL Cloudsafe
https://ssl.&auth_token=ptlogin2.&pt4_shttps=1superuinauth_nickauth_areaauth_uin/getface?appid=authH0%Avira URL Cloudsafe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.jsnsT0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-11.dabd0e54.png0%Avira URL Cloudsafe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/20/images/shouQ_v2/qr_t0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/vue-chunk.bc9c2585.js0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-28.cf48975b.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-2.47e8b6d6.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-11.1e3d5127.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-ql.44e6743e.png0%Avira URL Cloudsafe
http:///checkqq.com0%Avira URL Cloudsafe
https://ssl.ptlogin2.http://ptlogin2.0%Avira URL Cloudsafe
http://count.2881.com/count/count.asp?id=28688&sx=1&ys=430%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-4.8c005656.png0%Avira URL Cloudsafe
https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/theme/theme_0.css2~0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-jy.26b790ff.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/pc-legacy.3fcdcc55.js0%Avira URL Cloudsafe
https://ssl./ptgetimageptlogin2.captcha.http://check./getimagegdi0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/phone.55b5179d.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/user-profile.a6a93e4d.png0%Avira URL Cloudsafe
https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-10.de84dd3b.png0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
aegis.qq.com
43.137.221.145
truefalse
    		high
    ins-u4xprfqu.ias.tencent-cloud.net
    		129.226.106.210
    		truefalseunknown
    ins-azm2llib.ias.tencent-cloud.net
    		43.129.115.202
    		truefalse
      		unknown
      ins-yf1um8dh.ias.tencent-cloud.net
      		43.135.106.65
      		truefalseunknown
      ssd.tcdn.qq.com
      		203.205.137.236
      		truefalse
        		high
        gsylhj3x.ovslegodl.sched.ovscdns.com
        		43.152.136.177
        		truefalseunknown
        ssl.captcha.qq.com
        		157.255.220.168
        		truefalse
          		high
          imgcache.qq.com.sched.legopic1.tdnsv6.com
          		180.95.234.204
          		truefalseunknown
          www.google.com
          		142.251.41.4
          		truefalse
            		high
            404984.d1.download.ettdnsv.com
            		211.152.148.32
            		truefalseunknown
            301yjo64.sched.sma-dk.tdnsstic1.cn
            		116.148.161.158
            		truefalseunknown
            ins-ojz90ij2.ias.tencent-cloud.net
            		129.226.103.162
            		truefalseunknown
            localhost.sec.qq.com
            		0.0.0.1
            		truefalse
              		high
              ins-diu1q33u.ias.tencent-cloud.net
              		129.226.102.234
              		truefalseunknown
              accounts.google.com
              		142.250.31.84
              		truefalse
                		high
                ins-2n7ixenz.ias.tencent-cloud.net
                		129.226.106.26
                		truefalseunknown
                best.ovslegodl.sched.ovscdns.com
                		101.33.21.91
                		truefalseunknown
                qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com
                		180.95.234.249
                		truefalseunknown
                localhost.ptlogin2.qq.com
                		127.0.0.1
                		truefalse
                  		high
                  ins-swbr0hdo.ias.tencent-cloud.net
                  		129.226.107.134
                  		truefalse
                    		unknown
                    any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com
                    		203.205.136.80
                    		truefalseunknown
                    weixin.f1weixin.download.ettdnsv.com
                    		119.28.165.18
                    		truefalseunknown
                    404801.d1.download.ettdnsv.com
                    		211.152.148.32
                    		truefalseunknown
                    clients.l.google.com
                    		142.251.32.110
                    		truefalse
                      		high
                      ins-ck07kq9h.ias.tencent-cloud.net
                      		129.226.107.134
                      		truefalseunknown
                      txz.qq.com
                      		unknown
                      		unknownfalse
                        		high
                        static-res.qq.com
                        		unknown
                        		unknownfalse
                          		high
                          otheve.beacon.qq.com
                          		unknown
                          		unknownfalse
                            		high
                            im.qq.com
                            		unknown
                            		unknownfalse
                              		high
                              clients2.google.com
                              		unknown
                              		unknownfalse
                                		high
                                cdn-go.cn
                                		unknown
                                		unknownfalseunknown
                                report.qqweb.qq.com
                                		unknown
                                		unknownfalse
                                  		high
                                  ui.ptlogin2.qq.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    count.2881.com
                                    		unknown
                                    		unknownfalseunknown
                                    h.trace.qq.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      v.qq.com
                                      		unknown
                                      		unknownfalse
                                        		high
                                        clients1.google.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          qq-web-legacy.cdn-go.cn
                                          		unknown
                                          		unknownfalseunknown
                                          beacon.cdn.qq.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            imgcache.qq.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              captcha.gtimg.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                t.captcha.qq.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  qq-web.cdn-go.cn
                                                  		unknown
                                                  		unknownfalseunknown
                                                  ssl.ptlogin2.qq.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    vm.gtimg.cn
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      qzonestyle.gtimg.cn
                                                      		unknown
                                                      		unknownfalse
                                                        		high

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-12.963691a2.pngfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://static-res.qq.com/web/im.qq.com/qq9_introduction_poster.jpgfalse
                                                          		high
                                                          https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069908611&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1false
                                                            		high
                                                            https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/20/images/shouQ_v2/qr_tips.pngfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069980791&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1false
                                                              		high
                                                              https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-26.3e460242.pngfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ui.ptlogin2.qq.com/cross_proxy.htmlfalse
                                                                		high
                                                                https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-22.77473c1b.pngfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-13.f040bb44.pngfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-6.1922815c.pngfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://ui.ptlogin2.qq.com/style/0/images/load.giffalse
                                                                  		high
                                                                  https://qq-web.cdn-go.cn/library/latest/qqapi/qqapi.wk.jsfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_left_ie.pngfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://aegis.qq.com/collect/events?payload=%5B%7B%22name%22%3A%22QQ%E6%96%B0%E7%89%88%E5%AE%98%E7%BD%91%E9%A6%96%E9%A1%B5%E6%9B%9D%E5%85%89%22%2C%22ext1%22%3A%22%22%2C%22ext2%22%3A%22%22%2C%22ext3%22%3A%22%22%7D%5D&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=false
                                                                    		high
                                                                    https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000A83DEAB4AEfalse
                                                                      		high
                                                                      https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.cssfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-logo-11.b87d994b.pngfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://txz.qq.com/p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124false
                                                                        		high
                                                                        https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-11.dabd0e54.pngfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-28.cf48975b.pngfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/vue-chunk.bc9c2585.jsfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-11.1e3d5127.pngfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://qzonestyle.gtimg.cn/qzone/qzact/act/external/tiqq/logo.pngfalse
                                                                          		high
                                                                          https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-2.47e8b6d6.pngfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069920609&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1false
                                                                            		high
                                                                            https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                                                              		high
                                                                              https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-ql.44e6743e.pngfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://aegis.qq.com/speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=false
                                                                                		high
                                                                                https://captcha.gtimg.com/1/tcaptcha-frame.28d99140.jsfalse
                                                                                  		high
                                                                                  https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngfalse
                                                                                    		high
                                                                                    https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069947677&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1false
                                                                                      		high
                                                                                      https://static-res.qq.com/web/im.qq.com/qq9_1080.mp4false
                                                                                        		high
                                                                                        https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-4.8c005656.pngfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-jy.26b790ff.pngfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069938667&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1false
                                                                                          		high
                                                                                          https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/phone.55b5179d.pngfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://im.qq.com/index/false
                                                                                            		high
                                                                                            https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-10.de84dd3b.pngfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/user-profile.a6a93e4d.pngfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://ssl.ptlogin2.qq.com/ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069929617&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1false
                                                                                              		high

                                                                                              URLs from Memory and Binaries

                                                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                                                              https://imgcache.qq.com/ptlogin/v4/style/-FBSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.qq.com/products/14800GSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/error_icon.pnSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://ssl.captcha.qq.com/WSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.0000000006716000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://ui.ptlogin2.qq.com/js/c_login_2.js?v=v1.48.1hSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://ui.ptlogin2.qq.comSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479824242.0000000006714000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://im.qq.com/qq/2013/SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1523848309.000000000BCE6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598123299.000000000D24C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524915745.000000000BCEC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598239465.000000000D253000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524345151.000000000BCE9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524302918.000000000BCE8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1597411690.000000000D249000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598191395.000000000D24F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524953772.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481238626.00000000040A6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213258182.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524460217.000000000BCEA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3223495179.000000000D258000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598411134.000000000D257000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598060908.000000000D24B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598365305.000000000D256000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598287202.000000000D255000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1525076994.000000000BCEE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/vip_ie.pngSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://imgcache.qq.com/ptlogin/v4/style/20/images/c_icon_1.png:SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1591962360.000000000D168000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3222015698.000000000D171000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1592197150.000000000D16A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1592095565.000000000D169000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1592304570.000000000D170000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://ssl.ptlogin2.qq.com/ptqrshow?appid=21000124&e=2&l=M&s=3&d=72&v=4&t=0.07547320607663266&dSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509612400.000000000C3E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/zloirock/core-js/blob/v3.21.1/LICENSESecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221595705.000000000D0F7000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214829247.000000000BE20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_openSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598123299.000000000D24C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598239465.000000000D253000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1597411690.000000000D249000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598191395.000000000D24F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3217239435.000000000C552000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3223495179.000000000D258000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598411134.000000000D257000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598060908.000000000D24B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598365305.000000000D256000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481192889.00000000040FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1598287202.000000000D255000.00000004.00000800.00020000.00000000.sdmp, c_login_2[1].js0.1.drfalse
                                                                                                                  		high
                                                                                                                  https://t.captcha.qq.com/template/drag_ele.html22action%22%3A%22resize%22%2C%22width%22%3A4932C%22heSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3198878516.00000000023CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://imgcache.qq.com/ptlogin/v4/style/0/images/1.gifSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511830340.000000000BC62000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512022813.000000000BC64000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511792229.000000000BC61000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3212393934.000000000BC60000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512138028.000000000BC66000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511737035.000000000BC60000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1511923133.000000000BC63000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1512101104.000000000BC65000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://localhost.ptlogin2.ptui_qqprotect_querystatus_CBSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207489659.00000000043DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		low
                                                                                                                      https://ssl.ptlogin2.ptqrshowqrlogin_step2qrlogin_step3qrlogin_step1onekey_step2:SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214717360.000000000BE09000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		low
                                                                                                                      https://t.captcha.qq.com/template/drag_ele.htmlhttps://t.captcha.qq.com/template/drag_ele.htmldSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2546496798.000000000D38B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2576863106.000000000D38C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3226469755.000000000D388000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2546563110.000000000D38C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.2576834517.000000000D38B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://t.captcha.qq.com/template/drag_ele.html#.SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C47B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://ui.ptlogin2.qq.com/cgi-bin/report?id=2732844QSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1543605858.000000000ADF8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://ui.ptlogin2.qq.com/cgi-bin/report?id=2732844SSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://captcha.gtimg.com/1/tcaptcha-frame.28d99140.js6610m1SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000065D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://localhost.ptlogin2.qq.com:4303/pt_get_uins?callback=ptui_getuins_CB&r=0.6062235004893671&pt_SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/vue-chunk-legacy.c1f73fbf.jschromecache_293.7.dr, chromecache_232.7.drfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  https://ui.ptlogin2.qq.com/cgi-bin/report?id=2732844.SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.pngIE5SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000930000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://ui.ptlogin2.qq.com/cgi-bin/report?id=27328447SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.0000000006716000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.qq.com/products/14800rl.__onekeyUin)&.GSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1480037688.00000000065DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.js7rSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://localhost.ptlogin2.qq.com:4309/pt_get_uins?callback=ptui_getuins_CB&r=0.6062235004893671&pt_SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://isdspeed.qq.com/cgi-bin/r.cgi?http://isdspeed.qq.com/cgi-bin/r.cgi?SSOAxCtrlForPTLogin.SSOForSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213129379.000000000BCC0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1522781249.000000000BCC0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1522838396.000000000BCC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://pay.qq.com/qqvip/index.shtml?aid=vip.gongneng.other.red.dengluweb_wording2_openbackground:SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1523848309.000000000BCE6000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524915745.000000000BCEC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524345151.000000000BCE9000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524302918.000000000BCE8000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524953772.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213258182.000000000BCED000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524460217.000000000BCEA000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1525076994.000000000BCEE000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1524828698.000000000BCEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://ssl.&auth_token=ptlogin2.&pt4_shttps=1superuinauth_nickauth_areaauth_uin/getface?appid=authHSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213904584.000000000BD80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		low
                                                                                                                                                https://t.captcha.qq.com/SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://captcha.gtimg.com/1/dy-jy.jsgzSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.000000000094B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.jsnsTSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://captcha.gtimg.com/16SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.cSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509687562.000000000674F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://imgcache.qq.com/ptlogin/v4/style/40/images/icon_3_tiny.png...SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003998000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/20/images/shouQ_v2/qr_tSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509897175.000000000672F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://ui.ptlogin2.qq.com/style/SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1481192889.00000000040FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://global.captcha.gtimg.comSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213626713.000000000BD33000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://huatuospeed.weiyun.com/cgi-bin/r.cgi?NatKSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593332154.000000000D1C2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1593295684.000000000D1C0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3222573227.000000000D1C3000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207489659.00000000043E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://t.captcha.qq.com/cap_union_prehandleSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039AA000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360893014.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360494509.00000000039DD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360687228.00000000039EF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.00000000039ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360668344.0000000003A03000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360547866.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360526055.00000000039F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1360713700.00000000039D3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207397912.00000000043B0000.00000004.00000800.00020000.00000000.sdmp, login[1].htm.1.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://ui.ptlogin2.qq.com/cgi-bin/login?appSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1479757456.0000000006747000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000672D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000003.1509518558.0000000006742000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://t.captcha.qq.com/template/drag_ele.htmlhttps://t.captcha.qq.com/template/drag_ele.htmlSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214011274.000000000BDA8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://t.captcha.qq.com/template/drag_ele.html=1&ys=43TSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3198878516.00000000023C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http:///checkqq.comSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3225513953.000000000D321000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		low
                                                                                                                                                                        https://t.captcha.qq.com/template/drag_ele.htmlColorstr=#D8FFFFFFSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.000000000675A000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://ssl.ptlogin2.http://ptlogin2.SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207489659.00000000043DB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3225579973.000000000D327000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://count.2881.com/count/count.asp?id=28688&sx=1&ys=43SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3194925282.0000000000930000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://qq-web-legacy.cdn-go.cn/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/theme/theme_0.css2~SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003A35000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          http://cf.qq.com/act/a20130607zc/index.htmSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.000000000401A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206611129.0000000004034000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/pc-legacy.3fcdcc55.jschromecache_232.7.drfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://ssl.ptlogin2.qq.com/j_newreg_urllogin[1].htm.1.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://captcha-static-1258476245.cos.ap-guangzhou.myqcloud.com/img/noborder_six.pngNatKSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214920266.000000000BE42000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ssl./ptgetimageptlogin2.captcha.http://check./getimagegdiSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213904584.000000000BD80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://ui.ptlogin2.qq.com/style.ssl/40TSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3206375891.000000000401A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://im.qq.com/mobileqq/SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3205079010.0000000003970000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://t.captcha.qq.comSecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3216558884.000000000C3B0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214717360.000000000BE09000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3213626713.000000000BD24000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3221404970.000000000D02B000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3214829247.000000000BE20000.00000004.00000800.00020000.00000000.sdmp, drag_ele[1].htm.1.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://localhost.ptlogin2.qq.com:4305/pt_get_uins?callback=ptui_getuins_CB&r=0.6062235004893671&pt_SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe, 00000001.00000002.3207894833.00000000066E6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high

                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                        Public IPs

                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                        43.135.106.65
                                                                                                                                                                                        		ins-yf1um8dh.ias.tencent-cloud.netJapan4249LILLY-ASUSfalse
                                                                                                                                                                                        129.226.107.134
                                                                                                                                                                                        		ins-swbr0hdo.ias.tencent-cloud.netSingapore
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        129.226.102.234
                                                                                                                                                                                        		ins-diu1q33u.ias.tencent-cloud.netSingapore
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        42.177.83.63
                                                                                                                                                                                        		unknownChina
                                                                                                                                                                                        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                        203.205.136.80
                                                                                                                                                                                        		any.cdn-go.cn.sched.legopic2-dk.tdnsv6.comChina
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        211.152.148.32
                                                                                                                                                                                        		404984.d1.download.ettdnsv.comChina
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        142.251.40.132
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        129.226.106.26
                                                                                                                                                                                        		ins-2n7ixenz.ias.tencent-cloud.netSingapore
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        119.28.165.18
                                                                                                                                                                                        		weixin.f1weixin.download.ettdnsv.comChina
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        101.33.21.91
                                                                                                                                                                                        		best.ovslegodl.sched.ovscdns.comChina
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        43.137.221.145
                                                                                                                                                                                        		aegis.qq.comJapan4249LILLY-ASUSfalse
                                                                                                                                                                                        180.95.234.204
                                                                                                                                                                                        		imgcache.qq.com.sched.legopic1.tdnsv6.comChina
                                                                                                                                                                                        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                        180.95.234.249
                                                                                                                                                                                        		qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comChina
                                                                                                                                                                                        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                        43.152.136.177
                                                                                                                                                                                        		gsylhj3x.ovslegodl.sched.ovscdns.comJapan4249LILLY-ASUSfalse
                                                                                                                                                                                        116.148.161.158
                                                                                                                                                                                        		301yjo64.sched.sma-dk.tdnsstic1.cnChina
                                                                                                                                                                                        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                        43.129.115.202
                                                                                                                                                                                        		ins-azm2llib.ias.tencent-cloud.netJapan4249LILLY-ASUSfalse
                                                                                                                                                                                        129.226.103.123
                                                                                                                                                                                        		unknownSingapore
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        129.226.103.162
                                                                                                                                                                                        		ins-ojz90ij2.ias.tencent-cloud.netSingapore
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        61.241.148.229
                                                                                                                                                                                        		unknownChina
                                                                                                                                                                                        		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                                                                                        142.250.80.78
                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        203.205.137.236
                                                                                                                                                                                        		ssd.tcdn.qq.comChina
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        203.205.137.139
                                                                                                                                                                                        		unknownChina
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        211.152.148.45
                                                                                                                                                                                        		unknownChina
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        239.255.255.250
                                                                                                                                                                                        		unknownReserved
                                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                                        142.251.32.110
                                                                                                                                                                                        		clients.l.google.comUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        129.226.106.210
                                                                                                                                                                                        		ins-u4xprfqu.ias.tencent-cloud.netSingapore
                                                                                                                                                                                        		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                                                                                        157.255.220.168
                                                                                                                                                                                        		ssl.captcha.qq.comChina
                                                                                                                                                                                        		17623CNCGROUP-SZChinaUnicomShenzennetworkCNfalse
                                                                                                                                                                                        142.250.31.84
                                                                                                                                                                                        		accounts.google.comUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                        142.251.41.4
                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                        		15169GOOGLEUSfalse

                                                                                                                                                                                        Private

                                                                                                                                                                                        IP
                                                                                                                                                                                        192.168.2.7
                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                        General Information

                                                                                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                        Analysis ID:1393283
                                                                                                                                                                                        Start date and time:2024-02-16 08:50:08 +01:00
                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                        Overall analysis duration:0h 8m 22s
                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                        Report type:full
                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                        Run name:Run with higher sleep bypass
                                                                                                                                                                                        Number of analysed new started processes analysed:14
                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                        Technologies:
                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                        Sample name:SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                        Classification:mal68.evad.winEXE@18/371@70/31
                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                        • Successful, ratio: 97%
                                                                                                                                                                                        • Number of executed functions: 276
                                                                                                                                                                                        • Number of non-executed functions: 249
                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                        Warnings

                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 72.21.81.240, 192.229.211.108, 142.250.65.195, 34.104.35.123, 142.251.41.10, 142.251.40.170, 142.251.32.106, 142.251.40.202, 142.250.65.234, 142.251.40.106, 172.217.165.138, 142.251.35.170, 142.250.81.234, 142.251.40.138, 142.250.65.170, 142.250.72.106, 142.250.64.106, 142.250.80.10, 142.250.65.202, 142.251.40.234, 142.250.80.99
                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                        Simulations

                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                        No simulations

                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                        IPs

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                        211.152.148.32buding.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            SecuriteInfo.com.Win32.Evo-gen.10471.19957.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              43.135.106.65buding.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                129.226.107.134SecuriteInfo.com.Win32.BackdoorX-gen.29330.26736.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • ptlogin2.qq.com/getimage
                                                                                                                                                                                                SecuriteInfo.com.Win32.Evo-gen.25243.12011.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • check.ptlogin2.qq.com/check?uin=749041304&appid=15000101&ptlang=2052&r=0.14332994706818808
                                                                                                                                                                                                buding.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • txz.qq.com/p?k=xLGz5DS8UljQ2Am0AEtWOUQGKZpkYi6I&f=715030901
                                                                                                                                                                                                SecuriteInfo.com.Win32.Evo-gen.10471.19957.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • txz.qq.com/p?k=gZXdMoly4g4bkPyoAAiDwXfSfT7ChSjT&f=37000201
                                                                                                                                                                                                vfKkwM2QFU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • txz.qq.com/p?k=2cUcT-UVwZ4VGoaoGO2TA3htuJgPar6d&f=715030901
                                                                                                                                                                                                1qpNajxly5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • txz.qq.com/p?k=Yh*svW7H25yvaespiIXzpxeba35tLsI3&f=715030901
                                                                                                                                                                                                ZxvxicUcnL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • txz.qq.com/p?k=kgs8mIAnczbLmqV1a*nqDp1Vk5oqN-6z&f=715030901
                                                                                                                                                                                                9frujh3fhU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • txz.qq.com/p?k=1FghAza71RuNqYzfZG0bPJ--MaE-e*b8&f=715030901
                                                                                                                                                                                                XUvyH9PDhe.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                • txz.qq.com/p?k=hQq1C9KkhJWLKsQY-Lh1qtMpEi7oc2dQ&f=715030901
                                                                                                                                                                                                129.226.102.234kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  SecuriteInfo.com.Win32.Evo-gen.10471.19957.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    G9NCnBiMys.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      1qpNajxly5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        APKPure_v3.18.7504_apkpure.com.apkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          203.205.136.80kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            SecuriteInfo.com.Win32.Evo-gen.10471.19957.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              vfKkwM2QFU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                https://ggww2r.s3.us-east-005.backblazeb2.com/gw.html?email=jheldman-beck@rowmark.com&data=05%7C01%7Cjasons@rowmark.com%7C5583c52937974b791c4c08db1c2f1c9f%7Ce781f431b25a4ad48063c460fa0f0592%7C0%7C0%7C638134760891561855%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=%7C3000%7C%7C%7C&sdata=zwTKd1W0DiNIcLQVVrv2H6I17do9BY16PujYWjMPj/c=&reserved=0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  9frujh3fhU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    2TNI4tecBe.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      https://www.myxgzd.cn/Ge2YzsKgsX.php?LH9IC187Q4GS1FSV2TD0UNRO0UXTZC02/linksubmit.htmlGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        gsylhj3x.ovslegodl.sched.ovscdns.comhttps://xtrfr.com/t/1/m3Pie6?p=1kpU6RLi7-6Nokodwk_1kpU72q8p-6NokeXlWGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 128.14.246.120
                                                                                                                                                                                                                        buding.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 101.33.20.249
                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Evo-gen.10471.19957.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 128.14.246.120
                                                                                                                                                                                                                        vfKkwM2QFU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.152.140.102
                                                                                                                                                                                                                        G9NCnBiMys.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.132.66.50
                                                                                                                                                                                                                        1qpNajxly5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.152.29.20
                                                                                                                                                                                                                        ins-azm2llib.ias.tencent-cloud.netbuding.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.129.115.202
                                                                                                                                                                                                                        aegis.qq.combuding.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.137.221.145
                                                                                                                                                                                                                        kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.137.221.145
                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Evo-gen.10471.19957.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.137.221.145
                                                                                                                                                                                                                        vfKkwM2QFU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.137.221.145
                                                                                                                                                                                                                        https://rp.mockplus.com/run/jsTKTZ1Gjc/wanVsdthpp/_d6UKKwfoe?nav=0&cps=hide&rps=hide&ha=0&la=0&fc=0&out=0&rt=0&%20Please%20view%20%E3%80%8AJill%20Ganser%20shared%20a%20document%E3%80%8B&c=E,1,jAKDP2hRRG-Reds9wsicS5bjnzW6ih9Upw6mpi6TXvW7K5KcQB53pwZ91ZLXZ5SjKdUgsOdEyFcD9NfB7-bFMq_R10dHWZE54eOqlgliZQqIIzIpS-BMKQ,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.137.221.145
                                                                                                                                                                                                                        https://app.mockplus.com/e/Y95zEu95PGxWGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.137.221.145
                                                                                                                                                                                                                        G9NCnBiMys.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.137.221.145
                                                                                                                                                                                                                        https://app.mockplus.com/e/-vGbHPGk4c0wGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.137.221.145
                                                                                                                                                                                                                        https://rp.mockplus.com/run/rMiMtrfBcL/AUMR9gPQ2Z/oKTHNHqQfi?nav=0&cps=hide&rps=hide&rt=0&la=0&out=0&ha=0&dt=none&%20Please%20view%20%22invoice%22Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 43.137.221.145
                                                                                                                                                                                                                        ssd.tcdn.qq.combuding.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 203.205.137.236
                                                                                                                                                                                                                        kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 203.205.137.236
                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Evo-gen.10471.19957.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 203.205.137.236
                                                                                                                                                                                                                        vfKkwM2QFU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 203.205.137.236
                                                                                                                                                                                                                        ins-u4xprfqu.ias.tencent-cloud.netbuding.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 129.226.103.123
                                                                                                                                                                                                                        kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 129.226.106.210
                                                                                                                                                                                                                        SecuriteInfo.com.Win32.Evo-gen.10471.19957.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 129.226.103.123
                                                                                                                                                                                                                        vfKkwM2QFU.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 129.226.106.210
                                                                                                                                                                                                                        https://rp.mockplus.com/run/jsTKTZ1Gjc/wanVsdthpp/_d6UKKwfoe?nav=0&cps=hide&rps=hide&ha=0&la=0&fc=0&out=0&rt=0&%20Please%20view%20%E3%80%8AJill%20Ganser%20shared%20a%20document%E3%80%8B&c=E,1,jAKDP2hRRG-Reds9wsicS5bjnzW6ih9Upw6mpi6TXvW7K5KcQB53pwZ91ZLXZ5SjKdUgsOdEyFcD9NfB7-bFMq_R10dHWZE54eOqlgliZQqIIzIpS-BMKQ,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 129.226.103.123
                                                                                                                                                                                                                        https://app.mockplus.com/e/Y95zEu95PGxWGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 129.226.106.210
                                                                                                                                                                                                                        G9NCnBiMys.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 129.226.103.123
                                                                                                                                                                                                                        https://app.mockplus.com/e/-vGbHPGk4c0wGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 129.226.106.210
                                                                                                                                                                                                                        https://rp.mockplus.com/run/rMiMtrfBcL/AUMR9gPQ2Z/oKTHNHqQfi?nav=0&cps=hide&rps=hide&rt=0&la=0&out=0&ha=0&dt=none&%20Please%20view%20%22invoice%22Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 129.226.106.210
                                                                                                                                                                                                                        ins-yf1um8dh.ias.tencent-cloud.netbuding.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        kDTGTVIHAr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.135.106.77

                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNKvg63GJkQt.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 101.34.126.92
                                                                                                                                                                                                                        Sgrlaw Tuesday February 2024 .htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 49.51.54.104
                                                                                                                                                                                                                        https://nhw5pb718aifi-1324239560.cos.ap-mumbai.myqcloud.com/nhw5pb718aifi.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 101.32.231.20
                                                                                                                                                                                                                        https://www.canva.com/design/DAF8lQNhuKc/Nx9tuBKvBLT-yhTPajgUFg/view?utm_content=DAF8lQNhuKc&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 101.32.231.20
                                                                                                                                                                                                                        https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbU1CcXZZMzBCNGF5bWp3dml0VXZWYzE1NjI4d3xBQ3Jtc0trTnp1VG8zTHl0MzdqYTFKSjcxOVhScGo2YS1RNzk3cmk4ZWhlWDYzSzN6dEFkRDRNZnpyVUszU2Fyd1g3OWItdWdMT09XT1ctNl9LdXVBWE5MY2ZWYjRSSEszOHMzanNETWJUbnQydV9uNjlkWDdjVQ&q=http%3A%2F%2Fkilox.online/Bigge/Bigge/Bigge#Mcarden@Bigge.Com##Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                                                                                                                                                                        • 162.62.150.187
                                                                                                                                                                                                                        8985400443_12022024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                        • 124.156.166.165
                                                                                                                                                                                                                        k3arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 101.34.175.168
                                                                                                                                                                                                                        d4dtHo2bNn.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 101.32.124.110
                                                                                                                                                                                                                        https://www.canva.com/design/DAF8OGGfhO8/R6YCNNVrsg2_7X2EE7u58g/view?utm_c_ontent_=DAF8OGGfhO8&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 49.51.54.104
                                                                                                                                                                                                                        TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNKvg63GJkQt.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 101.34.126.92
                                                                                                                                                                                                                        Sgrlaw Tuesday February 2024 .htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 49.51.54.104
                                                                                                                                                                                                                        https://nhw5pb718aifi-1324239560.cos.ap-mumbai.myqcloud.com/nhw5pb718aifi.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 101.32.231.20
                                                                                                                                                                                                                        https://www.canva.com/design/DAF8lQNhuKc/Nx9tuBKvBLT-yhTPajgUFg/view?utm_content=DAF8lQNhuKc&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 101.32.231.20
                                                                                                                                                                                                                        https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbU1CcXZZMzBCNGF5bWp3dml0VXZWYzE1NjI4d3xBQ3Jtc0trTnp1VG8zTHl0MzdqYTFKSjcxOVhScGo2YS1RNzk3cmk4ZWhlWDYzSzN6dEFkRDRNZnpyVUszU2Fyd1g3OWItdWdMT09XT1ctNl9LdXVBWE5MY2ZWYjRSSEszOHMzanNETWJUbnQydV9uNjlkWDdjVQ&q=http%3A%2F%2Fkilox.online/Bigge/Bigge/Bigge#Mcarden@Bigge.Com##Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                                                                                                                                                                        • 162.62.150.187
                                                                                                                                                                                                                        8985400443_12022024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                        • 124.156.166.165
                                                                                                                                                                                                                        k3arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 101.34.175.168
                                                                                                                                                                                                                        d4dtHo2bNn.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 101.32.124.110
                                                                                                                                                                                                                        https://www.canva.com/design/DAF8OGGfhO8/R6YCNNVrsg2_7X2EE7u58g/view?utm_c_ontent_=DAF8OGGfhO8&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 49.51.54.104
                                                                                                                                                                                                                        TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNKvg63GJkQt.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 101.34.126.92
                                                                                                                                                                                                                        Sgrlaw Tuesday February 2024 .htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 49.51.54.104
                                                                                                                                                                                                                        https://nhw5pb718aifi-1324239560.cos.ap-mumbai.myqcloud.com/nhw5pb718aifi.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 101.32.231.20
                                                                                                                                                                                                                        https://www.canva.com/design/DAF8lQNhuKc/Nx9tuBKvBLT-yhTPajgUFg/view?utm_content=DAF8lQNhuKc&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 101.32.231.20
                                                                                                                                                                                                                        https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbU1CcXZZMzBCNGF5bWp3dml0VXZWYzE1NjI4d3xBQ3Jtc0trTnp1VG8zTHl0MzdqYTFKSjcxOVhScGo2YS1RNzk3cmk4ZWhlWDYzSzN6dEFkRDRNZnpyVUszU2Fyd1g3OWItdWdMT09XT1ctNl9LdXVBWE5MY2ZWYjRSSEszOHMzanNETWJUbnQydV9uNjlkWDdjVQ&q=http%3A%2F%2Fkilox.online/Bigge/Bigge/Bigge#Mcarden@Bigge.Com##Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                                                                                                                                                                        • 162.62.150.187
                                                                                                                                                                                                                        8985400443_12022024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                        • 124.156.166.165
                                                                                                                                                                                                                        k3arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 101.34.175.168
                                                                                                                                                                                                                        d4dtHo2bNn.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 101.32.124.110
                                                                                                                                                                                                                        https://www.canva.com/design/DAF8OGGfhO8/R6YCNNVrsg2_7X2EE7u58g/view?utm_c_ontent_=DAF8OGGfhO8&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 49.51.54.104
                                                                                                                                                                                                                        LILLY-ASUSla.bot (1).mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 40.42.225.108
                                                                                                                                                                                                                        klTP7Pmqg6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 40.41.98.51
                                                                                                                                                                                                                        D9guGLReiK.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 40.204.141.228
                                                                                                                                                                                                                        jihIfXyawu.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.48.102.116
                                                                                                                                                                                                                        1i6AYlf1Wy.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.151.82.207
                                                                                                                                                                                                                        Y5fP9NxwCZ.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 42.221.169.170
                                                                                                                                                                                                                        MGQwnoKsQp.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 43.218.30.148
                                                                                                                                                                                                                        ingxqWafxG.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 40.54.211.185
                                                                                                                                                                                                                        28Xb84iqN9.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 40.224.192.174
                                                                                                                                                                                                                        CHINA169-BACKBONECHINAUNICOMChina169BackboneCNhttps://app.adjust.com/97grly?label=2ch_002&redirect=//baidu%E3%80%82com///link?url=5y3O_X4uINeCOlVhmJglG4RJJ8jUTek67P5WUZDNvqx1QPLK6shCMg-103MQY0d8&wd#.VmFuZGVuYnVsY2tlLkFsZXhpc0BkZW1lLWdyb3VwLmNvbQ==Get hashmaliciousFake CaptchaBrowse
                                                                                                                                                                                                                        • 110.242.68.66
                                                                                                                                                                                                                        la.bot (1).mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 58.245.223.28
                                                                                                                                                                                                                        klTP7Pmqg6.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 124.165.236.182
                                                                                                                                                                                                                        ji5zq1gsV7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 58.20.181.244
                                                                                                                                                                                                                        Kvg63GJkQt.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 122.193.41.36
                                                                                                                                                                                                                        D9guGLReiK.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                        • 61.52.122.184
                                                                                                                                                                                                                        jihIfXyawu.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 101.27.137.81
                                                                                                                                                                                                                        1i6AYlf1Wy.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 125.40.119.241
                                                                                                                                                                                                                        Y5fP9NxwCZ.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 39.85.149.213

                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        1138de370e523e824bbca92d049a3777https://t.co/WS7uB7aCWLGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        https://daikennzl-my.sharepoint.com/:b:/g/personal/pwesthuizen_daikin_co_nz/ESV1kCW0GWpNncWyZwwzzNcBeC81Me2AA5iWZPObtHU2FA?e=8NvYrGGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        Email_Friendly reminder we need information fr.smail.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        https://cr-agrcl-fr.pages.dev/robots.txtGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        https://bonfire-ljhcord.pages.dev/robots.txtGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        https://selenaescobar.autos/rebalancing/spoke/?box=redGet hashmaliciousTechSupportScamBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        http://reviveivmn.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        https://edjnakqkssnmjn.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        https://inlook.fi/?s=%22%2F%3C%2Fscript%3E%3Cscript%3Ewindow%5B%27location%27%5D%5B%27replace%27%5D%28%5B%27h%27%2C%27t%27%2C%27t%27%2C%27p%27%2C%27s%27%2C%27%3A%27%2C%27%2F%27%2C%27%2F%27%2C%27j%27%2C%27i%27%2C%27n%27%2C%27x%27%2C%27m%27%2C%27u%27%2C%27x%27%2C%27.%27%2C%27c%27%2C%27o%27%2C%27m%27%2C%27%2F%27%2C%271%27%2C%270%27%2C%270%27%2C%278%27%2C%273%27%2C%275%27%2C%27e%27%2C%274%27%2C%27e%27%2C%275%27%2C%27d%27%2C%278%27%2C%275%27%2C%274%27%2C%27e%27%2C%274%27%2C%278%27%2C%270%27%2C%270%27%5D%5B%27join%27%5D%28%27%27%29%29%2Cdocument%5B%27body%27%5D%5B%27style%27%5D%5B%27opacity%27%5D%3D0x0%3B%3C%2Fscript%3EGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        https://s2revent.com/loginGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 104.98.116.138
                                                                                                                                                                                                                        28a2c9bd18a11de089ef85a160da29e4https://app.adjust.com/97grly?label=2ch_002&redirect=//baidu%E3%80%82com///link?url=5y3O_X4uINeCOlVhmJglG4RJJ8jUTek67P5WUZDNvqx1QPLK6shCMg-103MQY0d8&wd#.SEwtRk9VLU9TU0BjZHdlLmNvbS50dw==Get hashmaliciousFake Captcha, HTMLPhisherBrowse
                                                                                                                                                                                                                        • 23.51.58.94
                                                                                                                                                                                                                        • 52.165.165.26
                                                                                                                                                                                                                        • 20.114.59.183
                                                                                                                                                                                                                        https://app.adjust.com/97grly?label=2ch_002&redirect=//baidu%E3%80%82com///link?url=5y3O_X4uINeCOlVhmJglG4RJJ8jUTek67P5WUZDNvqx1QPLK6shCMg-103MQY0d8&wd#.VmFuZGVuYnVsY2tlLkFsZXhpc0BkZW1lLWdyb3VwLmNvbQ==Get hashmaliciousFake CaptchaBrowse
                                                                                                                                                                                                                        • 23.51.58.94
                                                                                                                                                                                                                        • 52.165.165.26
                                                                                                                                                                                                                        • 20.114.59.183
                                                                                                                                                                                                                        https://t.co/WS7uB7aCWLGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.51.58.94
                                                                                                                                                                                                                        • 52.165.165.26
                                                                                                                                                                                                                        • 20.114.59.183
                                                                                                                                                                                                                        https://0xc6351e2f329b8e57a3e5474a18e85f9c4a9c33809.us-lax-1.linodeobjects.com/global.html#ZnJhbmsuam9uZXNAZmJpLmdvdgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.51.58.94
                                                                                                                                                                                                                        • 52.165.165.26
                                                                                                                                                                                                                        • 20.114.59.183
                                                                                                                                                                                                                        https://daikennzl-my.sharepoint.com/:b:/g/personal/pwesthuizen_daikin_co_nz/ESV1kCW0GWpNncWyZwwzzNcBeC81Me2AA5iWZPObtHU2FA?e=8NvYrGGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.51.58.94
                                                                                                                                                                                                                        • 52.165.165.26
                                                                                                                                                                                                                        • 20.114.59.183
                                                                                                                                                                                                                        http://www.eatdrink.myGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.51.58.94
                                                                                                                                                                                                                        • 52.165.165.26
                                                                                                                                                                                                                        • 20.114.59.183
                                                                                                                                                                                                                        Email_Friendly reminder we need information fr.smail.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 23.51.58.94
                                                                                                                                                                                                                        • 52.165.165.26
                                                                                                                                                                                                                        • 20.114.59.183
                                                                                                                                                                                                                        https://googleads.g.doubleclick.net/aclk?sa=L&ai=CtkeTfiY3U-OCFKWZ6gHqp4Bgrde-ygTV1dzijgHljYq_ARABIOP7kwNQ8s356f______AWDJvrmH4KO0EMgBBOACAKgDAZgEBaoE0wFP0O_sy-dlPQorN6547e8BvCnei37uE02aNjbAJ55dZ-Ksy5Zpki8gnA79mxDW7zWCI0T2smHHp-1KpN6ue8dUCxgimgsuE-PHDFK_qMfk9eYUCvV37D1eCOE0xvGD-tjr76SC9HFe8p8k6iXQ7FZNaZU2388us_nLcTOZ-GzTODRtsEPUbCVGaqcCZAAfYm0ak6VUGyXfsuG1Cq-7v8ZP8cxMQUiEzF-U_KDd1e1Yz3aGE1fQ2Ayb02p_H39grjLKKhLnmFPm0-Tp5M1nCEXqqcLY4AQBoAYZgAf167gv&num=1&sig=AOD64_05GO1ktK4Uf_f13CPZ8wPTzxI4aA&client=ca-pub-6219811747049371&adurl=//immutable-zkevm.com/documents/#david.matheson@jjswaste.com.au&c=E,1,Mtb3RomTXu585k1QqCAVdGmaBpoCTz2Tw56vF1qsZheC8KHc-8tdOTXDb2rx44Urze35KW5fmXvIxG4FI74kRRDa5D5cFZl7_ByiZW9_cFwv5G_5Fg,,&typo=1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                        • 23.51.58.94
                                                                                                                                                                                                                        • 52.165.165.26
                                                                                                                                                                                                                        • 20.114.59.183
                                                                                                                                                                                                                        https://microprogram11.netlify.app/winjspxl077/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 23.51.58.94
                                                                                                                                                                                                                        • 52.165.165.26
                                                                                                                                                                                                                        • 20.114.59.183
                                                                                                                                                                                                                        37f463bf4616ecd445d4a1937da06e19https://landofmedicine.com/zfacturass.phpGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        • 129.226.107.134
                                                                                                                                                                                                                        • 129.226.106.26
                                                                                                                                                                                                                        • 129.226.103.162
                                                                                                                                                                                                                        • 180.95.234.204
                                                                                                                                                                                                                        • 157.255.220.168
                                                                                                                                                                                                                        • 203.205.136.80
                                                                                                                                                                                                                        PO20152024.scr.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        • 129.226.107.134
                                                                                                                                                                                                                        • 129.226.106.26
                                                                                                                                                                                                                        • 129.226.103.162
                                                                                                                                                                                                                        • 180.95.234.204
                                                                                                                                                                                                                        • 157.255.220.168
                                                                                                                                                                                                                        • 203.205.136.80
                                                                                                                                                                                                                        reports_02.15.2024_2.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        • 129.226.107.134
                                                                                                                                                                                                                        • 129.226.106.26
                                                                                                                                                                                                                        • 129.226.103.162
                                                                                                                                                                                                                        • 180.95.234.204
                                                                                                                                                                                                                        • 157.255.220.168
                                                                                                                                                                                                                        • 203.205.136.80
                                                                                                                                                                                                                        VNCViewer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        • 129.226.107.134
                                                                                                                                                                                                                        • 129.226.106.26
                                                                                                                                                                                                                        • 129.226.103.162
                                                                                                                                                                                                                        • 180.95.234.204
                                                                                                                                                                                                                        • 157.255.220.168
                                                                                                                                                                                                                        • 203.205.136.80
                                                                                                                                                                                                                        additional_details.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        • 129.226.107.134
                                                                                                                                                                                                                        • 129.226.106.26
                                                                                                                                                                                                                        • 129.226.103.162
                                                                                                                                                                                                                        • 180.95.234.204
                                                                                                                                                                                                                        • 157.255.220.168
                                                                                                                                                                                                                        • 203.205.136.80
                                                                                                                                                                                                                        additional_details.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        • 129.226.107.134
                                                                                                                                                                                                                        • 129.226.106.26
                                                                                                                                                                                                                        • 129.226.103.162
                                                                                                                                                                                                                        • 180.95.234.204
                                                                                                                                                                                                                        • 157.255.220.168
                                                                                                                                                                                                                        • 203.205.136.80
                                                                                                                                                                                                                        lods.cmdGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        • 129.226.107.134
                                                                                                                                                                                                                        • 129.226.106.26
                                                                                                                                                                                                                        • 129.226.103.162
                                                                                                                                                                                                                        • 180.95.234.204
                                                                                                                                                                                                                        • 157.255.220.168
                                                                                                                                                                                                                        • 203.205.136.80
                                                                                                                                                                                                                        VESSEL PARTICULARS & INSTRUCTIONS_docx.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        • 129.226.107.134
                                                                                                                                                                                                                        • 129.226.106.26
                                                                                                                                                                                                                        • 129.226.103.162
                                                                                                                                                                                                                        • 180.95.234.204
                                                                                                                                                                                                                        • 157.255.220.168
                                                                                                                                                                                                                        • 203.205.136.80
                                                                                                                                                                                                                        20240220 - SF PARQUET SERVICE 06.02.2024.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                                                        • 43.152.136.177
                                                                                                                                                                                                                        • 43.135.106.65
                                                                                                                                                                                                                        • 129.226.107.134
                                                                                                                                                                                                                        • 129.226.106.26
                                                                                                                                                                                                                        • 129.226.103.162
                                                                                                                                                                                                                        • 180.95.234.204
                                                                                                                                                                                                                        • 157.255.220.168
                                                                                                                                                                                                                        • 203.205.136.80

                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                        No context

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\VBN56X2F\t.captcha.qq[1].xml

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                        Entropy (8bit):2.469670487371862
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:D90aKb:JFKb
                                                                                                                                                                                                                        MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
                                                                                                                                                                                                                        SHA1:35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
                                                                                                                                                                                                                        SHA-256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
                                                                                                                                                                                                                        SHA-512:6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                                                        Preview:<root></root>

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):49120
                                                                                                                                                                                                                        Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:Ztt:T
                                                                                                                                                                                                                        MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                                        SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                                        SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                                        SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\drag_ele[1].htm

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (61544)
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):63209
                                                                                                                                                                                                                        Entropy (8bit):6.029906994743719
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:7+9WOsu6F6Uum6pcOX+1KRcAiD9ano8F/OiuYXq0mBcCYdBaunU3WbjIsrInU3gP:ecOXpVDoT064suUmPIrUQ0MadK
                                                                                                                                                                                                                        MD5:E28A649FC62E600876EA64AC97E32D5F
                                                                                                                                                                                                                        SHA1:BFE983B36BB4BF43B122FE41AD0F2ED5C8AB521A
                                                                                                                                                                                                                        SHA-256:B2891DA06390147CE9F4E381D473FEDDB9BDC5D2D7845971A0FCD0BC2132E57F
                                                                                                                                                                                                                        SHA-512:239AB20CCDD8BD9A5EE7C1FE4921B8815F521744EFA0F060A34C74BDAB3BCC686A3F5FAFE5680BBEA6AD57EBC568B58FD36F9D822960BCEBF3B1AC34433EC3CF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Preview:<!DOCTYPE html><html lang="mul"><head><meta charset="UTF-8"><meta name="renderer" content="webkit"><title>...</title><script type="text/javascript">window.Set="undefined"!=typeof Set?Set:function(){};var apiDomain=window.name,matched=!1;if(apiDomain){matches=[/localhost/,/trpc-test\.captcha\.qq\.com/,/t\.captcha\.qq\.com/,/sg\.captcha\.qcloud\.com/,/captcha\.wechatpay\.cn/,/captcha\.myqcloud\.com/,/t\.captcha\.qcloud\.com/,/t-captcha\.gjacky\.com/,/mp\.ssl\.captcha\.qq\.com/,/captcha\.cloudcachetci\.com/];for(var i=0;i<matches.length;i++){var matchReg=matches[i];if(apiDomain.match(matchReg)){matched=!0;break}}}window.TCaptchaApiDomain=matched?apiDomain:"https://t.captcha.qq.com"</script> [if lte IE 7]>. <style>. .tcaptcha-embed-contrl{. margin-left: 5px !important;. }. .tcaptcha-embed .verify-btn{. margin-left: 5px !important;. }. .tc-action--normal, .tc-action--aged{. display: inline !important;. zoom:1 !important;. }. </style>. <![endi

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\dy-ele.b2eedcdd[1].js

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):167405
                                                                                                                                                                                                                        Entropy (8bit):5.686708972768293
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:pxcYMs2Dozqh1KISgSfy+Nv0Vd9yHYyq6ppMayWdwb:Tzqh1KIlyy+N0yZ7ACwb
                                                                                                                                                                                                                        MD5:6971992C672B34568DCA8F57414037F3
                                                                                                                                                                                                                        SHA1:8300353561D132920827DA8621C71279BE7894B1
                                                                                                                                                                                                                        SHA-256:40FEE6FD9E020FB88B09F7F95524F0803C05A7E7A528FF6FA6718819D1D542E8
                                                                                                                                                                                                                        SHA-512:CC0E11AA8DCF41CE013EEED716E6CC77D9353A77AD6296E6744ED667BA40EDA354000D844172507B263501AAD5BE6B61BC31627616EF7EC4409B152C396DF59B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Preview:!function(t){var e={};function r(i){if(e[i])return e[i].exports;var n=e[i]={i:i,l:!1,exports:{__esModule: undefined}};return t[i].call(n.exports,n,n.exports,r),n.l=!0,n.exports}r.m=t,r.c=e,r.d=function(t,e,i){r.o(t,e)||Object.defineProperty(t,e,{enumerable:!0,get:i})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,e){if(1&e&&(t=r(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var i=Object.create(null);if(r.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var n in t)r.d(i,n,function(e){return t[e]}.bind(null,n));return i},r.n=function(t){var e=t&&t.__esModule?function(){return t["default"]}:function(){return t};return r.d(e,"a",e),e},r.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},r.p="",r(r.s=93)}([function(t,e,r){"use strict";var i=this&&this.__createBinding||

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\dy-jy[1].js

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (32039)
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):97336
                                                                                                                                                                                                                        Entropy (8bit):5.3730081067674185
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:PYE1JVoiB9JqZdXXe2pD3PgoIK6alrUdTJbFk/zkZ4HWLZoHsrOa99TwkEb7/Hph:+4KZ+u3WLZICOaLTwkE7qD1Pa7a98Hrn
                                                                                                                                                                                                                        MD5:303DBB4B8A1E11044ED428151F047B12
                                                                                                                                                                                                                        SHA1:40CA3AF69B27DC5EE2CED371CB06711A4D5AF653
                                                                                                                                                                                                                        SHA-256:91068663FEE39B77CFB4474D80593B810FD77151F9B74758A77B5E1FCBBFA33A
                                                                                                                                                                                                                        SHA-512:38451379C622228EBB0226553705B0AA425010C6CBA1290C272C1A1185B3ECD4A37893D7CB60F255D6A3CD0244DA50ED29DC34122116FCE865C8CBA4707BAD9D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.1",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return this.pushStack(e.apply(this,a

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\go_left_ie[1].png

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:PNG image data, 12 x 21, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):488
                                                                                                                                                                                                                        Entropy (8bit):7.40655677793515
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:6v/7g8RGs+uiaXCiwDSxE3ky42zR9OgFob9gpgC7YtQ6ZS0+:GpXCiRaj42zMJgOxQ6S0+
                                                                                                                                                                                                                        MD5:DC7FD3BB66140C9FB9312C190BEFEACD
                                                                                                                                                                                                                        SHA1:41BD64F34ADA65BD6D25D92FB7DF10B3563E1E16
                                                                                                                                                                                                                        SHA-256:93B531A7192FB8B7997B4756658B230A549357C76BF9E7DF5EAFECE127473E27
                                                                                                                                                                                                                        SHA-512:5E85EFB45C5F10A2D0EB356662AA71341BD392CB54887408D9D521095C4EF71836BABA8B4BD0364F09BDD994D5B5C90FAB03383B69E96A623C90FA03C8C1A199
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............r.......sRGB.........IDAT8O.S.j.A.=wv. .q.&....!.......QX...@.F...U*..b53+.7.q.H!08..Q....H@.D$.......Z)S.{.s.y..xB.e.....y.J.U._...p...<o.....+...3..f..h4..X.p=...J...H@....Z..x......+....?...6......a.X......y.1.K..<..>...?........x<>...N'.n.G.Y....'Dt.4.8..g.MJ).c..c.....!).......s.>OH.Bp...."..\.....!\AJyDDS.z..q.Z.G.....{.........H...s....A&..D*..]..m.&.R2.|.N..#...j...8~.&n...9....z...,..<0.v.&.u.7.m_...G.X..S(.....A..+v....IEND.B`.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\icon_24_c_3[1].png

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:PNG image data, 274 x 355, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9532
                                                                                                                                                                                                                        Entropy (8bit):7.939964694799824
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:xaPqSCzK2Wbfz+zqsQSgENNolXBIYPBXybhFl9kO5glXTewb3Yi4wkitNlC:+2u2QrgqsdjmXB95ybhPJgBCwb3awtNk
                                                                                                                                                                                                                        MD5:4FF0D1008075A82E9A030B7F2F8927C0
                                                                                                                                                                                                                        SHA1:B9C634F9D35C7735CF5798225952ABC646BEA8B4
                                                                                                                                                                                                                        SHA-256:57DE6C0087C6E8FF15C2AD6205E85A7751D959B11F28D93B65B08798B96D538B
                                                                                                                                                                                                                        SHA-512:366571FD880B245174E06E51B52993E763E2E2F29189D1C31642D5B21D681DBFA0FC4392DA49F732BCE0C83DAF9C5B6385408A0E0EECDA536E8C06B817489D58
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.......c......tu....PLTE..............,.....m.&<................3...........g.".!.,...l.$........u.........\...............x}~~..!...Z.....................................................&..(..'..$..%..'.....$..'.."..".."..$..$.|...0..2.............&..%.02-....#.01,.,.m..........................v..q..q................n.&..m..B-.gd..{.....bb....6..L7...u.a<".?8....~~.,..d..P...{T..(.i..ggj..A."?..lot.>...B..S.....UT^....................*...BET.........79O..............N.......(.........67B."..&.--;.......... ..........'&1......A..Cu.(l....".."...|....0s.(.."......*.../..}........................".,..%../j.....v.)m..../..#..!.. ~..r..p..u.)...!.)".%A..Z............................#~.,z..v..|.+.....-..-.........z.*.........x.)..........................?)...ftRNS.o.`M......k.....4..@..[.K..U.q......-_..4.I..%z.`.=v4.[@L6.lVF.`...%....#...}.......&.oI.,...2..\.H...!.IDATx...oP.g..q.9.....?...0...LJ.@.r..Q...`.4$.7.8s....w8}...32.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\load[1].gif

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:GIF image data, version 89a, 16 x 16
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):771
                                                                                                                                                                                                                        Entropy (8bit):6.908939349525579
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:oNSSQDR1Nws0pFItTuuG+IaFTDbjj9X194LVhGSuqyM3N/Y4cv4ZimsDjnUA/lU:Xj+fbBuzFj3aL3GyJa0im6jUA/e
                                                                                                                                                                                                                        MD5:00EF871B291BC03A497D608A5BD8EC99
                                                                                                                                                                                                                        SHA1:942D8FE092C1C473AF19906751C2BEE5322A9B55
                                                                                                                                                                                                                        SHA-256:81A161D5793AC2A33F02DDCD64FB0DC2D028616DAC084E4F64E77F4898B0C4E4
                                                                                                                                                                                                                        SHA-512:659AA4AC73230A847E7D836D486EE04289D73B3D3E7000A9A3333F6E40804D0CCB57DBACD999C0DBB730D5566520B27A0068A94D6087EA52F6A65E36B308190D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:GIF89a.....................................wul..y............!..NETSCAPE2.0.....!.......,..........O......{....Y.`....I.D8..+S....(.......D..(.I~.. .H`...Z.f....k.N..q..;'.L..!.......,..........N.......{..@.1....Q]AiN.:..)S.T..,.......b....$?...Q(0.).j.f....{....n.-~N...!.......,..........M........,Eeu.....%5..E...f3. .....g(..<...L...D".X`.RJ.J.N..........9..=..!.......,..........N...J..Z.'B. ..q`.....P)8./,S&.$.$......y....D...."..`.R.ak.b.........m..^S...!.......,..........M......Z.gJ.....}.H..I...b$.(.t..}.....~9..@Y,2.........i00......|.....t;..!.......,..........M...R..Z..R.. ..}.H..I.l...t.P0....B....v>.CG1.2...i.P...J.0.R-.....J....t;..!.......,..........M.....Z..Z..$..}.H..I.l...at..0........8..B d..L.I.B)...q80...&..t.....3..;

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\007[1].json

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):26
                                                                                                                                                                                                                        Entropy (8bit):3.4594911601991534
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YGKAAuW9:YGKALO
                                                                                                                                                                                                                        MD5:5219356778325FA5F324031D0378806B
                                                                                                                                                                                                                        SHA1:7BF98207062E481928DC757BCBADECA699BE47FF
                                                                                                                                                                                                                        SHA-256:DBD237496257D386DD7F9D97D870774D06F1FE2D02373460A509185732F07591
                                                                                                                                                                                                                        SHA-512:D9F376CEF40F40CB2A96899B801E795AA42925A6BF5472837D7DD48AE727E430144E742F1E952C9464F1B3E7CBE55B775AB7D58DB6B585C5CE597E19DACD37FF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"code":0,"msg":"success"}

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\c_login_2[1].js

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (65304), with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):213026
                                                                                                                                                                                                                        Entropy (8bit):5.537325609129562
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:Rd0cfE25AHGqxep7a8TwYgoe27IbWhNW1jRiE7CzfHe6fHkexC:v0l2Smqgp7a2Re2d8wfHe6fHPxC
                                                                                                                                                                                                                        MD5:8A50869763C7BB96E157B849E9469367
                                                                                                                                                                                                                        SHA1:9EFC7FBC712D178F89680AA945ACFF01C184351F
                                                                                                                                                                                                                        SHA-256:A540989B9F9BEF8B4763C2B0052515E0897817B7013A05DEE755C7517867217B
                                                                                                                                                                                                                        SHA-512:B5E0C91C26B6C02F1FE9C43DAD52B27041B4FF9A6F22FFB2D99A0A1AB63C733FBCD670699ECCA8A3665ED6A18C2800243FEA250EB3073E9A871D48B98F0349F0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:!function(n){var o={};function i(t){if(o[t])return o[t].exports;var e=o[t]={"i":t,"l":!1,"exports":{}};return n[t].call(e.exports,e,e.exports,i),e.l=!0,e.exports}i.m=n,i.c=o,i.d=function(t,e,n){i.o(t,e)||Object.defineProperty(t,e,{"enumerable":!0,"get":n})},i.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{"value":"Module"}),Object.defineProperty(t,"__esModule",{"value":!0})},i.t=function(e,t){if(1&t&&(e=i(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{"enumerable":!0,"value":e}),2&t&&"string"!=typeof e)for(var o in e)i.d(n,o,function(t){return e[t]}.bind(null,o));return n},i.n=function(t){var e=t&&t.__esModule?function(){return t["default"]}:function(){return t};return i.d(e,"a",e),e},i.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},i.p="",i(i.s=51)}([function(t,e){var n=function(){return this}();try{n=n||new Functio

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\error_icon_ie[1].png

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):394
                                                                                                                                                                                                                        Entropy (8bit):7.301522958007915
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:6v/lhPkRbBmD5aCr5Id+0YY5dTjhaH9FxOMbeejs8nicCixSxNCpaHChy2DJ0wJ7:6v/78bBmNaCG80YY5MSMbB6fWFYRS1
                                                                                                                                                                                                                        MD5:DD6F19337DD5A7EC79FB3566167D3100
                                                                                                                                                                                                                        SHA1:0A0FFEC10882C686F03C594CE437E5ADBAE0A554
                                                                                                                                                                                                                        SHA-256:05B314C7B31AFBA08F06B4D639D48C29B156748771A5DB3CDD3D732BBD63107F
                                                                                                                                                                                                                        SHA-512:A9E8B43B9A3516FABAD3AE97516A294D8323C9BA2F98E2356EC860F96BF494B99CB39C571943897685E9068A0CE6D2BC945782145EF574912DEFD61B06C4437E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....sRGB........DIDAT8O..=K.A........T.O..+........`..RllR.q...X[.]..."...!x..d.^.......<3/..0v4..H..y`~........K.D~..+... ..#w..F...~.....8.. ...G....>...K....Z5..mYte#..>;.>^...{..,......rf..1...$.R4_...h...A. ......H....p.8..M..k..V...%.~.....8s/..v.$.6.Z..u.........Tl"2...F".vX.....Q....k.:..b..,S|...{3UDs ...-..t.....czT.nx.....IEND.B`.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\go_right_ie[1].png

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:PNG image data, 12 x 21, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):494
                                                                                                                                                                                                                        Entropy (8bit):7.384574933171422
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:6v/7g8RGYrqXRdWytGkxNtXLsEUi5xTspDsFGZTfK5/a1:GXGXz2WwEUi5xTspvZTe/g
                                                                                                                                                                                                                        MD5:FAA4ACEC8888ECC3F7517CDF0B58530C
                                                                                                                                                                                                                        SHA1:1868F32BC2EEFCAA2C3D7D132E6BCCD0CE6C5B5C
                                                                                                                                                                                                                        SHA-256:9D7FC34725B5721E6B9C98465AF5C0BC2BE111DEF1297DBD9D8B39C2D55B9750
                                                                                                                                                                                                                        SHA-512:3FA4DAAC9516A69401A0C4E138CF8E3C6AF84D0119F224BFB92019C1E7B822F03E552995AED82E738679863E6A796AEA9871A12E19EFB3EEFBE7B51C9ACA7B45
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............r.......sRGB.........IDAT8O..Ak.A...ow..C......6..C....A.I.Y.......;....=4m....Phi/-.7.%..6:.fqC..............AplY...._.'=.BT..5.s":r].w".....R.O...\....j?.Ad.N..(..|...p.8.j..}.......=.qN..\..2.fw.....n.a:.~.........m.....R.......MlYV.^....{@,H)..(.Xk]...&.P...._.p.L.L...GD.uO...I.R~..Tk}...R..D.....F.Q...zPJq.....Sj..V6.......r.7.0....ahL..VJ.<....d2I/.....wi:......x[...s...m.V).c.f..{...E........a....V.U..h.J.8#..VJ.|....l.kC..E~.9.....IEND.B`.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\login[1].htm

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (46950), with CRLF, LF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):101281
                                                                                                                                                                                                                        Entropy (8bit):5.636683884309766
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:swymCL1KHPUvgs5KkHHfHwFaMV0U2KVuL2YYvXlxtZGqOutUIAunAfe615oss4JK:3C2kiofH6mhSlxXTNyeq04kudJn0
                                                                                                                                                                                                                        MD5:3B23CDC8EF7724C27F76E7B7B15C7431
                                                                                                                                                                                                                        SHA1:3B8F6B209D7A83643E54EC155E0DC749F9CE1DD9
                                                                                                                                                                                                                        SHA-256:6003898EB98D46C82712F300970E7D02E80A53DF717083001CED8F9B845754AB
                                                                                                                                                                                                                        SHA-512:6DF92F8143C7F813B908BB328E543D89437C34C1740E6A53626A32271030B71C217F80F854796AEA228CABEE761316C7F57A222B02532A5C3201C06E5EF724F5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"> [if IE]>.<script type="text/javascript">. window.Aegis = null;// ....</script>.<![endif]--> [if !(IE)]> ><script>if(void 0===Set||"function"!=typeof Set.prototype.keys)var Set=function(){"use strict";var t={"[object Array]":!0,"[object Arguments]":!0,"[object HTMLCollection]":!0,"[object NodeList]":!0},e=Object.prototype.hasOwnProperty,n=Object.prototype.toString;function r(t,n){return e.call(t,n)}var i=Object.defineProperty&&Object.defineProperties;function o(t,e,n,r,o){i?Object.defineProperty(t,e,{enumerable:r,configurable:!1,writable:o,value:n}):t[e]=n}var a=!1;function u(t,e){a=!0,t.size=e,a=!1}function s(e){var r,u,s=0;if(o(this,"baseType","Set",!1,!1),o(this,"_data",{},!1,!0),i?Object.defineProperty(this,"size",{enumerable:!0,c

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\cross_proxy[1].htm

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1765
                                                                                                                                                                                                                        Entropy (8bit):5.795819911845425
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:ImMq1UpXmMzQ3uuQ12axLvXCGFetca3n35Cg3UdPCt:SIlP3Xo7zFmfAI
                                                                                                                                                                                                                        MD5:EED469DA9C7546B4431B5B7FC58D9FEC
                                                                                                                                                                                                                        SHA1:932F075F981D38590775821CD4CC880080EA590D
                                                                                                                                                                                                                        SHA-256:EDF9606BD61D1440BB9B15DE29ACC230380F1C2A194C21D69CF91CB13C499A11
                                                                                                                                                                                                                        SHA-512:0BA912B384E7DE9D6BA388F9FCD54F9BA3E163CF732BF78B413AD4DB7CC17F86783E748EB3599F43639A8057AC5D185D843A42DFD93E6A9D1828BD6BAD5296EA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />..<title>proxy</title>..<script type="text/javascript">..var message=location.hash.substr(1);..var _domain = location.hostname.replace(/ui\.ptlogin2\./i,"").replace("ssl.","");..// document.domain=_domain;..function crossMessage(){..//.if (parent === top) // ........................//..return;...try {....if (parent.parent.pt && parent.parent.pt.login).....parent.parent.pt.login.setQloginState(message);....else.....uistyleCM(message); //...ui style 17 ... xui style 20 ..........} catch (e) {....uistyleCM(message);...}..}..function uistyleCM(message) {...try {....var msg = decodeURIComponent(message);....msg = str2JSON(msg);....switch (msg.action) {.....case 'close':......parent

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\icon_3_tiny[1].png

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:PNG image data, 274 x 697, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10711
                                                                                                                                                                                                                        Entropy (8bit):7.940933220251439
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:eU5yTVfJD9XJY5FFeGyIyRN435n4rewsx/Th9MoPSpL5dx49DcOgfuM6IUL:eU5uf5lJCeZtjk54r4MM9DMmM9K
                                                                                                                                                                                                                        MD5:2F50636FEF990151C4A5807394F1EE3B
                                                                                                                                                                                                                        SHA1:7302F501BF0ABB4EECCFB7CB9EFC09ABB18C3C9A
                                                                                                                                                                                                                        SHA-256:18CAA5D351B724B183BA41CBC8076F6A86D972DF2281A0532861C9DD509E335C
                                                                                                                                                                                                                        SHA-512:51534DBDD010145AC88499882CD3BFFF4A28C0B3E3AF1294DA921D51D2E654F112C8DA45B1B287B9B92CD3CFAB81060D25F96054C7073C1FE3BFCFA72EC63801
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............D.Q.....PLTE....................r..q..r....................342JOE.......-..*..*..&..$.....%..&.|.........Y........$..$..+..+.....%..%..'.................$...................................................W........................e............/n.%..../l.$.....................}../..}../...<..u.)u.).....[..B.................................t.(...x.)}.+......!.(.................-.. ../..................r....#n.....k...........A.....Z....#..!u..w..{..~....%...................................}../........%.......*...B%"-......"z....0....A.#..........**6....&....9:I......12AN....%..............................BDW.....b.....z....Njlp..............3...= ....TV`........;5.....R3 .=...S.qri.....wP.z|.......C,.tr...9....J*..g..s....:'.|..TH...i.sEJ.........ltRNS.n2I..,.2.....&.......)....}..C.'#..WA<l`6..iO.L..v.=RV....^....3.......3.....SVX.dqT.~........H..........&.IDATx...j"Q...0.h5..4.$w.:..$..I#.H!.$.n`....*..^Q..6{..h>

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\tcaptcha-frame.28d99140[1].js

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):169192
                                                                                                                                                                                                                        Entropy (8bit):5.674770862466267
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:OxcYMs2Dozqh1KISgSfeAl3zR5gKQkazIIjQdHuik00e5v1ukES1S3gzM:Yzqh1KIlyeAlTfQkqEp5vcZy86M
                                                                                                                                                                                                                        MD5:706B3DAF5CB9E7F198FD91C8CE9D727A
                                                                                                                                                                                                                        SHA1:67FAEAFDE928C6B6D49A157FC1BFBAADE8762233
                                                                                                                                                                                                                        SHA-256:A631E9946BD2DA7E9C3654FCE5C40CA8A2A5DFFBB58B1CE5B783610298E14F70
                                                                                                                                                                                                                        SHA-512:59FBF4FD566029125F2DDCA49133CCD216DA5678AA0E289EC7A1BB0905CE5D8D7F53DB66D27F569E0B8C564A3ADBA914CDD48B13966D1B7BC9F22D726DD5BC25
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:!function(e){var t={};function i(r){if(t[r])return t[r].exports;var a=t[r]={i:r,l:!1,exports:{__esModule: undefined}};return e[r].call(a.exports,a,a.exports,i),a.l=!0,a.exports}i.m=e,i.c=t,i.d=function(e,t,r){i.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},i.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},i.t=function(e,t){if(1&t&&(e=i(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(i.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var a in e)i.d(r,a,function(t){return e[t]}.bind(null,a));return r},i.n=function(e){var t=e&&e.__esModule?function(){return e["default"]}:function(){return e};return i.d(t,"a",t),t},i.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},i.p="",i(i.s=76)}([function(e,t,i){"use strict";var r=this&&this.__createBinding||

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\theme_0[1].css

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):121
                                                                                                                                                                                                                        Entropy (8bit):4.791827288303831
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:IEGOcFSKP0+qMx3EXFOgJZfMW3QwiNmgEPxgJOL0S8ZJsw:IEGOqR0m3erfnoN01z8fsw
                                                                                                                                                                                                                        MD5:410E0D065899B7A313A1B47FE1D4BB9F
                                                                                                                                                                                                                        SHA1:8C0804B2AE903D7D911F81D08D1400E32D843713
                                                                                                                                                                                                                        SHA-256:B13B979BB0B43E121E91C95174C7A6A08DA54F87A243C096DEC1461557A30BBF
                                                                                                                                                                                                                        SHA-512:E998F720DB8E41EB2A550A853BAD2457151D98C94B08D11990D1EFC50A8D5AE44A8F693996412B3E178CC4614AB7B7137A83DC3FCB13A8239D150074EACBA029
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:body{background-color:#FFF}.qlogin .face .nick,.qlogin_list .return{width:100%}.qlogin .qr_1 .qr_invalid_tips{color:#FFF}

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\TCaptcha[1].js

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):81536
                                                                                                                                                                                                                        Entropy (8bit):5.546476223002442
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:TFexcYMs2Dozqh1KISgSLTSKVnZOJs2JuPkd/3o+Io6D8MRygP8NoM0fr:YxcYMs2Dozqh1KISgSfRZOJ7JuPo4DJJ
                                                                                                                                                                                                                        MD5:52071FA2C5A2BF4A7F4A2B6D807A1973
                                                                                                                                                                                                                        SHA1:F77CAF340A6A1A073A6AFA4441D4A573E65B1DD0
                                                                                                                                                                                                                        SHA-256:B76928EFEBA08BBE2D7CCF6DA63B9DE77C633719756F2AA57B7030CF62EEDFC8
                                                                                                                                                                                                                        SHA-512:28981E707F6D0C5EC84EA7157CCA7CB7F8DA1A8118AD0C57AC2FFAFA51A512D6EC888FDDB4369FCBEE9969791B5D68451ECF6D783A3E53E063CE08ED6776CC14
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:!function(e){var t={};function a(i){if(t[i])return t[i].exports;var r=t[i]={i:i,l:!1,exports:{__esModule: undefined}};return e[i].call(r.exports,r,r.exports,a),r.l=!0,r.exports}a.m=e,a.c=t,a.d=function(e,t,i){a.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:i})},a.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},a.t=function(e,t){if(1&t&&(e=a(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var i=Object.create(null);if(a.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)a.d(i,r,function(t){return e[t]}.bind(null,r));return i},a.n=function(e){var t=e&&e.__esModule?function(){return e["default"]}:function(){return e};return a.d(t,"a",t),t},a.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},a.p="",a(a.s=17)}([function(e,t,a){"use strict";var i=this&&this.__createBinding||

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\c_login_2[1].js

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (65304), with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):213026
                                                                                                                                                                                                                        Entropy (8bit):5.537325609129562
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:Rd0cfE25AHGqxep7a8TwYgoe27IbWhNW1jRiE7CzfHe6fHkexC:v0l2Smqgp7a2Re2d8wfHe6fHPxC
                                                                                                                                                                                                                        MD5:8A50869763C7BB96E157B849E9469367
                                                                                                                                                                                                                        SHA1:9EFC7FBC712D178F89680AA945ACFF01C184351F
                                                                                                                                                                                                                        SHA-256:A540989B9F9BEF8B4763C2B0052515E0897817B7013A05DEE755C7517867217B
                                                                                                                                                                                                                        SHA-512:B5E0C91C26B6C02F1FE9C43DAD52B27041B4FF9A6F22FFB2D99A0A1AB63C733FBCD670699ECCA8A3665ED6A18C2800243FEA250EB3073E9A871D48B98F0349F0
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:!function(n){var o={};function i(t){if(o[t])return o[t].exports;var e=o[t]={"i":t,"l":!1,"exports":{}};return n[t].call(e.exports,e,e.exports,i),e.l=!0,e.exports}i.m=n,i.c=o,i.d=function(t,e,n){i.o(t,e)||Object.defineProperty(t,e,{"enumerable":!0,"get":n})},i.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{"value":"Module"}),Object.defineProperty(t,"__esModule",{"value":!0})},i.t=function(e,t){if(1&t&&(e=i(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(i.r(n),Object.defineProperty(n,"default",{"enumerable":!0,"value":e}),2&t&&"string"!=typeof e)for(var o in e)i.d(n,o,function(t){return e[t]}.bind(null,o));return n},i.n=function(t){var e=t&&t.__esModule?function(){return t["default"]}:function(){return t};return i.d(e,"a",e),e},i.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},i.p="",i(i.s=51)}([function(t,e){var n=function(){return this}();try{n=n||new Functio

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\logo[1].png

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:PNG image data, 12 x 13, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1190
                                                                                                                                                                                                                        Entropy (8bit):6.3211509477290635
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:lq1hfvWwjx82lY2T3JVrK3aTEyJ3VryvudGhfC30sc:iANn2NI3U3J382dC1
                                                                                                                                                                                                                        MD5:EF8CE42602EAAE0DC7AA5C4685608AB2
                                                                                                                                                                                                                        SHA1:0107D051C7013FB305E8B15FF1C7E5DC7791F54F
                                                                                                                                                                                                                        SHA-256:B1622211265E90B44352AF19B79769110166A39C7AC95877C534644A9992B500
                                                                                                                                                                                                                        SHA-512:7BFA66FE0596504876735EC1A17B28EE11EFBB67CD37228C128610F1440D61B941DE70893AB43D1BB6C2524B4E662E159BB5C45B756568C59F38F08461F51850
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................p....gAMA......a.....sRGB........&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:845AFFF90FB411E792B09BE08095878B" xmpMM:DocumentID="xmp.did:845AFFFA0FB411E792B09BE08095878B"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:845AFFF70FB411E792B09BE08095878B" stRef:documentID="xmp.did:845AFFF80FB411E792B09BE08095878B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>hq.%....tEXtSoftware.Adobe ImageReadyq.e<...QPLTELiq.r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r..r.

                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\onekey_tips[1].png

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File Type:PNG image data, 160 x 198, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4223
                                                                                                                                                                                                                        Entropy (8bit):7.929446654983989
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:XP6gxN98qtR+0Nv8yyYmnxUZkz4eqP5I8ri+iJ/sUDJbRbkaXwWCmnAgE5o:/6gFW0NvWx4DPVnFUDn9CmnAgE5o
                                                                                                                                                                                                                        MD5:532842B0C8F56610E2A777DEB0FC29CE
                                                                                                                                                                                                                        SHA1:E7DF1F837924EB3104E51BFBAB139EA1457C8E20
                                                                                                                                                                                                                        SHA-256:AECB41E092444F6DDF215740E6E147C5C442D3CD766DF6644112708308CE84A5
                                                                                                                                                                                                                        SHA-512:9ACED847C666BCF02DFD2515D4D4BE3A54BF0938F46DDF701093B948020F3F218A36AC443EA589BDA62E6D1258CA54A7A036110B78E7AF08696DBA241D4879F5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............b.{X....gAMA......a.....sRGB.........tEXtSoftware.Adobe ImageReadyq.e<....PLTELiq......YYY........................................~~~................................................r.....*........T.....:.............G..............f......!........dZR...]........UKB......wmg1..@....o..=7-.V>.udK.s..P.S!Hk.M......tRNS...Q.&G0...m.L.....'.......IDATx...[.....S...`6.....I.....8.B.........-...{.C"............m.|x..l..nTd..[..O...3?5....A....6.{..[{U...e...}..i..e..G.T@.c....e..U.$o.V...:.,..,.{.j.vXb..4*.l..H*.$%.~.*..>...Vak..1@......=.5.o..*^.....~.^..n...+.Vk>...h...t.C..p$.....g..^h;N8...i..C.x{/.B..^...I<...<....5O.<x.9..,k.[..:........a'l[v..{S..a..j.lx.I-.....C.U......`.A....-....)..m..?-......V7......`...<x2..i..z2.z=.Y?E.-.$.....P]..ek.e&..~?i.<.].!.@;...v.^.8.........v.t.....!/q!d....+m..`...... 8..v.]..Ym/L..x.eu:].c. @..%..!.;..>.]..=P......0...j^.z..?!..k..y.U.U.xV.U..gyV....fk.5...5..p...\....k

                                                                                                                                                                                                                        Chrome Cache Entry: 160

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):59873
                                                                                                                                                                                                                        Entropy (8bit):7.975051851127102
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:RsP+dBO2mkqldbtMDjJkoyfiP8HMJE43RVRTvlkLwTXuL55WBU5W6EL3IDQfCWSr:emdBHmFlJtsafpH5wRLGqud8h87Lk4
                                                                                                                                                                                                                        MD5:CA542FDC551D6A47773C942ABA49E1EF
                                                                                                                                                                                                                        SHA1:C5E4AD7B86B6FF99AC8ACB6CA5AFE1DB3014040C
                                                                                                                                                                                                                        SHA-256:7230FF37FA7BF159A3A483EDEE96D61C533D6EB3299FEFB7277B1BE4CD7C850B
                                                                                                                                                                                                                        SHA-512:4D57930AF3A1C5D9FD3BC1B86BEB14CC553697E37A45AFB1C4D5C59B1F3A4420E7114DCA138F7D76377030F526D6BB30470551F3D33125CDA5C24C839587CDD9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTE..-)......*H..A0Ru....../Rt............t...............0O3.("..-Af+<]'6S.*J2Mu.%D (>...6Ik."7,.......2.....9:S{..?.."[TZ%.E0S.RJM"3\+Cq..1^\pJDG:Z.c^hecoSOW..)ihwKc.`Z`..+[Yg@.4......fav......8C]<a.... >_3<S.....l|....4JEX.&..u..^v.o..ZPQBQq.......Ul....VUaIGQok|Gp.....8jXk....<g.e~../Yrr.P`.A=A."."Nx#Hj......616......J}.fq.-].j_]{~...........v...<`.eo....w..FOco........qw......8*&).....|y.9o....7..Z..L.....Ip.......Yf~......................OZr...\y.........y......^.....f..pgj"...........{m.O.Y>.!L..'l. [....~........jWN..y[LDu...ja...x_X......:......y..,~......ur`..k...&....c..,..QC;...xcy...C71...M..~$Fu.._..d..shU...2R...z..S.7b..x.2.u....2B.N.+.....w..L...g..o..D...B_.0.....s..Rl.Cm.6.a..Fqg._.....J.}...e...I5B..[Sh...v..m....tRNS@.@..?.@.@@@@....[...IDATx...Hke.....?.h..~8"Z..tk.L..O\Y7...kR-....l.LZ..e`.EB%..........cq...."Jn6......;.k.s....>....{V..Me.._.e....%.qp........30;.2..y....9.N..?..F.ssc.AT.

                                                                                                                                                                                                                        Chrome Cache Entry: 161

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999487081712327
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:kLvxbqEY1Dzjp++brB+fK+G7hrKzlYbYoMzWuGxUjERAiNZUNRaN6z:U5O31FbrQfqDbY1WkjQN6uS
                                                                                                                                                                                                                        MD5:ED6BF612F047790A8E4838903C179F54
                                                                                                                                                                                                                        SHA1:6033249865E95C444D0B5F957E5ACA9568CC1BB1
                                                                                                                                                                                                                        SHA-256:51C8343756E78C27DDD9D399EC8BFAF85A4EF47694F294CACEE4BB8B68300197
                                                                                                                                                                                                                        SHA-512:AF724650E0EA9E38F0265E2A0AB77EC1EF137508EC7EBDC4D4B2D10B6875FB78564D7EBCE940FE401421E9B537B6FC64C777A5E6257FE94566B09185F2473207
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:6
                                                                                                                                                                                                                        Preview:=l.v.....l.c,.@..K....2....OTt.6.dd.k.....d....Qc.)/...6..}r(Z..+d;...d.0..X.+w'..G...w..._.lb8...W.7.y....._...T.7...:(..;..>.....z...t.`......Y..\..."Z.........@P.......i...}.A...:3'.c.{H8^_...a.5-].I2.H.'b^..1..S.....d.Z..&vSV,..G....9..q.jr...*|*z..`uW.........$.\.q..e..M...d.o..*k...._6y.N.....\.`O.2n%GUj..L.c.S..H....AN.@;0.$........i..z..&.Y.....Ns.....n^.'u.......K..L.H....3w....(R.fiq..|.6m...?*^......n..!..b._.o.../I..=5..^...G.9R%....X.;.7..v.XX.......F.&.t...C. ..;.......n.".9.K.=f..`.5w..I.i#.s. 1.s.w..N.+W})..xq(~.S..Q..W..*....B.w....^.....m.l...|.G/_.1..8.;..1q.^x...L.\..K..`..?i.p...!..).|. U......p...4........iaB..{."o.+.,..L.....6g,Pu.......F0.i.*\~g*..J.....v.+..w.. ..4...X.`<..../....\.t....G...b,..J.....I.0.M........./.Y.?.C.!.q.KV..ID.7-M.=Ud..*..".;.3.>..5J...6.3x....(Y...7.J b.l.O]H.z.g+..<..%2.{:..C_...9..?...q.|...Y"b.1..P......H...Q.w>..Go.................vV..V.D.@*}.R..l..ES..N..&..R.7...jC.~.d.2.SL....1..,.bN_

                                                                                                                                                                                                                        Chrome Cache Entry: 162

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 121 x 121, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10520
                                                                                                                                                                                                                        Entropy (8bit):7.97949289515813
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:IXYAmWhoq9Ff8KcQyKwOuV+litV+z/27VBtIV3menRaG7xRsfjxaB:IXSYrf8PNx+oUj27VExmenBxR3
                                                                                                                                                                                                                        MD5:596E73982012010E6A3972C0E0D848C1
                                                                                                                                                                                                                        SHA1:BC655FC79E3781E7C68C46C1645B198E2797FFF8
                                                                                                                                                                                                                        SHA-256:13EB64C2097B21543E4B0632D529E695853A90BEB7FD8DD2429A3522F1DA8F61
                                                                                                                                                                                                                        SHA-512:689E9B6B0DC67AC978B940525B803769C9EF70DC4691E3B110DBD98D5874C4E2EE33170F5C85DCAA716B9A3214869575B6D99E9854036FCEBD578F537FEE5CAF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...y...y.....*$~{....PLTE.... .Q*....P5.P.\F..r.q7.B..z.%..bJ...X.C..../.P.7..`<...r=.iAG..?..O.....1..+..i5......Y..../..8..^0.e..q<.E!.R)...:......'...A."...,..w..5...X.....o...|O.V-.M$.J"{>..{J.tE......g;.......^9......y...#~._7.f6.J.N%....~....T.W..M....`.H\.~O.Rh.......tE.>.......yE....`..S|8.........}.j.BX.>...B..q.o.G$.Z+.dt.........]+.Z.`8.T(.p....`.K.s4yI...{..o.[n.nG.|B.(.........Ff:..i..fz..d.T.4=.Q9.n/Y2........y..d.fN.O/.4........x.f.n_.jE.m9.(...p?r+....Ui.B3.Wj..Y.xY.~X.k(.@..J.....:.X-L..;....og7IuO3.%&.......{..k.R.S.u...}n%5c#.....V$/............j.@MtG"./.....|......i.&[....Gp..e.`3....1..(....,3.p.\...JW}0>....9..=... ..s..`..5t.7."....j.!.|..UZ...r..l{.DC......dK.>H....t]]K:\..-"CYW..^..L.........tRNS.@.@B.....:...z.......S.G..%.IDATh..}L.e..gu...L.1AC.`.M..l{..4....NO..Ml..Bx..m$}.Rm.y....)..v......:JP.N.eN......f.........I?..=.....]......].a...s..ae)....&:;.3..x

                                                                                                                                                                                                                        Chrome Cache Entry: 163

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 858 x 1641, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):117721
                                                                                                                                                                                                                        Entropy (8bit):7.965154745681065
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:J6m6P6H3gOrkFaZheof0M7kDEwhGspPmHF6DCedis:J6tIMYsg0swEw0sm6DHn
                                                                                                                                                                                                                        MD5:6BC4F626D92473A6F5821D1AEFFC47FA
                                                                                                                                                                                                                        SHA1:1DB17B733C8A4214D7576B2320C6CC8203D67F90
                                                                                                                                                                                                                        SHA-256:9CA684547941EC1CE7A6BEDD9A704D000731B467B7C0C0B814A0DFCB469BB21E
                                                                                                                                                                                                                        SHA-512:8FEA481F8292D279C05AA5DC8049C4423C2B2E4904C330B612E92F4F7CCF789E5A5411A36CE3E352B3C17F10C4EA8E647678744CB10A010548831D33564D637C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...Z...i.....w.......PLTE....@u./k.4z.4y.?x.?~.9{.:z.;|.:y.<..=..=................................................................................MMM..........................................................(...................................bbb.................................FFF'''...<<<{{{...]]]......ttt...777TTT......oooPPP...u.................333.........AAA..R......XXX.........lll.....Z.....................q........M.....{....D...eee.....................i.............Q".............ggg........................;.............K{..].......iiis...._.........'..........................Y............X...D...............f.....r.....,3...............7........x........y...............o..g............K..D.......c.....Hw.-^m..]T.......o...........y...+..k^s.....tRNS................9R8...n......]V...,...oIDATx............................................f.\.#.a(\....y.$.$.|..[G.\B.P.r..........#.u...jv..Q..t.<.?....o&....D.+D!.R?....eF.Z..j~l.

                                                                                                                                                                                                                        Chrome Cache Entry: 164

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 330 x 330, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):15463
                                                                                                                                                                                                                        Entropy (8bit):7.960717688850482
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:IVvwNlQ7OjzqKWBQzfRYJaS3n+GiP4IEJ8J7:Ipk2qX3z+JaYn5iP7Ee
                                                                                                                                                                                                                        MD5:05A71DBBA3D4953A14985CA4F13FC508
                                                                                                                                                                                                                        SHA1:8335DD71FD30EF3DB08D1B2AEE9EAAB0DE35DDCA
                                                                                                                                                                                                                        SHA-256:614584147BBAA7503AA7C73A769E5BC00119555104C0571236666458AD49C348
                                                                                                                                                                                                                        SHA-512:6A77578704609DAA537B6FBA071A6B92B025E1731322A4288D528978C091540159E7E804DFA2B6F5D858E1A08D478D174EDB710EAEFDB98EDB3F97FB9D45FF00
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-14.6ebef64d.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...J...J.....L..7....PLTE...j..,..0...........0..1..1...../..1..1.....7........q..0........3.....s.....3../..n.....1.....1..m..}..m.....1.......E1..^q$.....G.............................G........E........B..>..C..F..E..A..E..D..E..C.....D.....@q....By....A...{.......D...........A..Cn.......?..D..D..B..?..@.....E..D..D...v....Bt....Dk....C..?..E..B..?..A..E..A..@}....B..B..B..?..>..D..B..@.?..@..A.?..?..A..@..?h....A..?.....D..B..B.?.?.@.?..@.@.?..?..BMp(..@.@..>..C..A..?..?..AK....D..B.@Tp&...[q$...Xq%..B.@..A.....B.A:.......?..E..B..?3n-Eo).@..?.....A.@..@..s.A>o+..B.@t|(\...@A...A..E..C..CU.... c....;p-..b.....0......iv%....n..6....O.....6.:.....9..3....g.<....[..Q..Q..w..U..D..J~.*..<..V..<.7Lz1..O.._..3..i..9..@..zu.7e.4Y.3.....<.;g.5W......&tRNS.. . `;`...@...0.o.p..P...... ....P.R.&..8.IDATx.....0.F..I.... ...........z.m.i....8........................O...;.P1.ri....!~=.c..!.....V..9.O...u...sP...q.b..d5.?^../.q. ....^..\.>

                                                                                                                                                                                                                        Chrome Cache Entry: 165

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 288 x 288, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):10792
                                                                                                                                                                                                                        Entropy (8bit):7.928512726156912
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:hhbDB4gaxuT19SSZXbMyqx0kXFrtduepb1MI1w8M3Y9eNFUUyozDnkAQ3vU:7fB4gaxuXS0XbMyS0EdPpdM3FFmkDk18
                                                                                                                                                                                                                        MD5:85632BDF7020DF4019A08F5DE56B7BE4
                                                                                                                                                                                                                        SHA1:247E066BB8367E6750725693BE345553D4DD5E91
                                                                                                                                                                                                                        SHA-256:145D5C4071C5D749832B4568A0B8F688897F2ABB80A0B10BF0351F919B07F04C
                                                                                                                                                                                                                        SHA-512:4EB48499EDA7319A6885E7EAAE888C043DB909E0DA25C15FB9B01C5D85B7E9FDB926E9B16EE882B9E454CB0DE21EE0CD9EF181028ACC74B81516EC9653ED48F1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-3.2b846208.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR... ... .....#]^.....PLTE.........................................................................................................................................................................................................................e$.......W#.[ .d".c".\..a".g'.......c".g#....] .......`#.j+.a".`".......}G.^-.m1.......^ ._"..._ .l-.w?.s9.Y#.....Y.W#.....M.c.........g.^!.d5.Y&.n!.....k.Z".]!.............yC.u<.k".....^..V..w....................|V.\"...........c.z........\#.v ...........t.s..Q.u...............|.X".f..k.........o5..............p.j>.q3.s.......}..k....p..........................._.........................d.vN.s"....................................................nC.{ ....................o..z...wJ.vA.m9.e+.l=.t..f..Z.j".q!....'....HtRNS.........(..>.0.......$..H.wc...ojS8..L.P,..pC.W`4....~]..t....zZ..c...&.IDATx..yP.u.........r.}...j.?~.N.(..@..!......C.....DG.#.X..GG.Q<P+j..v.5.1...6.~....I.d...C.x.

                                                                                                                                                                                                                        Chrome Cache Entry: 166

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):181293
                                                                                                                                                                                                                        Entropy (8bit):7.987444042817545
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:a2aab2VmV5SPsWvwafEk8sdTn7KM/8mYol/UaWEXSUM0gRRnuZfETo4A+Mzq2qz0:aFa6V+Wvbckd7sR2ZLXSagPnuOMzq23/
                                                                                                                                                                                                                        MD5:06E40876E3D85A102B955A1BCE327E7F
                                                                                                                                                                                                                        SHA1:EC09F1F5612C2B09C6C6AD37EDCF7D1CDFAF220F
                                                                                                                                                                                                                        SHA-256:2534CE591FC99AEFDCD189315B494C9BE4D464AEAB2B957E03A092B7F6FCD82F
                                                                                                                                                                                                                        SHA-512:3D0911C85AEDFE54EE3FF0447EBA8959393A146C11C29DEC443F27F98083C2E5EB2F680C3BA978604625ABC3D403FEB296C63EC496B91E0246054191CDA1036A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.......8........C....pHYs................eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6...nIDATx...v.8.n..z.3xS..l.V`@.....m..2..X......&.a.`...`mn..D.j.......(..mH.....x..V...x...#.k.Wh.?n....-.V....X....K.....V...m...l...(..-........r....@.....Q.=B>..X..fL;.Xa|gF.......!........`n..m.g.C...3..3.m.r....3......`.....yff...`..@....(?...y.`-......<....Y.m.....c<h.-T.z.?.B}...0.. ....&..ZA....]p>.7.C..H....w;#......Y...b..1OiW..C..X....z@...Q.G...`...|.x.sv..A].6...\H.V........B0@.l{.@.....`-.V..s1.u.dy....C..@^.....D`.=.~.@.......a.=...Fy..s.uD........A...........a...V ....8f..:.........Y.....GDh......v ....0.....k....^0.....7...p.B>.

                                                                                                                                                                                                                        Chrome Cache Entry: 167

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):35683
                                                                                                                                                                                                                        Entropy (8bit):7.955053490136009
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:YSktyF96W/Ed5UVnIYyDM6Hdy3EUNMwb+Xte/V8W3rO:BJF96/iI3DrDNwqXEbO
                                                                                                                                                                                                                        MD5:583975B4342FD718871603AA4D228980
                                                                                                                                                                                                                        SHA1:7E43257C86651A17D4EBDE6527B730B676196B39
                                                                                                                                                                                                                        SHA-256:876A311EEF77C10933A7E93DA9007811A824DF220BDABDD3F7AB451455F3C2B3
                                                                                                                                                                                                                        SHA-512:3CB04559444EFECCECB45CBCBF5BA8F2F2B4851A570501F1E1D74CBA9D7C427382A56FFE2C6C23E3A5949059850473035238E3EFD89E92F5B7ED35F96E18A0B4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE..........j..... ..'..U......>E....-...@..F.......g.P.v!S.=..4.....i..k}4:.7>._p.....l...59......]r.Xm..v..R^"B..x*.H..^..................................................Zv......~.lFV.n.................gx...................[l....w..o..2L.Qp......ySc....h..`z...Wf..bs...kW9J.K..................o~pO_....v............V.....x~.....S..b..r.;.....[..z........AY........K......E../..........x..NOs.C..........qr...................Gh.np.{}i.=.HH.PU6...|u.E....xKZ.....\a..].6..+...:\.gj.1G...C/<....>...E..F.&.,p.;c.V\.._.pj......!U....Q./.......DX..E]^.YL........x..Z.`q.`j....Woths.0..<... .R1..v:CQ$/...A.+.Bk......&8.c..n.a.;......[S`#.. .tG#YL5.../yyZ..q..n....I+..R...sm.).E.X.$...n.J$o.G.iA...:.g.p|.....{.s.k*w.......*tRNS........2....J;rT...x...tX..e....y....<]t.....IDATx......P..p.M...K$D.D.N..KDl..h.....%H.CfD"6....8.6./`.........J.....}.9.j>w.......zz.....eff..E.V.\.UV.\.........wy.o

                                                                                                                                                                                                                        Chrome Cache Entry: 168

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 287 x 287, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):11943
                                                                                                                                                                                                                        Entropy (8bit):7.921713463674599
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:4t5RVBMRoRG5ectnEGZUXMrE97R2DV1qBWMO/a1K8JMVkQd6gfL0SuruPFQGCraZ:4jRfctnfCEK7R+0IMAuK8J4kQdFfL0Sx
                                                                                                                                                                                                                        MD5:11C7371BF2336B5292AEDF41CAF163D7
                                                                                                                                                                                                                        SHA1:9778B47F333A85B086A9A698241670CBB984A50B
                                                                                                                                                                                                                        SHA-256:42259CEA0D1FC6BB23FB76D840A68E856B255C01AC3E6A12DB4DEB889F973AA3
                                                                                                                                                                                                                        SHA-512:4A48ADE9DF5B2B5C0A43C57877318FF3AB3B145E299BBFAA032372D62C2B3D3F2F7D91088A96FB18D5284C20739A1C6F4F10E38D529659B96FDE88D91410A59E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............O.2.....PLTE.......O..c..U....X..T..Y..`........X..X......+....Z...'.................*.....Q..?.2e..O..L..O.......5`.....!..R....4a.....R..6.6`..I..7..R.....S..$.....[..?.....T.....O........<.......7`..3....7`..2.5`....5a..........<......f..........................$.....)..-.....1.....:.....B.....=..O..I..E........@..K.....!..8.....3....8..5...6.;..>..0.....-..)..2a....A...s.....v.$.....E...............k.3...n.....S..z..9..g..a.'...]..Y........R.....O.!...E..&..!....5a.....=..4..+.-b........A..U........}.}.../.....F.....H..........(c....$d........d..1.*d.z...L.................K..C..f..e.......2..:......f.N..6..7..n..`...f.).......C..x....P..Yo..f.dz..j.....P...i..)...Cz.4x..L.tt.{h.ec..n..`.jR.W..No.yY.wB..;..:.z...g..I....h...y..g5...$t..!.LN....<2.....V....GtRNS........ ...'. .@10..a.... @ .`.p._.N...oP .....o)..`..C..o......W...+.IDATx.....@@....@r%AMB..1..n...o...^........FU.y.i....mK?..q..|I)...]..o...N.P..y.a....q.!..11fb..0...L

                                                                                                                                                                                                                        Chrome Cache Entry: 169

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (884), with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):884
                                                                                                                                                                                                                        Entropy (8bit):4.796720197895307
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12:gE5FxToDNhWh2YvWDEV5eX3sFnahExsc8ppVVuk+uXkiM5RnX6fhZeVdH5R8Vd:zfTycRrens0I8p5FM0hg7Qd
                                                                                                                                                                                                                        MD5:C9C32C67140933F154457F782EFE24C6
                                                                                                                                                                                                                        SHA1:FA94430BA284ADD795009284CD363E75D124AE6C
                                                                                                                                                                                                                        SHA-256:9FC14B0D31D1DECF276CCD3B926A2BD3FFB6C7A8C019B7F7491F5567CB429D85
                                                                                                                                                                                                                        SHA-512:52C0D465F099A603B9C10076FB789DB8B06CC185FF3FF3042D2B4A2B8D4FB684538461AEC66B9E055EB228F24AF2C6D6528250D0080EDDA2CFA165EDD7ED0318
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/chunk-vendors.120b3a4b.css
                                                                                                                                                                                                                        Preview:a,address,b,blockquote,body,div,em,fieldset,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,label,legend,li,ol,p,s,span,table,tbody,td,tfoot,th,thead,tr,ul{margin:0;padding:0;border:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:-apple-system,sans-serif}ol,ul{list-style:none}a img{border:none;vertical-align:top}a{text-decoration:none}button{overflow:visible;padding:0;margin:0;border:0 none;background-color:transparent;font-family:inherit}button::-moz-focus-inner{padding:0}input,textarea{background:none;padding:0;border-radius:0;-webkit-appearance:none;font-family:inherit}input[type=password]{-webkit-text-security:disc}button:focus,input:focus,textarea:focus{outline:none}body{word-wrap:break-word}*{-webkit-tap-highlight-color:rgba(0,0,0,0)}.hybrid{-webkit-user-select:none;-moz-user-select:none;user-select:none}.hybrid a,.hybrid img{-webkit-touch-callout:none}

                                                                                                                                                                                                                        Chrome Cache Entry: 170

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 324 x 301, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9900
                                                                                                                                                                                                                        Entropy (8bit):7.934188853857167
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:iXQaYKgrIxLoLg80C12RERhu8lRtLJbl+XdopI09PpztnWQfXUBf/ILSJfflE0X5:Et8rS80RR0u8jpHLtnbvxLIa0j9
                                                                                                                                                                                                                        MD5:1DFE40576C21EC613CC401CE31DF6F8B
                                                                                                                                                                                                                        SHA1:9C5A65C4BAB90F6B4D70F419B3462AC6945B85E3
                                                                                                                                                                                                                        SHA-256:C2E7A0CBFF662D0692901ED08AA7EAD12D8E8F8556831A32E9EF42038ECEFFE8
                                                                                                                                                                                                                        SHA-512:32D9D4328FCAC3097FE0EFA2D81BCA932E2677DF3F220785FA8F695838B2C436E9C4EFC52F72FD60ED21FE754845607F9361B71A0261A682187CC4CA62AABEC9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...D...-.....G..f...VPLTE..................................................................................I..............L.......................U........O..[.....y..q.....{....._.....v..t..d..X..Q.....q.....z..m..i..}..f.....k..m.....s.....k..d..i..f..a..............R.....`....................................................................\..............................tRNS.. .._@.p.0......O@P.....\...$.IDATx....j.0..PY..`......JZp....|.,a.I.f..V....oV.pr6~q.}Gry....R.b....).....M..j],..r......}.......[.n.J.R.A...V.c....C.w..B...~...v....X..k.a...,....fE7..a.d9.X..H.N..n^..Pc.T...X.E.G........*......~*.F......Q..I.)R+..Xd..k.om2.....\B]J......7.....}9G.._sE#.P........{..}v.u$.....].Q_a.O..a.H.....+.........=.C".....uf..*..a<.=e=tp.....H......$.+A.....Wg!f_..[c.t......g.ZO...V"8x_X7b......n...+9.[..u.......i+.....).O......C.'cs...........x.a..'.....e... ......u.Bt}U.#...H..N|.5}u...........f..?..].....#.ljBYvE.../a...w..}.2iN..B%.&..D.0..+.

                                                                                                                                                                                                                        Chrome Cache Entry: 171

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64325
                                                                                                                                                                                                                        Entropy (8bit):7.967705821097859
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:zCw6Rco5a8qKG9WzlHCpyKfl301dtsb7/y:zMRL5HqNkCpFd5K
                                                                                                                                                                                                                        MD5:83D60FE0C5E9BD5838C3A173FA42E93F
                                                                                                                                                                                                                        SHA1:8828F2A8234DCEBFD7437D1534FF418519FA5B7D
                                                                                                                                                                                                                        SHA-256:320783C41ED98540738C723B56B4A048D0D33B7D7DA37C03CE9833D81E898801
                                                                                                                                                                                                                        SHA-512:DF601DEF87E690E8F64E21874D7E9F83D238AE51FCC8C0ACD8A75D971C6F98B6EEAC65564977758DA158FD9B3ABE6EF23C4546F29403BA3C107C632238FEA91E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............ooo.......................|...w.MJV...bW...q..]R|....ZT`.....n.k.aK!fZQLWJIU_V`....dU....WR].hN.cL...^L.cNVPZ.y@......]+...ROY..b.P...|7.........iX..i+dN.hN.<.aR.L.p0.G..2.|B..njK...j.1.........'...{:eeH.@.ZO..v.P"..`.....\T[.t:..{d[d......O. ...g-..VVMU..Z.,..D...5.Q......8.e...u...ub{=@.l......q.@Wr8.f".<..juP.+....^.d/.H@eP......@.n3}@.eX].z,..^..x..X_..Z.wR|jH.q8..vvT......Y..~@..z.Y6..C.f.......v..M.9.]-..a.,..}n`b...}.v(..n.V..F....sI.M......m9.|$..{&z]d.a....wL4s[.o?NjS..J_rQ..R..J.SF}j...B.|.eG.7ac0$XK8[L...|\...N$w....R...Z....gw...w.....bPaGV.T........`u.Y\........K,...Jv^e.}..s.t...m..moe4r................wijX.qC...d1^NS.q.f.m......G..mSO..Z.e....I.|TC....^......tRNS....3rT.....k....IDATx..=o.A...PB...8.Hq. #].....Km.O....K7.DOA...(.."..E*..OP3..3.6..`.y.........:wL&..d2.L&.....L..6..q./D07......u.@..Q]w..[..'k.....w7...-|m...z

                                                                                                                                                                                                                        Chrome Cache Entry: 172

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 644 x 1394, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):500143
                                                                                                                                                                                                                        Entropy (8bit):7.997463471995346
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:12288:wM/RXIaQptkpRnquUoIGaezl75XXt/cBNVPBwaR:wOIqHQVC7pXtUdZL
                                                                                                                                                                                                                        MD5:C99A57EDF453AD280BE2101ADFF1A8F4
                                                                                                                                                                                                                        SHA1:550A742C9D7856DB62CFCCDECB43DCACE7D758EB
                                                                                                                                                                                                                        SHA-256:87ADA15169D408E2AC3F82E6AA8B5C337398AFDBC6619E8409B40C2CA17CFD46
                                                                                                                                                                                                                        SHA-512:F148866610B2BCFA805544AE9EA2E54B0DD3323AA89DBD913AB4019B5862564A6C2159ED464BDB7B6A454134A407B39543A905331E55806AA884282950D9DCED
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/user-profile.a6a93e4d.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.......r.............pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6....IDATx.....q..U.{8.=...^.G$-Yj[.....@`:@.|J.@.....?.+..B.....5...r.... n.K.D..).(..)J.(...w<.a...[....U....P"iu?...>.Z5W.Z..0.....g..;DG....6..i7...).|............f....G.........SA.}..s....v.....o..d_...J.......t.....1]....;j.I......R`._'y|F...6..~...4T.(.37...W.mL..gM:......j...U..<.o|...C.S..N..3............/r....../..P2.;....E+.t|..g....1..<.^........j.......<..G....y..I.......?..!..~.{.....z...e..e...[..e..v'E......_/6y.pe.E..7.^.@..I....5m...W:...+....m...5.[A...\.z.]..W^-';.....t......B..)]....{...5.z....L..Z..s.....9.../.].7.WNK......

                                                                                                                                                                                                                        Chrome Cache Entry: 173

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 288 x 288, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10792
                                                                                                                                                                                                                        Entropy (8bit):7.928512726156912
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:hhbDB4gaxuT19SSZXbMyqx0kXFrtduepb1MI1w8M3Y9eNFUUyozDnkAQ3vU:7fB4gaxuXS0XbMyS0EdPpdM3FFmkDk18
                                                                                                                                                                                                                        MD5:85632BDF7020DF4019A08F5DE56B7BE4
                                                                                                                                                                                                                        SHA1:247E066BB8367E6750725693BE345553D4DD5E91
                                                                                                                                                                                                                        SHA-256:145D5C4071C5D749832B4568A0B8F688897F2ABB80A0B10BF0351F919B07F04C
                                                                                                                                                                                                                        SHA-512:4EB48499EDA7319A6885E7EAAE888C043DB909E0DA25C15FB9B01C5D85B7E9FDB926E9B16EE882B9E454CB0DE21EE0CD9EF181028ACC74B81516EC9653ED48F1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR... ... .....#]^.....PLTE.........................................................................................................................................................................................................................e$.......W#.[ .d".c".\..a".g'.......c".g#....] .......`#.j+.a".`".......}G.^-.m1.......^ ._"..._ .l-.w?.s9.Y#.....Y.W#.....M.c.........g.^!.d5.Y&.n!.....k.Z".]!.............yC.u<.k".....^..V..w....................|V.\"...........c.z........\#.v ...........t.s..Q.u...............|.X".f..k.........o5..............p.j>.q3.s.......}..k....p..........................._.........................d.vN.s"....................................................nC.{ ....................o..z...wJ.vA.m9.e+.l=.t..f..Z.j".q!....'....HtRNS.........(..>.0.......$..H.wc...ojS8..L.P,..pC.W`4....~]..t....zZ..c...&.IDATx..yP.u.........r.}...j.?~.N.(..@..!......C.....DG.#.X..GG.Q<P+j..v.5.1...6.~....I.d...C.x.

                                                                                                                                                                                                                        Chrome Cache Entry: 174

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999665450646417
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:GQdBM7DkTxhSANXFd9hls+35aN8jqNTYDNsJ0ty96hDi:VonkTxhSANXF/hl/5xqKDNsCyUNi
                                                                                                                                                                                                                        MD5:625A20F4620CC2DF50ADA562E68DBAF5
                                                                                                                                                                                                                        SHA1:16C9BE28CCC6741E20817FA2AC4A3D6D167995AC
                                                                                                                                                                                                                        SHA-256:4E36A74AF6448BDBAF5812DBBFD5951CFC50274C7E6B7DFD9A943013D68BD0B4
                                                                                                                                                                                                                        SHA-512:7B4D25197691957EFE7CBF56B10E2A4CA54E693B391E046D7348FB541775125B78750654CCE5B9CFB95872583B2C88B04B02009E06920BAE0BE14DE73B343A91
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:a
                                                                                                                                                                                                                        Preview:#h.G.J.........H...... ..i..^.....XXp..r[.g>....~6.........{...m..9i.f.L.......jb.Q...8..s:a...#............;*....H(J..K...+.|....<.......0.=.......u....2.3...D.E%T...L>..L.h.NP.........<.o....c....L2...}.p..'..hZ..C.]..:.6U......Z4h.l.P..".e.UJx.M.>.....L.m)..... ......t@t..=...ya(Z}.<B#...X..|Bx......v...} c.%./..8r./X0.K..i...e=.8..r....F.z<#=O. N.*....FT,)...........jSb.9... .T6.%...KQ'4.s....M.J.......D)....@Ep%.qYr..6..N...u.03.......$....>........1...r........rP.q.J3V.y?..fd=Gy....c..y..:...E;.b..cR.*..(.t..^.)i.4.Um{u!../........si./f."FE.&.9.bQ..]....}L.-A.YH....H..9..U..L........hX/.;.q4...bX.;.XGg.S..v..>F...)`..8.w..N-.a1.......p..C..$....m.0.o...-....]gD3...i...AS..f...p.L...pp9a...<;L.?.LM.....D?..E.........Q....{j..$..*.&.jFt..G.....:...U.aJn..!_...P8`.4jh.W....Yo:_hD..39v{..q...A..+x]b..ah.#Q......K..:.LJL......).....t+....D......'....#.G6.w.._.:..'N..y...-...<.5....2....M.........HJ...R.b.c...d...g....=.......U.K.

                                                                                                                                                                                                                        Chrome Cache Entry: 175

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):9918
                                                                                                                                                                                                                        Entropy (8bit):7.962775403040729
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:yDjwcupsSrn2B+S3PaZRVJce/Mb6FvQ9zVP5hHM1jAQ:A6Fm+rZ2kwumpP5hHM1EQ
                                                                                                                                                                                                                        MD5:F69698E47D99D8CEBC84D7CD529904F1
                                                                                                                                                                                                                        SHA1:74BFC9525829B58B49C67B4262229EA589F33994
                                                                                                                                                                                                                        SHA-256:8420A3DDF47F8EFCBDCC0A483B2CB8C949E02EB99930AB1F15755485C0EDE91C
                                                                                                                                                                                                                        SHA-512:34333AA0961E858B50EBFC67EAC10EFCA1347901F5524D85D05BDD97B2E6BB822FF9D7367A0BB8AC6BE1FB0B105B44D3218EED90293AB285362BA4D48E4236FE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-8.492bed09.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............B......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..$.IDATx..}{.].y.o.rE..ER.......*E.."Jmz..]..l.M[...4V.0J6Ec.-*.J..HE.-R.E#. ....y.fb...rb...zX$.(sE....Er.Lf.=..o....s.......s..{.7....9................"z..u..=`..sTS.)s.`.'.RS...E.r\m...9.L...1:.....ty..D..).H..6....v...5...Q..}..(;..uD......z.o..........X....@.{x.S..d..S...*....A&..r.$....4.Rs.A....|.Ga....UD.t.U....<..zr.[...*"I...r.}.@s.....l.VDt..$]...........xR.5.. ...H...1..X.P.v.?.....O...#b..I..0..n9.....~.._..'....|....!/Us...K.H.%D.i..n.$H...`...../=i.O..U.a..3....$Y"...i.m.h. ..............Y...h.w..$K...S.m.$CM...'k*X......!.d.`U.H

                                                                                                                                                                                                                        Chrome Cache Entry: 176

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 1570 x 1235, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):199208
                                                                                                                                                                                                                        Entropy (8bit):7.949718808846237
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:4CthhIhWl9r9cvgKicJH4ptsidifbavD1WZSycptum71/RkZxTQVSzaMbiaU:zthPRBk2TEf2L1Hyutjixc6aMY
                                                                                                                                                                                                                        MD5:98E298488EA8B5C55A4A16734393D65E
                                                                                                                                                                                                                        SHA1:9024EA8F496CD2AD0EA1555A0EFA908F02BEA544
                                                                                                                                                                                                                        SHA-256:5510987BB85305D341050282B4093B29BDB440A1DE11C976D52A2EDB668617F9
                                                                                                                                                                                                                        SHA-512:07CFAEB80F404E4281B1AECCC90A648F282D9381636A61E80C689F3CF8173381402FB1D926E4E94BC917B6833F3462539E8C9D47D7BB05D5E5877907FC239F18
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/page-3.88e518ac.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR..."................PLTE...........)...........................................................................................................................................................................................................................................................................................................................................................................................................................................................74-...)%....JC4.....vOLH....n....ygwpa.........ogY...YY[...[UFihkf_Q?>@...vvy-..........~....................X..............{....................?%.....zF...y.......wo..q.......`....\[q#......L.w~uD=.......V..I$X.......db..>Fg.q\......v....xx..k.W...."[.q........U...E....1..*...."tRNS................_.ierya.......1..a......IDATx............................................f........._.AUUUUUUUUUUUUUU.=8$......../L..........1c...(.n.>..B..J.,....kK...o.0 J.f...

                                                                                                                                                                                                                        Chrome Cache Entry: 177

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 248, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):57081
                                                                                                                                                                                                                        Entropy (8bit):7.985896019418537
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:edxFhMvVUhpos+XmSr05cvlHrezI+CIlhnZUDh:dVUhuj/0uycKNZmh
                                                                                                                                                                                                                        MD5:1E7C5EADB5E51E5F94DAF988419923DD
                                                                                                                                                                                                                        SHA1:A4C0FB87B0AA1B1C9D7944C2B5855BCD3ACE5F8C
                                                                                                                                                                                                                        SHA-256:25839FB3D654A4D8ECE9223531E4B8BF9DB30A125038E3D5F0F737D9CA3D0E3B
                                                                                                                                                                                                                        SHA-512:9CE5E57AAAFDEA324575A96D4FE8BBCF5A935F0CD2721374A814FB345033FFCF87CAD8FE698D59ACDC97E3FE0661B49962E54953BD47D7B98B7C2EE737F33AE9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-2.bb8e2315.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...............3.....PLTE...Lv.Eex+..C&.R/.......G]g<( \gnaG5<".px}...".....)..a..Z2....Q,.V/....K).....$!\.....R}._4.d8 F&.u..Ly.:.......e=%2".@".......8'.5+'......V.....]9#...z.....jA)...i..l="". ...........vA&2.....b.....A-#...Gt.......<1+......qE-}H+.............n..Xy.>72......MC<G;3...g.....^..d..........G4*...........)(*YF<...S=2...Rs..........PIE......B=<Bn...).....YOG...R5...p.....cTKEfu....Z:Lm{w~.sYJ302......|..@^kP4$_t}.....uH7p..~dS...n..bLA..}un...paWc}....}..|O;..............uojg\R...ilr_@0...Vlv.}v..|xw{.ma...78=.wkky.^YV...lgb.hAoqxVRQwh_gE8..plN@.J...{CCG.YDf`[9Vc.dM...oZKdo..^^ccfl.wa.(....xP...k,......mT.Z..x....w.!..bC[...<...GJLR.._.~4.S0.~.a).a.D ...\r.....o...qSV^.S'.8".|e..1.uF...=..hG.G.|K.o..l......[./....I...}...5.o%..Z..DR.R.....tRNS. .........s.....IDATx..?..Q...J..NB..k-....v@.....k3..} ..I!X.H.....X..`!.!...5<..{..fF...<....Lf3...y.#..O.XOG[:..:.7...z?~..)....~.j..5....9...G...h...Y.|.....i....

                                                                                                                                                                                                                        Chrome Cache Entry: 178

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 627 x 1356, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):73157
                                                                                                                                                                                                                        Entropy (8bit):7.982897369993432
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ZVdrqf5fw1w5hPYHZYVBwJB+eok/PQk3P3dsDhWFTuV2ohO:dMSWhPYkwJ0NoQk/3dahGus+O
                                                                                                                                                                                                                        MD5:3D2EC3CAD68BA80F42BD7FCFAD6628DB
                                                                                                                                                                                                                        SHA1:46404455CECBAE1AD6DC512B516A1E3F2395F023
                                                                                                                                                                                                                        SHA-256:443957598B75DAAD3A309B891A9C0A53DEFCE21D4B0C8AC9AB42D6E03009EC51
                                                                                                                                                                                                                        SHA-512:37BD42C05BF8DD32904B0262760A176A6CF524235EA4ABAF2078F2719C3E81A0B468006BB9097061D3B4637F97FC18EDECEEA8B5028176BD704DDAFF962FECE8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/phone.55b5179d.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...s...L.....c.......PLTE........................................................................................y..........\........................ ....................LLL......==>.....'......i...........J...........zz}...............................f................................N............U..........................]]_...^^t........ZZ\.................bc{.cX.lkm....XWov.....S...............,0...........R..d...........NJ_........P...............TPfV..21EFCV.........x...WL,..>;N............y.................~...................v..:..........vvw....nc.................Z..........!....tm...........KB.......{x %:jm........yj...u{.....w5............]Ye>>...........QQ.x..jg............@h...nmN.2...iZT......C....Y.....tRNS........f....mIDATx..Aj+G..C .72.Y..2.....A..,l|..M@........|..[..^......|.W...Ii.]3........g..b..hs}..~.^.t..n.2\...f.d.S'k..R....q2YN.6.ou..$...M~.......:g.....1.8b..M..u.

                                                                                                                                                                                                                        Chrome Cache Entry: 179

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 6410 x 1040, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):458472
                                                                                                                                                                                                                        Entropy (8bit):7.907759234052355
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:q6ekpbHldleM4XwMxMXV1V3irLm+xAVr6xhFUDe2D8SFUeOsSEiYzCQvhLB1zR:q6/bFCNXGyr65Ve2Deu8SRSvCCQdB5R
                                                                                                                                                                                                                        MD5:E401FD858AC3FC57E1A2AFF07709E145
                                                                                                                                                                                                                        SHA1:76AD3FC50BC33DA72BAAD02908A6BB570BE3735A
                                                                                                                                                                                                                        SHA-256:A97F46B492FAA4048454C01F323B19652C54EC9CC4F3BB4A908F180487A84897
                                                                                                                                                                                                                        SHA-512:0ECFE22F481A000A096F7D6EAF5AC651BF20B383BE51F7BF5040CBF9C25A9D7852F76EB281815AEE02094A7AF8B7515753BCD76BF9FD42A0203C58B34E632524
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............9U./....PLTE......hf[.....................?8?.v...........}..4.pho...|l.irX.aQq.1..YM?LGH........^V_.|<......bYZ.7..........x.....v.r>0M6+...|x.U5.o9s....A...UH...N.#......n=3..E.rC..x.......B...|.......-....l...o.@\..T$..............z0.......u.......o'yI)..................................3...S5.....g...<.................~.......I.....g..g2"....e~......r...Y........W.................]...0mC8.~....k..I.w. ).........x.a.....t!.3./...gP..P......5....r...........p.r...b..o.b\a..._|..tB- *G..PGy..|. .....;.v[RJP..V.a....Q .^...l.....nj..~.........^pnr.........P..!..P..{.s......N...jB./2........S]wQoq....th>[.O..dB...2_Mc...+.w.h]....Q7L......c....I.....J.{..;d.....%.....Ut....<...T.. G.]..p..j.....t.......=O..5.9z....wpF.c.....HtRNS..+)GD..~d..c.....7.m...J......R..............c........k.........;B.....OIDATx.........................................................................`..@.........TUUUUUUU

                                                                                                                                                                                                                        Chrome Cache Entry: 180

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 82 x 900, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):4121
                                                                                                                                                                                                                        Entropy (8bit):7.859900132218484
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:OZ2KKHDX6KfKSJNgLoot/tCUcWnL+aRGLJDD:8Kj9CegjJtC5WnqiGZ
                                                                                                                                                                                                                        MD5:A13B4636ED3593819041FC602DF9ED5C
                                                                                                                                                                                                                        SHA1:2433529C29FAFDAFA32FCA89B813C9E4BFF69F57
                                                                                                                                                                                                                        SHA-256:F35E49E254355130D7042EE1434FAD1DB7D6304264E5F31412CCFFAFCCAD6BE3
                                                                                                                                                                                                                        SHA-512:6D13C10CA6A4EBC8A8E611BF987DFA0E0BE305BDBE1C083F84069D2B69DEFAFECF6242AD9A29945759326490329047ED126827ADE703804AF912AEF461BD9851
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://vm.gtimg.cn/tencentvideo/txp/style/img/loading.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...R..........}.....]PLTE.....RT.i.c.7..j...e.7..}...f..f.7......e.7.....e..e.8.....7...f.~.....8...f..f....8...f............tRNS...!+/BKLXefg.......................NIDATx..]kw.8.ENB(0.K.c....&...!Yv.=..~.s..I..ea;..B.P(...B.P(.........(.......|.*...B...*KxE+..|...6.....AKY..~.. .w.)H...F.H.0J..4.s....B.P(...]+...AN.Q....8...J...`.Q.SB.9....3.}......../.ZP.A.B..!t.|.,\...^#.....OlE3..W;+.U..../..F..bK.......~.....n......:.e..c).wk......B..J...Xb......e......4............8.#.~..z..P.8e..i..V..T(..l4_^!w...;..B6..=......2..4...0e....e.....dQ.F<.7.......&...~....RTB.I(g6.O.b..{..;..|O.Z.*.O.b..AjR..X.3P..$...Bf..1.^.r..2...|...%...l....(...........<.......Pf.m....*.b.....#a...J..d.c..m(....l.:.E2...P}...wn.....%$..9.Y.)$Ug...."..v.cHd....0snSJd8....I=.b.N...jqE....-.f.Q..\:~..n:e....j.......7.)Mv(Q..F.2"..o1.A:%WB.P.~{%kz(..l..C....l&..t(...]&.9.#S_......bR....H...A..Df...c.......;..........L....p.,.W,.....c.,>.u"g...8,.)..t(MO.

                                                                                                                                                                                                                        Chrome Cache Entry: 181

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 863 x 1584, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1168126
                                                                                                                                                                                                                        Entropy (8bit):7.991501408732424
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:n6hPogblOenlw5jYtfzU2bTUKm4u0RJgjVL4fGqnhOWR8ybDcliMfs:n6hPo2ECS5ufzU2XUjd0TkV/E0YTbDkk
                                                                                                                                                                                                                        MD5:717967BDB03DEE08D45E00C98E1C7835
                                                                                                                                                                                                                        SHA1:997A961C2BCE7A02BCDAF5917B1A331563F19C7F
                                                                                                                                                                                                                        SHA-256:71EBB3BED948A2CF3113C87B8E67592CF0A65A5C6BF8509AA4885837FFAF53EC
                                                                                                                                                                                                                        SHA-512:A3C0DC87699C51412677560A9FAE7EBDA422497257F53872327B32E73B05B1411CAB9A32E72FCCD010DBBE0BCAB0DF39B64F00A507A42C648861B1FBBE654FBC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/page-2.f6af1bfb.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR..._...0........A....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6...?IDATx....e.&..:.0.S.$....+.'......C.PwQ.p....^...,....}.Z.B..a.`..... ...LT{.2. B....'.z..... .D...***.r...Q=D...G...]_.../...o..+.Y.O...O.t........qm;.o.K.....{e.9M....}..t.......3....5ux..m.f.......^...s...|.Y......Y.Ke=..w0...R......=.......\..>..t....uX.;......hd.....V.6.2.9...<....uK......y...x..eV....r=&.+...#yH...|a...~.l.<.G.f2.#]8..\....2]._.1...c=.v}...g.B....z..g........./.......Y..s>../9...s..t..}...z.l...^D[/.L{o...cKIQ.{.....V...n.@....2f..4.^6{u.DwV..(..i]/. 9.}..u..i.^...-3....A%_...{4g|.H.<...................-..?

                                                                                                                                                                                                                        Chrome Cache Entry: 182

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 374 x 374, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16911
                                                                                                                                                                                                                        Entropy (8bit):7.934373703337371
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:QSOW+DyEX3jVahDPxHnivjHpD1kvKURoCcmsaeXQr6o7:J+tWPliDx1qroCcmxcC
                                                                                                                                                                                                                        MD5:6B09F48B65A18886447C92B4F6285881
                                                                                                                                                                                                                        SHA1:EA811C1A652CAA584B91A500D2D92D6D924C8AB4
                                                                                                                                                                                                                        SHA-256:5B90F20FC8A9EE5CACC2A1E9A6ED72FFB1EEB183C770E67CA9190F6F7A883076
                                                                                                                                                                                                                        SHA-512:A41E6CC8C5CCF16FDB4F3B3B490CF0506B8C87A2F655A4A92AA6B213F2456B17CA133866F31CF327D14B7D3FDD60F34B3FF30DC1DEAA2C1656DF80088ADCACD6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...v...v.....M.CW....PLTE....#C..........Mg..5....Vt..G.;h..........<i.......<i..........=d.................9.........................:g.Ve..8.Xq..%.....@.7`.......Nc.......8`...................gs.....I..S.<c....bn.......bn................{M.............8h.X..Bo.......;j......................>k................5g./d.\...R.2e.Fq.*b..\.>m.T..$]..T.`...[..Y.&_..W.............)`.............Bl.....*...../.Px........%..............4........Z........... ....Y..d..^u..O._..6`.m...C.g..<g.Lt.......r..\p.......+\..8....0_..>.z..U{.iw..;.......'U....k..k..Tf.....T.j..8e.Q..e...........f}.2Z..J.................H....P..<`.C[.;Y.dy....Bb.cq....$Z..U.......)O..D....Vl..N..N.o.....Jd.J]..U."G.R_.NH....]l.h-._y.Gi....:.......|...@...r............<P.../E.|....^P.r{.|1..!.xC.rE.....a.N........JtRNS.. .\. ..g@.. `..c@...Y0p.g@0....1...?..p..........PP..v...$Bm|..>}IDATx..............................].wM#....#.^.b".Z.B.C.....B...R..%M.. ..r...!......(n.I(..rE.t..?......

                                                                                                                                                                                                                        Chrome Cache Entry: 183

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 288 x 288, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):20188
                                                                                                                                                                                                                        Entropy (8bit):7.96819634126776
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:IToO30LgfBM/XFvwdIOnPI828bN8iXF8GRlCjhjUX056yZaxdd:Ij30MZMF0nPYiFi1UX0IyZs
                                                                                                                                                                                                                        MD5:8E76F959C9AECA3A6E98925F144534C7
                                                                                                                                                                                                                        SHA1:32AFA8E3D4AE23A247F4C4050A78DAD8CD94EAF3
                                                                                                                                                                                                                        SHA-256:BE75A2541B9C61B869386FAD474A462EEBD8B735771B5F79B768BC09D9DE8897
                                                                                                                                                                                                                        SHA-512:A62295B6307C15486E5BC88389E14B51B7AAE52503C74C652AC6B2E7B3CD4299908BAFDC2E1D08DA5CFBA1DC3C290FD840A8796A4AD401E4942A0D2B54F339D1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-1.b1b04c2f.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR... ... .....#]^.....PLTE..........................................................................................................................................n.@..................r.>...........@..?......x.?...z.=v.={.@....C..@..F..C..E...t.=^.7w.Dq.A...t.C...m.?...{.F...........J}.H.......N.........k.=..P.......L....R..T..".............K.............6........F........i.<...Y.*.....1.....Qi.:...a.7c.4.......?e.;..w..Z....Q..4...c.5........]..(.....u..hd.9..-.........p.2..+..(..............g..C............;....-.............V.....h.:^./S.$.....F~.9..$...........|.0.........B..1..*.....'...c.8i.3~..........T............v..e..6................\.!.....cc.".....!.....sr.......h..P..%................sr.8...............................*i....z.. ......-tRNS...........N".)..V..wn.^@.e/.4G;8..........g..KaIDATx....p....R.\Z(........;.. ...I..c.P...BDM..>V"..w0q..w....1...Ll.......M...I..sN...g.O<.$....O#L...?...=.0V...W....5.

                                                                                                                                                                                                                        Chrome Cache Entry: 184

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):40507
                                                                                                                                                                                                                        Entropy (8bit):7.961167183634244
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:cunsBJA+Zn8kDVhXUFF/rNRrqgWoAVo1Sedo1czCXW5X6ugWxr8pQLvfimQMK7N:cjBJJZn88VpUXxRqgWocQSedo1ICG56p
                                                                                                                                                                                                                        MD5:DC7EAE4CB33CFD503A7392EAA24337CA
                                                                                                                                                                                                                        SHA1:6D23C2E24E655F16025003BE66EF31FAE0EDF45F
                                                                                                                                                                                                                        SHA-256:1F9114E36F9EF6B3F7B8CE4CD507BDD4AF2DA47178CE5F32402DCD63723ADF85
                                                                                                                                                                                                                        SHA-512:A92D5E4A4173BD2B86BD6258ABB01FB263C6AE125E1DA4644EEFB3522EEC0651F3779B2692845CCE0958E80DC0BC08AD167ECBE4AF11CA7DDDAF5D542BCC788A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE.....RUI,*.Z]l......."D.NSh9:......px.}..bi.~..ju.48.@E....Be...KM.......Ve...~..9......llw.:?R...QIy......zv\AI...l.........NRI...`...q{..............D..B.....=............................{..w..k.....s......................m.....e..l..|..q..r..`.....~a........................xX................njPxqR..vtb..x.....idF.....}......_cX.p...x]]B*.#........hmc..{{m.....{.......b....)..........o.......i.........."...Y...x.........HM7....7....|......d.X........`......O.".....*.|V....~........C..&$....._.Z[....".27/.-...M[X........s...Y....ki........../.cu[a........X.&......XG|-9.=........{q...OM.K8Gw:.BK....0..3 .....mo......{h.C.|.....}j.._.....D....o.=....j..Ve...cw..b3.ui~...(......I.F....;...?....Ce...;tRNS....%0...N.H..C..r..c.....J.g.}.{.......}...........x...w.h....IDATx..?L.Q..y.......^.q...p.AD.J..I..i..`;4.....$.c0.4..)c..c.M...4L..K.N...{w..o...,..[>|......$E...?..

                                                                                                                                                                                                                        Chrome Cache Entry: 185

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 688 x 934, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):94725
                                                                                                                                                                                                                        Entropy (8bit):7.9541927351780926
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:qR2+4tfZ8/+N1VYRiY26fwtwdnljQatc0xvwPYld3/JEqMpDg3CiThcY/:62JtfZ8i8EJ67IMc0xvBld3/uqMpU3C6
                                                                                                                                                                                                                        MD5:95A95007010FA30BA35C88F23C05F5BB
                                                                                                                                                                                                                        SHA1:AAFA96CCDEA967AC0B01BC6AE05386ADBF7C6CA7
                                                                                                                                                                                                                        SHA-256:9053033D37404F80449CF72C06F0FF9DC7ABF1CC7678749E0D645306EADA664C
                                                                                                                                                                                                                        SHA-512:4E6EE304A378F8898DF811B6FA5611ADC22ACB10C7D9F3F96F001B0165A2E4E6E98B02DFF4FDE9CAE4D878F9493389D6883E2B7C665AF020AADE71C7E7D923EB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............$bV.....PLTE......^`....V\}...FJl...........................P8Dag....CBa......VUwej...................<>cN...42P........................................................................................~...............................WVx............jj."Dj..................x.....qp.......77X?>a.......ed.^]~PNq.....z|..............4..................V..vw.//N...W........xq....&&E................pj...*KHg.........SX......~x.Q.....IO|...................C..'Oy5...t...BGp.3Y!.9......../\.q...........E..]b.hau......nx....]..9i...............J..hp.`.......T....._k...A........|..>..Fw..4{.....l......px.`Xj...U.'4..{l.zti.....la(..Q..ZT<..n*/.....:<.IG.kd......e......q.i.....ZT...sv....n{...~^d.cb.;>.7R7......$tRNS..';JgktL...d|......................n.IDATx..=r.1...qck$Wn.q.E.^...]\0...7.yr..Ke..V...!..o0....;..x~9.....o....|~zzz|x8L&..]....Y...%........iZ;./xx:...wS.RJ-Rk.k....

                                                                                                                                                                                                                        Chrome Cache Entry: 186

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):78041
                                                                                                                                                                                                                        Entropy (8bit):7.994232648382918
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:1536:IKiW1ekBKCgKIxaAgkCgeCZwrDe4f+XwyISuI5ofFDRUI5K3dos:IceCgKGlgkMPrDe4fNkofFDRUj3P
                                                                                                                                                                                                                        MD5:517898A28FDC274A85B7D9CAC871418C
                                                                                                                                                                                                                        SHA1:DC4515A9663955E842D8BD4083B5CB1095779BED
                                                                                                                                                                                                                        SHA-256:5AA735F3747384609123A6FA0E7372D79A66D62EDFCB15991DDA844F146D5802
                                                                                                                                                                                                                        SHA-512:6EC89AAE3FA1C9C1D44B4A0EA20D6E6A82AADD93B03B8C0CEF0C1C6C668F3AA12E29CA3C24606F96607D3C7F7C8DE1545D38384B052B3B57A5096DD6519B90D2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTER`l................bu...............................................*37...0?F..........;B..................+7=?NX5AE...6EL2BJ\s.=KT...3>BBVcBR\GU^1:=...:HQ...du.<R_w...........Vo..../58.........^v.Ss.KYbT`i;EF...ky....n..G[h.........Nfv...'/2XfqOi|O\e..._nzG^nx..epy...^js......t}.......8MZ...^|.........Vw.......Obp...o.....i.....Ow....On.lv~..........................{.....s..L^k.....g.....m.....YdkV}.>HK...........VjxKq.f{.BYh......GQU...y.....................Gcu...`.....~..`..a.._..4GRs..T..u.........k..ELN.............V..NVZj..U.....9?@......Fm.................Kz.z........x.....x.....Eg~x..>\o......{..:Vg................l........ttu........V\^gkm...i....cbbF........i...]...#&..y.......vib...TQO6b..tl...F....`XV...5o...........tRNS0./.0..O.OOOOO.OOm.W...-zIDATx..1..D...Q.B.d.0L.d.).l.|.{.o{A..F...b+r....ie%.......mD.._a.....W.$.L&.Iv.y...^9...._f.^.7..Z.T._r<..0...^a....6.4...fe....z%..^....F.%f..N..

                                                                                                                                                                                                                        Chrome Cache Entry: 187

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 868 x 1592, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):186062
                                                                                                                                                                                                                        Entropy (8bit):7.976052427970381
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:U4YQ/YltYaktLa++NlpHMSH4v85WebWBHcB5lRrKN2ciWxIjLY70IKEzmdoolifA:U4Y0akVaFzHMSYv8tbWBHcBL5lciHYz4
                                                                                                                                                                                                                        MD5:1802AB075609934B68B194238808E6DA
                                                                                                                                                                                                                        SHA1:27B1C78682B1D25F3EE89A1EF0593EFEA070F5A5
                                                                                                                                                                                                                        SHA-256:49FB5963C746A33F9942D3CE39DEBB364350D0036871B5B369D25FF4AC15148B
                                                                                                                                                                                                                        SHA-512:BBA048B2986AACFE7041D351D658121121F8830EFD11776DDAA6D1F3C9BB4749C84BDC0E78958870B5EA610FBA9CAEE07F19BD5AC4958FBE4EDEC6A5CF9C78D6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/page-1.9d39f9ad.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...d...8......B......PLTE....9}.:}.:~.;~...9b............................................".._^^...........$...?A@9...........*/5S.....63>$'11.9M..9....2KO\DGT78G........rmn...q..'*E.............:@Thn}PKQ=C`B?KM_.QYu...FMj0..(;:b[iZP]...Zd.iQR.....c..nbdC..,4X\h.RZd....~..|uyNh.r|......Q@B;X.\HKi{.io.#[.fauq..Zt..nf.,VF6:`.....2E.z................p........6$4i*DqASz\go...^...^.50...Vy.i.....=e.:w........Kg.|k.[..!k........XF)....x...zm.aY...-D.4T.....................h............/*D.........g......lE..8....g6 ..$y.;.......KP.}s..s........$....C.....z.....g..jK.L.I)...`..eh.i...Yt.......Y..c1a.@..z.........r......\.T<....H`..A".h.Ak..&..l.....S=...q.Tf...]..)...HH.S#<..S..w.. ..zP.......mA;...%....w0.DW.p/k.....Gs..YT.e...k....{s...6./.....tRNS.....54.r...[...wIDATx............................................f..a ...?.fo3...e..PpdY.@.R..`0.....`0.....`0....c0..x....,...?.^.%.T.P..l..L...C.K.!.....(...b^Q.<..d....A<.N

                                                                                                                                                                                                                        Chrome Cache Entry: 188

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):40692
                                                                                                                                                                                                                        Entropy (8bit):7.9933925282665985
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:768:xAsCfydVtG1MmhJwT9T2R1FeFHmEqQhqV88lLC54PxoxYN4TXHkhEEbbjzn9Ahtb:WoVk3DwV2R1F1whqVRdB8aUXEhzrjGhd
                                                                                                                                                                                                                        MD5:2B17D75B6D85869E08D91FA63AD3A8C2
                                                                                                                                                                                                                        SHA1:617D92A3E95A5716CC29B763629144B24F75A157
                                                                                                                                                                                                                        SHA-256:3B4CE80D4FCA4E3CBD53508F037E623F43C1BBE823EDEA2EFBCE052BFAB8F4EB
                                                                                                                                                                                                                        SHA-512:27DA2CE5E613CB8C53148E7CB898E7EDE8FB4955EF3D84716A1F99CF6F0A86D22045ACB195BAF6DEEC7EB1CF0538D0900D1518D69FAC463012EAE709453E4A0C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:RIFF...WEBPVP8X..............ALPH[.....0...BA.F...........dI.................................................................N..VP8 j....,...*....>m2.I$%....I....gns.:......m.->>9.4.t.7...M.n......O.|.;.|o....>....pt}.....O..........z.%..P.......|/R....Py..@.%.?...../z. +.~.=.....|......}..?.^.......b......e......lZ.......@....@.Q|.......;)h........N.Z..../y..<.N...=...~2....8...g]......8e....3..>0<6"..Y...q.?.&..........DpB.n..`'eX.P.#$...Wa..`D..mK.i..6#.p.........!.w.~4.3....!..G6.*/..'\.&.....[.T~..>.%...|.0.d..[Q.K.$.....CF..RF".wW.:....K(..$/...CU.oG:.....Y..|..........?.2.....Km..F...B...0.1.{..<.......t;I.....6..9Wq.H..+r.b..Rt...!wk...E5....*/....d..Xd.f....C.......T.[.B...+...W.p.n..U.$.?.l.....wbM..b.".\5.7Y.[k..@s./..}......fY.B.W.......r....f....C ..,8.F#.e...:u.|a........-x.P.@...6c!..D.#.p........ .?..]../...g.o...k....6Ce>i2f..I}Ab..Zl.;.. ....?.(...9C..d.r.r.q<.?.R.w.[B...W... B....|^>1..X....R....pd......?..f..s....z.._.}YM.

                                                                                                                                                                                                                        Chrome Cache Entry: 189

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 537, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):81200
                                                                                                                                                                                                                        Entropy (8bit):7.967787281945485
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ymecUzyL/bOg1mo75pToXnb4Iaks5WEQrOL2OP9oUgTs46o4:ymecUzGSg0oIIJQmP9ATs469
                                                                                                                                                                                                                        MD5:09E326456A0BE10523FF5DE020282745
                                                                                                                                                                                                                        SHA1:58CA5B81684C13BCCE4CF9FCCE40F5DF7993EF64
                                                                                                                                                                                                                        SHA-256:11B17AB71623BAD8C73AC2D714F09A517DA83A57C47D7AD1CA191814D17C8FE1
                                                                                                                                                                                                                        SHA-512:CB4F28659B515D6C7DF3596CE4E5AAB518B24F9445DAC89A9381515955D6764DF6B52DE4D5DB53BFD63AF947EC2547CDABB50E8BA85BAC08517B973A235F16EE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............%.....PLTE..............z{{..........................n.g8..rh...s7o...h9.d7.j>....o>.m?.rD.p3.r@...J...y:.j;P.....L.m=b....w...x6.m2....d6.l9.|<.xI.......uC.w>.|A.W....pDP~.....`5..QI{...>.z..uK..]5...s.Y.t4._Qp.u6.T-v..Dz..{R...~.....a.}O.........F..........d.i.m..i....:....y4..{=KE`.sL.}H..X^B7.[1.P.kZ..r...X.^....eZy..b..`.b<.v...r.q-{...L.hTq.T....|...II..}Doo.D,...^.|.kEL{u..kl8*s.zT3+h......|Y...S.z{..@v..A.F87.W3.........p`{.7%.[W.t......>+.M.........B.<:j.p..WLg...[.j..r2_..|.ma.yJ9....w.b?..pBbd..3Pyc.VIc..Sg^.FG.d-..|....Z....1.y....7($~j....m."..w..fnz^..Mt.:..|..r............zj..p......d.}...M.rM.....b...kh~]Ud[F.....k.^D.......ra......N.tf.V.....Y.m<`.)...PRt....=o...qh......u...7...tb....f+w{....tRNS....U9.w..o...@../..9.IDATx...j"g....nI.....Z!a"..l.0B.h...Q.("1......x.......W.3o.x'..>...d&....MR.g......|..o....................Z...T..Z..|.4...@2...O^......:T...O.&

                                                                                                                                                                                                                        Chrome Cache Entry: 190

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 121 x 121, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8572
                                                                                                                                                                                                                        Entropy (8bit):7.961319566836723
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:5tLPUKXcqURgyabfPPh17y7zef/UUQ/62yphvwKNayVVrkkXqeX+w:nIKqRgpb3Ph17y7z/P/ypmKNa4ZkkXqM
                                                                                                                                                                                                                        MD5:7941843909C59494F533B7D9A78E36F7
                                                                                                                                                                                                                        SHA1:A325976F99A1EE4EAE8070E8BD6619B5B7961076
                                                                                                                                                                                                                        SHA-256:C91EF947A92830BBC926507D00486B5A45122F87796FE5E3D2849E77FBDBAA09
                                                                                                                                                                                                                        SHA-512:BFBD0EAE0CFFC5F5F656E976BD1E376C633E720903DF20DEA1D25767053E8AB3CE30C60A04F86C2667DF454F907CCC2FD9DC9C4059D0E9F37544347F731F8723
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...y...y.....*$~{....PLTE......alow........`opHSYGQV@IOKUWHRV...MX]DOTFOU............GQV........................qzxHRX.........y................................ZegLW]S]_.........Xce.........T_bFQS......]hjOZ]......VacP[`...itvITV...............GRXJTZ^ilx.....oz|mwz..!...~...........cmo`kn......r~.......KVY...juz...............u.......$frtalsr}.doru..CMP......R]b~...........z..wsr.........""&..!...|.....zvuDGJrnoDNU......&%)|xxNWZCIRKLP......mx~.|}dnu6:?..%.........p{.gqxpkk.25.........{.....x..upp&)-...+*/......kgh:=G=<=..".........ORU..........}{nrv!&*LHI97:...~zz>?C16:546...\`dFBC/.1......inr?CG."'.........z..c__......QV`.........13>...x|~ehl!. ty|vtx--7(.1. +........gcd............VUV......|..TPP"&/......lkmW[c...qpt]Z[.......................tv.......\`n........z....&tRNS.@@@$@..v. B@...z._.....e..0........p.....IDATh..]hRa....E.M.].:..:...h0.n0i..n..5..j...P...,..O.9.fD..3.&...6[l..+.5.$.....R.._.9?...y..uU....4........f#...$.......64h..bTck.V.I.s

                                                                                                                                                                                                                        Chrome Cache Entry: 191

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 795 x 1537, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):542510
                                                                                                                                                                                                                        Entropy (8bit):7.982870793616109
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:ghWGsIHttizdlq40Q1XUVAAo0B+EmJK6HOiQN8PtJOx6GFiEe:g5tqXyG0B+LI4ntUFch
                                                                                                                                                                                                                        MD5:01F2EF8C6EAD93573EF6B0F02174B65A
                                                                                                                                                                                                                        SHA1:D96ABFC9DAE3353B67C1F442865577B14C950B4C
                                                                                                                                                                                                                        SHA-256:52E9890D61E298CE3E7A68E22A7A22719AD34CDB590B60EAD170281CD9D39948
                                                                                                                                                                                                                        SHA-512:5351C8BDD1F46636C49A2A08A08720C33B878B233E7C7328EB8F9BC038B3280D3E58A4A65BBD740DA06F6707DFFD91E0D6D59BF297367BA148D63ADED37C4C6E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR....................pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..EoIDATx..}..].Y..V......X.ZdY1..{.C.MC .[.mC...W.YB.i!.B....Y....-m.....M...4...IH!lR.w..1...,...V.wmiO......3..d[...Iw.9s...s.....".......................................................................................................................................................TUU.......b...b.....|.M.m....O..k..i...)}.~\.o.......!..k......Y.Z{<..O.=.=w!.mxo..........j./.?...^^..q.y..~.<.32.........|...dK` ..e#.a...").....W%E....u.qz^......F..k..A.-j..G...;....weW..M}DC.^.+.....$.2.7...\czZ.!.....k./.e.hWZv./EC...L...r.......}...G.]q'$........6m

                                                                                                                                                                                                                        Chrome Cache Entry: 192

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):80
                                                                                                                                                                                                                        Entropy (8bit):4.531198332810094
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:mSfeSHeSHI2A2KtkR12KvmCGG5Z:mSfVVd3VQfFwZ
                                                                                                                                                                                                                        MD5:F3D441D0F20CD2706207DF135E0DA94F
                                                                                                                                                                                                                        SHA1:3BFBD9D92603543EAC2C0350169A1E1A768AD332
                                                                                                                                                                                                                        SHA-256:AC4108B4E0F0B67C7FE1989AD652C3E3958C6AB93E4AB643AB4DC18BF587AA3A
                                                                                                                                                                                                                        SHA-512:9C68064E8C5E75B5A2C13DCE4DAA9E94DA4F95D274EF59DED2A5D75BF0468A491DE754FE6213C35A4F2C5D18686108E6027E53EAED8C9FAE6FBB16740DCDEDE9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSHgmr-FMc7cF-YBIFDQbtu_8SBQ0G7bv_EgUNBu27_xIXCa9pZ80y5irREgUNBu27_xIFDQbtu_8SEAn9dg8S3dslBhIFDQbtu_8=?alt=proto
                                                                                                                                                                                                                        Preview:ChsKBw0G7bv/GgAKBw0G7bv/GgAKBw0G7bv/GgAKEgoHDQbtu/8aAAoHDQbtu/8aAAoJCgcNBu27/xoA

                                                                                                                                                                                                                        Chrome Cache Entry: 193

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):491032
                                                                                                                                                                                                                        Entropy (8bit):7.91611589130438
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:NJJS1PJ8HL7n3QXKCtrQaAm39OC0QQ/9bF1Hl2ClcK:rJS1yHn3QaCtrQBCE9bF1sOT
                                                                                                                                                                                                                        MD5:A1C1D4603A351AAE10CD86AA92FF3EB2
                                                                                                                                                                                                                        SHA1:A266E3125587AB96B78E09BE59AA8CE31410D91E
                                                                                                                                                                                                                        SHA-256:ED2C36A84C71C97FAF4BCE41C544504B2F718EAE41061310F78334407F495E69
                                                                                                                                                                                                                        SHA-512:1B13C6078D423D9A9D31142DB7CCFD45774D89BB20CB43B78F137BBB22946B5676A879A08903370BD111CC0CE47E03047FC6C367EA25D9B99CFE4EABD5321001
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9_1080.mp4:2f7012f3ba1a96:0
                                                                                                                                                                                                                        Preview:... ftypisom....isomiso2avc1mp41..s8moov...lmvhd...................@................................................@.................................:.trak...\tkhd........................................................................@........8.....$edts....elst......................:Lmdia... mdhd..............]... .U......-hdlr........vide............VideoHandler...9.minf....vmhd...............$dinf....dref............url ......9.stbl....stsd............avc1...........................8.H...H...............................................5avcC.d.2....gd.2.r....................&...h.9DHD....stts...........!.......hstss...................6...i...............)...A...x...........$...N...g...................I...g.......Hctts......................'...............................................N ......'................................................................p.......................................................p.......................p...............p..............N ......'.....

                                                                                                                                                                                                                        Chrome Cache Entry: 194

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 6410 x 1040, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):458472
                                                                                                                                                                                                                        Entropy (8bit):7.907759234052355
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:q6ekpbHldleM4XwMxMXV1V3irLm+xAVr6xhFUDe2D8SFUeOsSEiYzCQvhLB1zR:q6/bFCNXGyr65Ve2Deu8SRSvCCQdB5R
                                                                                                                                                                                                                        MD5:E401FD858AC3FC57E1A2AFF07709E145
                                                                                                                                                                                                                        SHA1:76AD3FC50BC33DA72BAAD02908A6BB570BE3735A
                                                                                                                                                                                                                        SHA-256:A97F46B492FAA4048454C01F323B19652C54EC9CC4F3BB4A908F180487A84897
                                                                                                                                                                                                                        SHA-512:0ECFE22F481A000A096F7D6EAF5AC651BF20B383BE51F7BF5040CBF9C25A9D7852F76EB281815AEE02094A7AF8B7515753BCD76BF9FD42A0203C58B34E632524
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/preview-all.ad0b1649.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............9U./....PLTE......hf[.....................?8?.v...........}..4.pho...|l.irX.aQq.1..YM?LGH........^V_.|<......bYZ.7..........x.....v.r>0M6+...|x.U5.o9s....A...UH...N.#......n=3..E.rC..x.......B...|.......-....l...o.@\..T$..............z0.......u.......o'yI)..................................3...S5.....g...<.................~.......I.....g..g2"....e~......r...Y........W.................]...0mC8.~....k..I.w. ).........x.a.....t!.3./...gP..P......5....r...........p.r...b..o.b\a..._|..tB- *G..PGy..|. .....;.v[RJP..V.a....Q .^...l.....nj..~.........^pnr.........P..!..P..{.s......N...jB./2........S]wQoq....th>[.O..dB...2_Mc...+.w.h]....Q7L......c....I.....J.{..;d.....%.....Ut....<...T.. G.]..p..j.....t.......=O..5.9z....wpF.c.....HtRNS..+)GD..~d..c.....7.m...J......R..............c........k.........;B.....OIDATx.........................................................................`..@.........TUUUUUUU

                                                                                                                                                                                                                        Chrome Cache Entry: 195

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 113 x 111, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):15596
                                                                                                                                                                                                                        Entropy (8bit):7.9763092156654105
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:VmgxeuEZVy3nfBsKu4dgFIvUaMUUaLEI1uUKG:VjoVyJAmgW8IEWunG
                                                                                                                                                                                                                        MD5:405EFA58AADC182793EE0EFEC2D849C7
                                                                                                                                                                                                                        SHA1:B4EC2780644B2C5498FADC39126CE2FB5306DE89
                                                                                                                                                                                                                        SHA-256:91264AEC36D0386073531F5D5F4A135FFB4AC2BEC2FE45E2DFD0A495A0B08DBC
                                                                                                                                                                                                                        SHA-512:102A3C3218A80994700EFBACEDAFB7F636CFAC6E5035AFD5DA3B16CA8DC16BE8A0F30805F8D001D4ECB34B2C24EDFC14F23CBF2F0F5C8AC34CA35D056D18E5EA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-5.8836fb89.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...q...o....../;....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..;-IDATx..}..]Uy..p.;..n..@..$(..AQ..E.Z).....>K..}}m.......hm.___...S.*$*P@...0.&!sr.........^g..f..?Y......}.^.........u....&..V.\8...W,..i.....{[oo.K7.t....$...v.../... ...R....e...<..o.sxx..x............}_J9 ..\.p/.0\.@~w.5..F...."..8..R).M../.8.s..$F..J./..-n'.ND....;.....AC....<A"....x```|.......a.y......`..#..x.$F.=..$@...B...o...Dd..#......L.".x$J.kI....t+..wx... ....kH..k.....B0.$b.b5l..K/...~....".....l..Kf..".c:.E*.I...4r~.~..q.....]..H..H&...u......I.#..l<. "..D0Z.<.z...].....k.g~......,JI.RC.Ll.M..n..D..WmkT..C=.....JvI...g..9..

                                                                                                                                                                                                                        Chrome Cache Entry: 196

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 1272 x 967, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):200887
                                                                                                                                                                                                                        Entropy (8bit):7.978433783839488
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:xvm/YA+XXWKJqC4E33iTG/RVDoqjKuH02eF2:o/WXWTEHiTG/RVDFjKu9e8
                                                                                                                                                                                                                        MD5:EDBAB82D8BA30C28D104494FC12827F7
                                                                                                                                                                                                                        SHA1:2BAA1832A50962487FA6A974ED034367E0A655A3
                                                                                                                                                                                                                        SHA-256:73B55664C9A77FD8495A153D5801CAE0791708E2506345E792A776E81685936F
                                                                                                                                                                                                                        SHA-512:643419F0D12469272EB4EAB76A539127F7FEB63F5D75B2D04E3D624885AE7A3701559E8CAA7A0CD0CC835D6E9BB4E8F0C252A52BC3E444344D77B0C88F842E38
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/page-1.5a6a85fe.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................^....PLTE..........................z..........[.......~.................FGG....................................................................................~~....... !$.....A@A97=222...................QQQ........omo..A..........#Lvuw```........+*)...*9j............(+;......$/]..............III...........[l.........4......ffiXX[.....c....%,Qw..x..8..Rd....r.....BT.Me....~..at...........pv.s..L].Nn.5I....o..Vz.g.....il.=LtV..{..5;Q}..=Fbs...l}.Vt.e..JSh?Y.ADRHNZS]r\e}N..........1Dt......\........,>>f.......B_.`..bv.l....yZ\...-x...O..:.....'Q..b...%]...........}sQ..C....ngNR......dXi....lg}........mi......:.Byh.VAG.-.....^C....a4!.......G...7c...@B...I(M..wE.p..u.......`m2z.N;.O' ....m.c......-..F..OO.......k....M....tRNS....................h..8........QIDATx...1.. ..@...N.%.@....................................L.8..g...Y:z....V...y.n...(.Z.&._~.....gFK..0.%...2.nOw:.E%.X.IC.)*..BTm..D,.:.u..LR.\..

                                                                                                                                                                                                                        Chrome Cache Entry: 197

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 208 x 208, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8337
                                                                                                                                                                                                                        Entropy (8bit):7.922684154713854
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:5ADPa0oXZ6jkudR2KsmA+FHbzfqCTrvvaY+E9tcPxsr2VMn:52azpUj2Km+KCTrvvaPE9tESn
                                                                                                                                                                                                                        MD5:FBE6B924EAB40D73B0E3F142E6601562
                                                                                                                                                                                                                        SHA1:1582C7A664D5A0CB42A8C767C21617C4482AF40C
                                                                                                                                                                                                                        SHA-256:FCBBC36CE022D677E4BFC53A6E1CB0CCF287154A4727D77F5F27EF4C6A820A9D
                                                                                                                                                                                                                        SHA-512:2BA1C9AD6FC30C5A844119B6FC682D9FB94A240F095F480D8706DB35453B84E73FC5E0B3B5B788F7F6A29E3FE6775882BB04F6E4A0C7CEE283AEF6B4792B6F25
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............Az.F....PLTE....R..Q..K.u......)........%z....,..4..*......z.......-...}..........".........y.......5w..........(..&..0........&.............7.....i.................i....-..!}.............................................\........./..4..)..9.."..*..6.....:.C......%.D.............s....4.....:..1...........$....."...........'.................2..-........................x.....l....#......w.._...C.e.......-...........=...u................,.........x...........|.....~.......... ...o.....v.....z.........................................G........M..|.......*...o.....U..N..h.....j.....X.....z..q..S..a...........p..b..[........Z....:.H.y!.N...Pi.......c.6..JC....*....6..N....=........{889....Z....211..,....4.(..W.4.i ...?AE,,,.{........<...]cmt..LOU...kq}.;.....KtRNS.......3':.N..P....d.F o.vb..W..~..m.....!......e...B....z...............IDATx...1..0..qHc..7...p.Hi.2R.=...di.(9.{.)r....a.....yK .m....'&.O..(...B.P(...B.P(....]".....ISk.

                                                                                                                                                                                                                        Chrome Cache Entry: 198

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):34850
                                                                                                                                                                                                                        Entropy (8bit):7.97508088854308
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:08UOOsZBoSdrXgf/mz+KOGesdq3xNeBG5GUEB4r:iO7oSC/mCbI+HoINCy
                                                                                                                                                                                                                        MD5:39E35891E9266850A457CB7B868C3760
                                                                                                                                                                                                                        SHA1:562C2FAA7DD1DF7D34DF09146E2058A5F8CFED6B
                                                                                                                                                                                                                        SHA-256:3768E6BCAD89790FD98B0E234AB256DFDA9654646060D672A8686207494DF7B2
                                                                                                                                                                                                                        SHA-512:6C0640E08525989DD15F07282474002A806C8AFACBFE7888E40FB876C7179CD6025D90B9781DD966CCACDE16FB1774E1F1A99652BADAAF68C2F69C996E6F1548
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE...5/0DNm1,/..802#..##)=E_..n.xt....i..",*.BJd...hD#...BJf.r?Q8$..O...S.so.sL&..A....m0uP(....yw.zr..C.~=.j..`.(&* .#$#'**//-1..................315958....,.74)&...#%/9/+...;:>......,$#......%.#..s...).....B>A.~"..24= ......mQ8#..)+0>=,".x.g...HCFA4*...nK,*...aG1!2$..qK9,..y...`C*eI/2..;%.[>%.h3 )sP/iE%..nV?/..FNHK....ejM8C46.].H.h2.Z.@R0....\9.F+.._...[1WKN.n:.Y.v\SV.a5....uT9f?.16I.U.P.{@.R.K.d7.wC=&0rF...D.Z,|S/..]..L.S%.j............[wM%.P..O.Z=.q9...]A;......O8>z[3..B:>P.....k@.7...dA...t6.`-.:i_].d......ukj.....|O.....{2..L._%.z..V!.i+...WR.c\.nk.sgtKL.l..tL...x~.o.KH..a.up._..r&.4..._`.7:.~............qo.}Q.]Y...............^y.........t...........\.....vMe.XT..j.WT........i.-.......'....)tRNS...0.S.i..%.........L.L.t....l.......A......IDATx...n.0.......%/a.W.~"K.|..........w~..M;m.Fn...)$...ccg.....g.y(I.........R..=....yT.......w..}...O.JR*....|=...&.2.>

                                                                                                                                                                                                                        Chrome Cache Entry: 199

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):55620
                                                                                                                                                                                                                        Entropy (8bit):7.974861509667521
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:3lkPULDSHgd2kbXfYzmBG4TFvRSRFpFC/Qixz2CFTYQVudXBCz0gSTHLKCDigKgX:KrMjfdxzSO/QqJrurA0tL3Digfs6E0
                                                                                                                                                                                                                        MD5:798149665DD41BEBFA1A29B345D8A887
                                                                                                                                                                                                                        SHA1:6C36919B12772F406A1E461ECFAF5EA8B208B18C
                                                                                                                                                                                                                        SHA-256:3E9BABE314BE382C18E2E5C1D4E0914475AAFA0712717A8722181521647672D8
                                                                                                                                                                                                                        SHA-512:D9C38A4811EA78BAF6838F423638E1547EAF42B3D9403F71B4E3D2F0C715397043AD902F51B931A992531ED77DEBEDCC1548D1D9A4FA5EAD2D8EC09CDF6E6E34
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTEe]s.....8..FX.6...Qj....t...COh....Qs.Q......9..:..#(H...7.....f.....0..[.....SLc..........................z..o..s........E........VUj.........N......`\q*1S....fq....ldw...1G.nl.9:V......~...y....Ni..iwJ].Wd.A......;Bgdj."e.....vu.......?S......]Qt..{p.BJr...`QfG\.<N..../A.......5T....BU}Ut....IK[...`a~......U.....f..o.........z..6...%n..|~.x....OY|.....m_f.bu......$Z................q....{mk..........vp...tz.{.._.....1:_...NBB............Bx.%5j9^..yt.q....hXW[OM...Qy.:c.<..........A..q..W........9t.m.....|_[/|..........W.....W..g..:i.[......n.....Rg...........ia.....M..V..=...x..............Cm....G....R..){.;..B..J........w....."Si...^..p..~.O....=55...o??............n.qn.O..FP............Yf.R..P..c.e..{S..n....tRNS$...p.$...p.p.d.j.....IDATx..kH{e..R.utC=yD.... ..Z..../....B.]..Q..7..X...,-"(kdTPlTR.."....D.AH....=..\j..s.sn.......y..S..O=...:....N=..3.z.......Kv.Tg......?..

                                                                                                                                                                                                                        Chrome Cache Entry: 200

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 323 x 108, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14758
                                                                                                                                                                                                                        Entropy (8bit):7.977532405504438
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:gnEPGtlyJPY1ujvePNBsUyBBsLmd3IPr4WVfK0zR4lgG/8b9dQ24Sd/A450tyCdS:gnSGtwWQSVqemdQq094lKptCjQ
                                                                                                                                                                                                                        MD5:1C27C52714AF312A8698B26AC8615E25
                                                                                                                                                                                                                        SHA1:762F8ED472CCB3C7BDDEEC0BB61A29D262F33CC4
                                                                                                                                                                                                                        SHA-256:3B12CF3572945F32D7CFF79A0DCE732A78F0527BFC1B86AF34ADA79F34CC72F8
                                                                                                                                                                                                                        SHA-512:E317213952FA7FD49BF71E1BF7B79357FDC519E2EECA89ABF4AC8D9AF7074613BFAD617F8FBF38604FD67994B9C91C7E8B58E2B78019FE5514AA827D7800D1D1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...C...l.......P....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..7.IDATx..}.s%.u.........nY."'..U...S&P*....KK...b..\..wm.&......*...y.6yp....DI..@.2SNd..$L..^&y..X.....=.=.O..\|\...?.{gzzfz...s...`.)..b.0p...6.....a......6.....E..h...7.....C.0X.`v`...........\9....pVi.)[S..m.(..3...8-...8.....{0O.n.eU.....C].;.....R.=......!CK|.CX...(.[.2u.2.O....>....\{....]....f..{..l...........S.5O..P..r..c.../+;... ..jd;....lkx....y.d..y.._......T..Vm..Vv.../....6.o..]6.p..h2\.K\.V..........{2sO...G...&?mCjz.MR......Lq. .\ ..(...k4...XY.F.X....c.....2...2.a...w{../M..a....e.... .$.......S.k..-~r|.q......'(a.DHs!

                                                                                                                                                                                                                        Chrome Cache Entry: 201

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:y:y
                                                                                                                                                                                                                        MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                                                                                        SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                                                                                        SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                                                                                        SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:..

                                                                                                                                                                                                                        Chrome Cache Entry: 202

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 200 x 174, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):8768
                                                                                                                                                                                                                        Entropy (8bit):7.922964844859828
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:QAhB8Ztl/3eu6Ot83RG1xtCwpcovaxOJwZKh6zEtFtc9KrQE:QiqZ7T6Ot83RiZnvuEw0pE9Kr1
                                                                                                                                                                                                                        MD5:80E85FEBC3E5B7494B1FC825B13ED505
                                                                                                                                                                                                                        SHA1:4B1CE6AE606721284C1A9C28FFA96F0731B4A5CD
                                                                                                                                                                                                                        SHA-256:98E2DF484E9DA9002CED06EC0C5EC5FA2B97BDA21E7390D75C543EBD45A70666
                                                                                                                                                                                                                        SHA-512:509B3513131768FE0A5BCB08F942D00FF2C2AE3B2EB840906D66E067D727E8F0F28F8494F7EDD38510C83CE75C09B435800F9C963F7B281B0ECDE802412B8B76
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-26.3e460242.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............D+......PLTE..................................................................................................................*......................................................................................................................................................................................................................................................................................V.............[....S..........A.......O...................L..?................'...^.........H..........b......................E................g.............................t.}....K...........y._l.......C.......Y...1....ym..X.............Y.E..#........;..A..z.......n..R..7...[.......$.h....*..5..........U..i.;..4.Z,..x....M........*tRNS. @.`p..........P.0.`P.......0...`.1..x(....IDATx....N.Q...)R./.."...(e:u.4]@C,......XG.P.a.O..'..\.i...."q.K..sn.L{;Nq.~P....9.........$..1.../m\.w(..;[........tr..........5

                                                                                                                                                                                                                        Chrome Cache Entry: 203

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 145 x 145, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):10613
                                                                                                                                                                                                                        Entropy (8bit):7.969519207899228
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:r4bYlWiNrG4NCDipJIfC9w24iNxXOijd9SmsoSvj7WZSPnrmedIQ9eF:dWTeC+p2f615hd9SvlSZ2txI
                                                                                                                                                                                                                        MD5:0CE957FF769D91BF85EA8FA3BD1588BA
                                                                                                                                                                                                                        SHA1:473D549616A57378690BCB9D7E6D235E21DB1FD1
                                                                                                                                                                                                                        SHA-256:E7D7409888C659FB0A8C797E0A374FEBF1CB555889AF77D6FE99A83BE0F333AB
                                                                                                                                                                                                                        SHA-512:D175ACE9220C956AEA0248414DD715ECE08EEA3972B3792364B938A9786624E5EB2CF2BF8E40347FB21B05ED99D7E9F9A15C53F512A1174F857EC1A83803FEC3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-7.c9b84e44.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...............Z#....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..'.IDATx..}.t..y.?..\<......H..%Q.%...:.)5....4.i.:I...-.m..>..:q.8..k.........G..(..D.H.DJ1I..H..A.|.$..x_.{'.....3;{q/p/...#..;;;;........5.PC.5.PC.5.PC.5.P....58.9....b.ACb.....5.P..<[.....q.l..jpA..!^:.I........8..../...W9j>.....mA..%...>.......K...3._....+..=b.M.J=p..'Q.@.N.|......O@......@C{.*&.UM"'.........$q.h..R..).UG"A..X=.~...r..P#....D.@/.eS.8[.).t...*.R......U%.bl.......'hh7^.j.G.......?...34...pE..I4..R....l.....p..I.0.X..@.C...........H..2....9D;..*....2^.$.3..W..;......|.+P..H$I ..n.,.d>.C.p..Ys.5a....@Q......r..3.....$.V._..x..

                                                                                                                                                                                                                        Chrome Cache Entry: 204

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32253
                                                                                                                                                                                                                        Entropy (8bit):7.958742758880246
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:qlZSdg/54N7sPO7M1CdzlwoOqUrk6g/BrvbisG:cgp7sPOwYq36X/BrfG
                                                                                                                                                                                                                        MD5:5100441802FAB75DBD3AD326C8A872C1
                                                                                                                                                                                                                        SHA1:CFE25CD0CF51DC68788F53E51F73B852185997BE
                                                                                                                                                                                                                        SHA-256:4A071501E44D57A20ED004EA8AD1489E76E6E5C2F9DDEC5B38DE731D25B0F9E7
                                                                                                                                                                                                                        SHA-512:946AA06336F4ED1532AB4876FECC3BA72F30E43815ECCBF1A18B72E434C9DE6FD13BD0BA1400572EC8F85D0A1BF0146AAF1FFFE5BBA6712CD8852CB63D9E9BA5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE...6p.............=l....b..6p........<i....................:r.;v.9q..........m.....k.....j..Z..(Ge-Oj.KD4Jgy.........hi.]YbNg.................................-d.........................................................<t......<`....{...........I.............>w.r.....Hy....j..t..1i......./Vr...U..k..}..[................WVG`...bb.[[..z......'1Me.....F.(.............{......pl\.............@Y.....z....M...gc..............+..Sj.>bz.ws.QP...\#-.yp.....#A...Q\...D...........T...[Kf................GG...ai...prEm.......3S.dx.l=O...w....et.l-6;Ke...i_..JK...n........|}....Gax......drtSd.sh..is.9A...bL.....r.CG..}..Ax.7..V..l}V4C......9]...OV....y....%F..Sh..E'4.v}....j....u.q.,.~..t.D.....L.f...h-..`...-tRNS....(..-G..h.V..G.k.......y......}.......Jm...z.IDATx...k#G..p....v.&..c......h.Xv.XX.[.$....1Ar.^U.B.R.E......1.\...u..7..;;+....H...;[..?=....^v.i..f.i..f.i..f.i..f.i..f.i

                                                                                                                                                                                                                        Chrome Cache Entry: 205

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 3840 x 1722, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):793290
                                                                                                                                                                                                                        Entropy (8bit):7.982958424724078
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:Ex7datotWDMRHG4+/YRXyS2ncQHQn6VVk4qQa1DThebvS4FNIVTRm+jlG:ltvo15kmx2crn6VO4W1BeDS4FN61hxG
                                                                                                                                                                                                                        MD5:B8AB281997D9CA30FB94A17328CB869C
                                                                                                                                                                                                                        SHA1:50D8B9C62D0C632736BBB69E694062F53BFC2841
                                                                                                                                                                                                                        SHA-256:9912AAFDEF380FEF9C21E785433A45A5847C8D478922DA1358133089477497F8
                                                                                                                                                                                                                        SHA-512:90DCBCBAFEACA49347E308D86CEA02AF6FA2F1AC4A07AA59E6F58B74B6A4881711A998771BB244B83BEBD85E5C1CE1943B40B91D96FB07559384C6991DDD8145
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............G,}.....PLTE..................557......TUW......klo...}~.........................................klo.........................................................%..........................ONP,.1DCE..............._TNi^W....."...bdh...lnq68>......................uwz.v....XZ]............C90...tj`.....1(....TH?....xj..............|~.....<....T[n.....]cx.....u...jc..C....~qz~.IRe..a..or..........yo...gj..~4.pfy....vw........|f.............n..{....[........j........\......q.tc.v.........x_Y.....7.....so.J......~...|..8CY.........p....d................$........`n.|K=..`.n.....W,j...N7..^*1D...dQ.pP.k.I......zF..J.qlb...Z7.......O~..W...~@..p..z..RP.......O...t..p............Dz....~...A..r.K...GK.x..J.Q...[q...}u..O.p..`....>`....!..M..........tRNS.Q.H;+b..n..y.../.....S..v...Y\DZ.....IDATx...=n.0....N.....iP.Lv...Z C.\.G(.C...r........IQ.u.?.K.2...WR.......^K...v.......&..M~c..5.R.y....................2.z.0F.;..4...I..

                                                                                                                                                                                                                        Chrome Cache Entry: 206

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 223 x 206, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):10534
                                                                                                                                                                                                                        Entropy (8bit):7.972168833531366
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:e/2Vsi7KFbmNSR5OZBzfILVeUVjBgCqXxGJhfpkvl5khLBNL1N61dRODFbd:e/2mFeowzfufVjBEYivvkhLnX61dROn
                                                                                                                                                                                                                        MD5:A1E07D3D8BB55DFC2F935D7F9728CE02
                                                                                                                                                                                                                        SHA1:6D2E229C15B8473419E0E7073D63042EDA7C09F9
                                                                                                                                                                                                                        SHA-256:8B8D55DAEAB9F04B425E058872184714ED1C6C1CB9DA644C7E43A0A2CA2B06D7
                                                                                                                                                                                                                        SHA-512:6CCDEB90D25AC0F24A8C28F78C9F082C77BDFD7A3555F6CF5C1E81E19A1972B69A8DF2EB2BD8C913CA540BCDA3B931534144C5AD714BB7CC476D656546F8DF9B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-4.a0581c94.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...............' ....PLTE.....................................................................................................................................................................%..................3<.........i..........`.................y........................?.....P..............................u............................g..............KO.6D.........GO{...<F........3B.:G.......@L....1;..t...np..{.n...+5......./9.7E.M?...F..1;.................................................................................................................................................c...'.o..8....O...C..X..N...4.z.........&.......J..b.!@.......20.....]...4.W.+;....................*.=....I.#0....sh.......&...........`2..%...y....Y<.DJ.CR.Y.....tRNS.........................................................o.."...............C..,....2......I...^....m.!.J..?.\....m...............v.........%>IDATx...............

                                                                                                                                                                                                                        Chrome Cache Entry: 207

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):35833
                                                                                                                                                                                                                        Entropy (8bit):7.968432364063312
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:uRzyOy/ma+XXWqSA86MlBjK3ybYd1okZiwF:um/VEhMlB2ibYdBMwF
                                                                                                                                                                                                                        MD5:B3B6BF49A0DAC771E6231C8ED7B50B7D
                                                                                                                                                                                                                        SHA1:7D08C613473985C3DAAF49EC38066202D823565B
                                                                                                                                                                                                                        SHA-256:70D372944A2862902B182B09E2E6EAD81242FED2BB7E9C01448735C63A230F20
                                                                                                                                                                                                                        SHA-512:093EA5D747DFB9822A52A969982789A03DE9311DB21E7E4AB1DC70A87EC35A2C87148F1121552C8006CC40FBD74567C2280BE9125AE5DF8D5CFD7B6E4CA5F073
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE..........tv..............tu.....vx..................t{t.df......h....Od....q...........................................................................0!3......(.).........................d`...................{.?=.....fi........x......oe.................wo.....:%;.....u...|}...x.Y...qp....ZU..C*B.IE.....d....~...yy..b[n...TT.KG...{...UQ.......o..PO..........oeivTG.sx|np... .!.qe...^^........gG=V92.n.U.y.]v...L<N....c^B)$...............lfG.n}Jh....h...r.=?.uj.^O.....h........s..h..........=p].f..A?.....}.>M8....It95>....p..{J_O.i..U.u.nq3'1\IeA\........]RYV+ Qvd.~..C+...^......S....deZ....|...............0/..@...........S..8_..)^..]Xq...........Zp*........U....]...VK~.i....tRNS...!? .U.E}.lq...............Nkd....IDATx..k.Q..S.Kbb..F#.D[....5.R)I'.B(M@.+......%4C......s...8\...(.$.....%./..~........}.^........^..B.P(...B.P(...B..w.B.h4..(.&..v.4.B

                                                                                                                                                                                                                        Chrome Cache Entry: 208

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.9993944760933955
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:8H4GOKl970kYtYk3OBNVsWAWn2d3KlSSxVeA:8HeKlZ0Ph+B3sWbncKNxVeA
                                                                                                                                                                                                                        MD5:676998F25D96F461587E5B7EB7C0A1F5
                                                                                                                                                                                                                        SHA1:2960CC0D6432E5705CF30C6D36AC236D482775FF
                                                                                                                                                                                                                        SHA-256:C0F1991B61D10E0A856079E576B25DEEF6A04181CE9C70473905B17AD98B8DAB
                                                                                                                                                                                                                        SHA-512:AD207F13652BEC7618FAA6790A805F6D6B594FA96227C11057275396E5702FF81DB35DC774BD0C446CC4349C8CE3E1F5AAA4AFBF72C64DD25F492CA162589F0F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:1
                                                                                                                                                                                                                        Preview:...A/t..!...V"$I....N.$A....!8A .....y.V.rm....>...;..:....&..j.B.G.y....F...#.LKu.....D.g...].f.Ao.V.SRo7..H.FX.K'j`Y..=y.>......b..{....2A.7;...].d.Q.j.4sA.Y&..\. ..-.....g.K.a.].6._*..s.wG....v.v.......R.....t..%.YZf:0F..t3....8v06.UM.....E....7.d....H{5...F*&.1....R.)..C..6....$.v.v..X4.0.v..b..._.....+.......p..!../.`KC....}.".J._..6L..W..J........4l......q...`.@19r....r.@......pc..|1.y*....kj.t.G.U.f.......J....7.ThD{;......a1#8...\M.E..bx~...>.=."..~.......8.....'%.6*H.S.O.r.YAO...a8.{.;....v.Yc..u.DH.C./......Z..w.....M...\.v*. G6.....b...|.Z.i..H......B.$7...u..h.@.....KNIj..9".%.2m4......g.`s...HZOE...............I.f..I....p.........=...U....z..}.2.....x]._.......M3.;.B.y.RL.9Y.`.9.j...=.*.Eim..0.....=.....+$..:..R..F.K..{X..c.bH.2.h..u.~. 6 .........&/39I.0[....@].>.....].pVr...^.._ .o..3.._....0....Fa8HZF..3g..;c7.'6BK.-.w./.C.o.u.&.....E[.......P.h.T...o..=b..Y.h.z...Go+..,.g...r.+45@.....#...UM..%...dRk..&...&.....t..

                                                                                                                                                                                                                        Chrome Cache Entry: 209

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 324 x 301, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):9900
                                                                                                                                                                                                                        Entropy (8bit):7.934188853857167
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:iXQaYKgrIxLoLg80C12RERhu8lRtLJbl+XdopI09PpztnWQfXUBf/ILSJfflE0X5:Et8rS80RR0u8jpHLtnbvxLIa0j9
                                                                                                                                                                                                                        MD5:1DFE40576C21EC613CC401CE31DF6F8B
                                                                                                                                                                                                                        SHA1:9C5A65C4BAB90F6B4D70F419B3462AC6945B85E3
                                                                                                                                                                                                                        SHA-256:C2E7A0CBFF662D0692901ED08AA7EAD12D8E8F8556831A32E9EF42038ECEFFE8
                                                                                                                                                                                                                        SHA-512:32D9D4328FCAC3097FE0EFA2D81BCA932E2677DF3F220785FA8F695838B2C436E9C4EFC52F72FD60ED21FE754845607F9361B71A0261A682187CC4CA62AABEC9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-12.963691a2.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...D...-.....G..f...VPLTE..................................................................................I..............L.......................U........O..[.....y..q.....{....._.....v..t..d..X..Q.....q.....z..m..i..}..f.....k..m.....s.....k..d..i..f..a..............R.....`....................................................................\..............................tRNS.. .._@.p.0......O@P.....\...$.IDATx....j.0..PY..`......JZp....|.,a.I.f..V....oV.pr6~q.}Gry....R.b....).....M..j],..r......}.......[.n.J.R.A...V.c....C.w..B...~...v....X..k.a...,....fE7..a.d9.X..H.N..n^..Pc.T...X.E.G........*......~*.F......Q..I.)R+..Xd..k.om2.....\B]J......7.....}9G.._sE#.P........{..}v.u$.....].Q_a.O..a.H.....+.........=.C".....uf..*..a<.=e=tp.....H......$.+A.....Wg!f_..[c.t......g.ZO...V"8x_X7b......n...+9.[..u.......i+.....).O......C.'cs...........x.a..'.....e... ......u.Bt}U.#...H..N|.5}u...........f..?..].....#.ljBYvE.../a...w..}.2iN..B%.&..D.0..+.

                                                                                                                                                                                                                        Chrome Cache Entry: 210

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65456)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1023552
                                                                                                                                                                                                                        Entropy (8bit):5.572921190771828
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:e2vhEaBBJBaFhijEWhT6DB4knPaGq5fylvoMFwm:1vhEa/JBaXijEWhT6DB4knPaGzvokz
                                                                                                                                                                                                                        MD5:522E04185D1D019F7CC6E15B7A9227B6
                                                                                                                                                                                                                        SHA1:E15782E07DFD2783A1360416F3C7B24F67D0332D
                                                                                                                                                                                                                        SHA-256:35EA158B06FF4441C2E5A9BE09527A810C8D2DF84EB3BB1BD0A6E245D4838F3D
                                                                                                                                                                                                                        SHA-512:014F7369F1FB40523B67FC7DDB1B0D034A994D667E0DE677B198054ACD05A2022A3A14B7359029BBE26CCAAB93928EA312B3A3CFDDCD4FDAE0DA88EC7E379B3C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/chunk-vendors.e3b9a42f.js
                                                                                                                                                                                                                        Preview:/*! For license information please see chunk-vendors.e3b9a42f.js.LICENSE.txt */.(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new||[]).push([[998],{7434:function(e,t,n){"use strict";n.d(t,{CQ:function(){return y},IV:function(){return C},LJ:function(){return i},Nv:function(){return _},V_:function(){return x},cn:function(){return b},e6:function(){return S},en:function(){return A},jn:function(){return E},n4:function(){return k},ns:function(){return T},oV:function(){return w},pv:function(){return I},uT:function(){return P},vD:function(){return F},vc:function(){return l},ve:function(){return m}});var r=n(3336),o=(n(8862),n(4916),n(5306),n(7658),n(3210),n(1703),n(4603),n(8450),n(541),n(9601),n(1539),n(7042),n(4747),n(2772),n(9714),n(7941),n(6699),n(8674),n(561),n(9653),n(1058),n(1249),n(7327),n(4723),function(){return(o=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e})

                                                                                                                                                                                                                        Chrome Cache Entry: 211

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999401743003957
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:pluVMX8y5XQL+VSYVJoFHCyos5IMyKQDC9nkfKXlK:pIVMX8ypN1VDs5IMXBk8K
                                                                                                                                                                                                                        MD5:CF5B08ED806479A4E47646EFDA4B932B
                                                                                                                                                                                                                        SHA1:63F5E3F2E2D587F88F4037FC42159082EC4E8099
                                                                                                                                                                                                                        SHA-256:3E27EA704DDB61776578FA59F55D11FF9717630C39C3F24EAA24EEF3024FFBAE
                                                                                                                                                                                                                        SHA-512:62576219D9FAECD0E5B69CC36BED2507B729D9772F84254748178CFBCDB0A2838BAA56487DB4594E509A81228880D1D26EB8006071998F419C681FA720BA505F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:8
                                                                                                                                                                                                                        Preview:O...L.wZX.y.@.....{+#,..p.4.F.te5..........Q.\.t.y2W.......S...=.F.}t..5..@.QP.+....I.om..1...d v...b.........9!^.......Y.Bu..8.U...f.6B..F.mu...%%.M.....:..+.K.C.}"g%.4.2-j.G.+...s..7B....4....7$.0......dl......\<.P3.42......h...A.K...t3..#...=.P.e6.......6..e,....E.....2#.O,D.....I..8..^.O."`..O.......s.......c.........;.B.].>q$.[}B.7.U..tX;.7P..<Q.g$z...S.:....Hxh..O5.F2....3.b..rU8...2..G ....A.w......d..E@....p....../].I.1.r.ql......Q...\...C..jq%.~.A.?..!..b.%._6].=1...>.X.-.2'.t..3....1i.R...[>`...d/......C..<i.........G......8..xH.by8.V.'....Si+~..&....D....i....:7vm.........<M%.~..t*.Ui=."....G.+^C.<.........")H6...]...q8...z_C..gQ.h..8...;M ~..n...l.j.g...1..).....V.oc....!..........dE.L;.......A...L...O.q7........../"...F.......zX~....~.h.......g.9.N...Q.1.qw...(i.x.....A........O.Ws.....^.=..p.s.Hw.{.x.wG.l:5.=.n.;((./....dD....w.$....p...s..{....B..:....P.6..?.?.M.!..0c@....nX.=.!.....'.}4j....T....5U#B.]Y.)oFO2.P........V&..w

                                                                                                                                                                                                                        Chrome Cache Entry: 212

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 146 x 170, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10726
                                                                                                                                                                                                                        Entropy (8bit):7.9699290675293275
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:2taETf9lbSgB72SKFonFcYeGsgUn/+6XIl3YEXx4vy4NjtEe:2takf9x7ASUAcYgn/+6X6o04vy4XX
                                                                                                                                                                                                                        MD5:E705F1CEC1E66F61882A8BA92CA59FFB
                                                                                                                                                                                                                        SHA1:0B78ACD5F83187847147AEC5D31290998206A85C
                                                                                                                                                                                                                        SHA-256:9D68152864EF6CC0D918B972CBFC76A1265E4775C129C3CF5528D5FC09DC28D8
                                                                                                                                                                                                                        SHA-512:BAE4F1D6451861A7D5A88761D776EB35CA6BC62B2F6751FDFF2126B6185332BBD84CDE3A952D3C55E2A500C1D25C92F3DE81C6A1F7A0D8F2CBE94291DB97E6FC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............q..|....PLTE...wxofd\.~uKKF..fg`AB;TUO...\]U...YYRYYTZZTooh]]V^^X...ttl^_X...KLF]]WPQK...^^X_^Y...^^Xde^||t......dd]ee^kkd.....tskTTN....}..z...hibwxpyzr...wzs..}.....y.........mnf...............................MPJ......`aY^_X## &&#\^WZ[T[\V01-23/ab[$$"./,()%%&!XZR,.*XYT)*'. ."".((#+,(UWP562 !.,-(TUN#&#&(%8:6350>@:RTL;=:DE>CD@OQINOK...WXQEFB@B<HMJMOG784*+%...@DABC=JKDFHD12+LMJ7;8iplNTPLMF<>7:;8./(bie\`WQWT:<5251UXS892ch_...PRK>B>;?<HIB385mtn]bXRVOFJHHJE'+)Z_VBGE.2.FG@^eaTZW)/,t{uY_\|.~W]YLQLX]TKQNIMFek`ag\fli\b_.D./41...pwsx.z>2&jph"('...............wwsI0.r*......67/..|...ssp...yzwQRN.........|{yhkd....X..C...._c[.G....Q$.|.....Y/..N..N......qxn`a]\&.e......d....?+....+33.9....H%..1.4..m1..C..9..,../.i&..;..?\7 .?.G:/3) +"....l<..}I.l..L.....c=I@7.j3w>.i?(.R<..Q....GtRNS...c.G.....'.I)..>E.......a2....9..r.e5Y...M.......nD&.....\...~....X....&QIDATx.....@...la ..X...B.p......w..J..4&..L.Bp...@EF.b...e..."XH.{.|...B..n.k.....7...1..0..0..0..0..

                                                                                                                                                                                                                        Chrome Cache Entry: 213

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 313 x 313, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):10656
                                                                                                                                                                                                                        Entropy (8bit):7.932010847910039
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:dqYYJPT4gghFpEJj2dJQ2wcT1hSqnURRJBvsSUv0p1:k3PT4EJin3wcT1hSqnUbnve0p1
                                                                                                                                                                                                                        MD5:F561E3801404CE76F185066FB255EAD6
                                                                                                                                                                                                                        SHA1:6AD3FA571900696715A1CC1D684E2050793F2BDF
                                                                                                                                                                                                                        SHA-256:EEA0D44FCA098300A7D54F9454C936FCC494DFBD6490F2D3F9CAD56A772C6FD7
                                                                                                                                                                                                                        SHA-512:847229EE9A5E7F7BA478775A2D495F5906DB8E4999851924C66B84572D6EAF4C57F9706E9BBFB7214853651E1F57F4B7588D89FD1397144FFBA5681C1890E290
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-23.132fbdba.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...9...9......?......PLTE...........................................................................................................v..vs...........w..w..w..y..wE|......w..wV...xr.........x..w..x........x.....x..w...g.........v..x.....v..x............@{........w..w.........t....<z.m.....p...x...........`.........x...........x..v..........x...n.8z.............o.......w...~.............y..x...............x................r........wv.........x...^...~..h.........................{..............v...z.......i........~.............^...........}..........................v....y.......s.................................o......K.................n...........{...........|.......x..........}.T....l..o..i..{....g./?..."tRNS..`.``..;.E .........pp....D....&-IDATx.....@....Y.f.+L6f..L9.4T......\ga.{.....Wj.5.....W...}..Xd9.x...W..##..B.!..B.!..B.!..B.!..B..7S{bY.....X....d.<{\tE6#.y..}...

                                                                                                                                                                                                                        Chrome Cache Entry: 214

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):53552
                                                                                                                                                                                                                        Entropy (8bit):7.957624598794933
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:pOhnzpYr0Vl0+0oe2wWkshEJarHNjpB/TvoYgUHhzwp2G7cZWd8MixCRpKYFjAcj:UhnzCa9PF2o5ProcHK2YcZVCbKYBAcJt
                                                                                                                                                                                                                        MD5:2BA7372C1CC901630FCECA0F23915FFC
                                                                                                                                                                                                                        SHA1:F317EBB8E6D879F668357AB8240579028A67CD59
                                                                                                                                                                                                                        SHA-256:8C69F057FB44E6A4E9F51B9E6DB35CCFE7FA089FFFBE266CEBB3A502379959C6
                                                                                                                                                                                                                        SHA-512:AFA9724E6258ACB6295E15B16A03197BD4AD3CADAF764E1A3587A7E67A1A138E4A16C71C54495063610D5737C834DB0B2B2C8862419BD8BE11300946ECC8EA6F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTE),J.....5-'87R.00F...Lg....E[._s.:Gsz....=v../<tfv.,@j.....Oh. 2.. 2+;".......)"#77.>../("2-&6..).....1..*..9(%8..##&=;2C,)=0-C..2.."..8..*.$F..@&*D....0KA6H#4`..X-;c$-M.'PC;N+5VKl.........65N...d..Pq.J@SFc....Wt.7:XPDW..;\....3Gu-?l............K..<S.X}...`..C^.+<w...<?^...k..7M.......5Q.%7lSJ_{..Pa.8Dk-C........aPbr..?k.8O.8O{u^m.....~....jXi7?..........6Z.......CLr...H.?........y..BV..q~......j.......~hvs..BX.EHi.................p..U..I..../H..~.CR~m.........y.....Ti....FZ.f..Pc.m..w...........Bx.DAb6!/...l..E_.at....S\.`x....W7IZ...^HW...`q.....g|.Y..?f.Xj.Kd.>F.SQkY..ap.oN`^..MTz......v..S..n...z..[g....h..om.H.....i.....h..Y..Fi....N..{w..s.[Ztx..j..{..Yo...tz.Jx.UX....fc.......h;Q8..Di....Z.....+g.<X.MM.....F_.........k.(..=....tRNS$$...`.`..```.````O.T.3....IDATx..[L.e......!]qa.omiK.rQd.5.....`.....%.C......Qc..p.P.S..7...EC.).q.6.1$:...y....!...mYYh.y.....?.[.....n.....5..W7.~...z....L7...o.o..

                                                                                                                                                                                                                        Chrome Cache Entry: 215

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 162 x 162, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10030
                                                                                                                                                                                                                        Entropy (8bit):7.969577421383059
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:h08XUPI2MP7s4plUGogmWwG8Rjzqk/sC2EPSRdP0CVLeEuF0o4LnHx8v:hDAuP7gKwG8VzJUr8SoqpumnLRa
                                                                                                                                                                                                                        MD5:1B8B3CD8AF61B7F074E1C8373A382ED3
                                                                                                                                                                                                                        SHA1:342B8CB70410BF48042C7CD65BF61BC8F72BF07F
                                                                                                                                                                                                                        SHA-256:C96B0F69D6FF5DF29E5E17A02F0947EA4D2181E98DB8BA2C9E878D5000BD5997
                                                                                                                                                                                                                        SHA-512:3BA3108036616702136875F20453AEE43995C2E936CEE6BFE53DCACFF2C2F223172FF4CB9114AC45A0359CB829464871FAC6181113E2E89B9AE5001BF2664E6C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..%oIDATx..]..]Uy....@..A.#.Z....bkm.}O...9......}.m.....v...jG.T..9.J..[u..GP....Z....<s..<.=.....Z{.s.....g}w..{...~~....6PPPPPPPPPPPPPPPPPPPPPPPPPPPPPP0......u.&.\at..PJ.@..(Dl."..m%.5T......Ce....L.1;((....r).'..........K@*...b....1.,.......A[..@...D.KirI.m...w...S...4.s.P.,.>{..Y..S....#W..1........T..>"..f-....E....csP....H..=...<,{.L.-((Dd..oE...).C..R.mL.M#B....%SME.Y.j.S....=...z....a..K.o".....]C@C.@:W<.j...#.E....$`.X.......i":/vC^.v"..N...N%.#(..S"..:...W...y.....Q9.-D..0.haD.<.uy.;.D.s.qds%.j...H..TLP*f...ep=.....{h...=........cd%".

                                                                                                                                                                                                                        Chrome Cache Entry: 216

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 280 x 280, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):12985
                                                                                                                                                                                                                        Entropy (8bit):7.936839991503054
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:lRHlh/zxECBngIp0bjjvkQAFL1y6xD+/6r:THlhmApWL5MBVxD+/u
                                                                                                                                                                                                                        MD5:EC913DE479188EDA839D59C3688983B9
                                                                                                                                                                                                                        SHA1:2D04C7289C3AFB458641A2194016CAAEA30B7F40
                                                                                                                                                                                                                        SHA-256:9C4AFD4FACE2D4BC32934F4F815C6026DFBA45FD915A242CB112C4CC976B7378
                                                                                                                                                                                                                        SHA-512:19DE875EAB953D78C6F41DC58C23390ADDBECDA8BFFD0491F6D5F662DB2DE87FBCBAF2F1200723305B58651101DE59B58C22CA8B727DC2CE1CCAEB41FE451223
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............P......PLTE.......x..............s..................................................................................................................^........a.....C....|...@.....G.x...E..H.z...Z..H.G...].E..D...X..U.u...W.?...R.:..B...G.I..7...>.r...C.. ....1...........,......C.m...M..G.M...O..G..<.....[..O..E..E..W..K..;..7..1.....,..C..J..?.S...R..B..@.L...B..>.P......U.....D..8.G..C..4..p...3..8..@..=.....4..+....l......1..T..A.....:..6.....C.K..e...\..H../..'..<..%._...&.....A..5..(....p..Qw..?..-.i..[..=b..9.c..U{..R..5..1..H..!.j..7\..=.'..Fk..?.....*.X..Ms..:.O..(O..4.Bg.Jo.1W..$..5.t...G.!.............'.d..x...&."....GH..3.}..>.+......UY.pM..#.Z....`..X.. .u.......[l..P.qN.4.f:.......z..s..j..D..........tg..O..-.?+.t..U....6.T+..Y..?..4...N=F.....tRNS... .@`..........0.p...oP.!gp?../PIDATx...n.0.E....x..%..;.Z._........rIYE.."..ED.rpgH8.D".H$..D".H$..D".H...I.i..[..~..(O".Y.4..$.I.J...Egx%J^.,.$.........|wX...!;..{.Z...5;.$

                                                                                                                                                                                                                        Chrome Cache Entry: 217

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 858 x 1641, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):117721
                                                                                                                                                                                                                        Entropy (8bit):7.965154745681065
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:J6m6P6H3gOrkFaZheof0M7kDEwhGspPmHF6DCedis:J6tIMYsg0swEw0sm6DHn
                                                                                                                                                                                                                        MD5:6BC4F626D92473A6F5821D1AEFFC47FA
                                                                                                                                                                                                                        SHA1:1DB17B733C8A4214D7576B2320C6CC8203D67F90
                                                                                                                                                                                                                        SHA-256:9CA684547941EC1CE7A6BEDD9A704D000731B467B7C0C0B814A0DFCB469BB21E
                                                                                                                                                                                                                        SHA-512:8FEA481F8292D279C05AA5DC8049C4423C2B2E4904C330B612E92F4F7CCF789E5A5411A36CE3E352B3C17F10C4EA8E647678744CB10A010548831D33564D637C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/page-1.e3569743.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...Z...i.....w.......PLTE....@u./k.4z.4y.?x.?~.9{.:z.;|.:y.<..=..=................................................................................MMM..........................................................(...................................bbb.................................FFF'''...<<<{{{...]]]......ttt...777TTT......oooPPP...u.................333.........AAA..R......XXX.........lll.....Z.....................q........M.....{....D...eee.....................i.............Q".............ggg........................;.............K{..].......iiis...._.........'..........................Y............X...D...............f.....r.....,3...............7........x........y...............o..g............K..D.......c.....Hw.-^m..]T.......o...........y...+..k^s.....tRNS................9R8...n......]V...,...oIDATx............................................f.\.#.a(\....y.$.$.|..[G.\B.P.r..........#.u...jv..Q..t.<.?....o&....D.+D!.R?....eF.Z..j~l.

                                                                                                                                                                                                                        Chrome Cache Entry: 218

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:RIFF (little-endian) data, Web/P image
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):40692
                                                                                                                                                                                                                        Entropy (8bit):7.9933925282665985
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:768:xAsCfydVtG1MmhJwT9T2R1FeFHmEqQhqV88lLC54PxoxYN4TXHkhEEbbjzn9Ahtb:WoVk3DwV2R1F1whqVRdB8aUXEhzrjGhd
                                                                                                                                                                                                                        MD5:2B17D75B6D85869E08D91FA63AD3A8C2
                                                                                                                                                                                                                        SHA1:617D92A3E95A5716CC29B763629144B24F75A157
                                                                                                                                                                                                                        SHA-256:3B4CE80D4FCA4E3CBD53508F037E623F43C1BBE823EDEA2EFBCE052BFAB8F4EB
                                                                                                                                                                                                                        SHA-512:27DA2CE5E613CB8C53148E7CB898E7EDE8FB4955EF3D84716A1F99CF6F0A86D22045ACB195BAF6DEEC7EB1CF0538D0900D1518D69FAC463012EAE709453E4A0C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://cdn-go.cn/qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp
                                                                                                                                                                                                                        Preview:RIFF...WEBPVP8X..............ALPH[.....0...BA.F...........dI.................................................................N..VP8 j....,...*....>m2.I$%....I....gns.:......m.->>9.4.t.7...M.n......O.|.;.|o....>....pt}.....O..........z.%..P.......|/R....Py..@.%.?...../z. +.~.=.....|......}..?.^.......b......e......lZ.......@....@.Q|.......;)h........N.Z..../y..<.N...=...~2....8...g]......8e....3..>0<6"..Y...q.?.&..........DpB.n..`'eX.P.#$...Wa..`D..mK.i..6#.p.........!.w.~4.3....!..G6.*/..'\.&.....[.T~..>.%...|.0.d..[Q.K.$.....CF..RF".wW.:....K(..$/...CU.oG:.....Y..|..........?.2.....Km..F...B...0.1.{..<.......t;I.....6..9Wq.H..+r.b..Rt...!wk...E5....*/....d..Xd.f....C.......T.[.B...+...W.p.n..U.$.?.l.....wbM..b.".\5.7Y.[k..@s./..}......fY.B.W.......r....f....C ..,8.F#.e...:u.|a........-x.P.@...6c!..D.#.p........ .?..]../...g.o...k....6Ce>i2f..I}Ab..Zl.;.. ....?.(...9C..d.r.r.q<.?.R.w.[B...W... B....|^>1..X....R....pd......?..f..s....z.._.}YM.

                                                                                                                                                                                                                        Chrome Cache Entry: 219

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):58441
                                                                                                                                                                                                                        Entropy (8bit):7.9430727556328
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:p5ML7XgwWC4GpozmQD/gGckcz1a4QrZBdfqLRBYsp:fe7H0D/ghz5aTKp
                                                                                                                                                                                                                        MD5:A2CE6F8AAB6A24D6CCC1D29D892C347D
                                                                                                                                                                                                                        SHA1:802C2AA62CC9C1FE8CE3E4DC03D6397472130AFA
                                                                                                                                                                                                                        SHA-256:152672C20605881C313AED9004E060F2F6EA4C7F8AC59C8736A5177B1D490D50
                                                                                                                                                                                                                        SHA-512:74266FA440454CF8AFF3A0A88400FA24EC63501E57DB824A3435B760EDB5B7ED0A1FEA7B20439775B6CAE233004FA4DF108BD5B874B8D69A0B2EE5CDBBF490C1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-8.c0d3424b.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE...........zzz................zq.....u..q........}...........w..o.....z..................v..y..........|l.......nf........M..q.p.ti....qm.^j................r..?..C..s....DI.iu.F.-..KR..U..r....4.....|....8."y.T].....}....<.+..;...Q."...j...o5.f........@6P4...j.{<.,}.T?...{...b....~...1..........#vH5_....-..g._.......+..'..L..Wz...j..TDNL...M.u(pL6A......e0....-k....>(B..?C.z........?../*Vx.....pOYvv...BR{]...:....;u.WOau.....&.D...:<....&o......Z.N..X..w......v........N..8[.<Gie..$h.E.....p`n..........q:P...]..j.Y..:..,7h`Y.......Q:s`):..........fQ....m{...M`..G.6..`..Ns...Jlq............d..Oj......|..E..K...ye/.......n[.....t.n........x,....\.....).o..........\..B.fn.g{.IK..~.W."..p.HB..R.Lur.D?......tRNS...U8.s..*......IDATx..Mn.0..+4vJB.....)."k..Z.f.....=F.WC.)..ub..(QJ....q().\....r.\...Q......T...#.`6.\.....*....$.@...N.CH,....../w..+..*..nF..}Cr..,H?.Qb.Tw....*b...

                                                                                                                                                                                                                        Chrome Cache Entry: 220

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):50879
                                                                                                                                                                                                                        Entropy (8bit):7.967083991413486
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:oR7CA1cJ1DCqnNBIrdBIYEMBLtUwpl5N+DHhMAgrL4XWQ6iHYoi2ex5d:oAbTOqN6v5EQfl5iHyrLGpHwF
                                                                                                                                                                                                                        MD5:8A759A3A1692424032E47211CB421A5C
                                                                                                                                                                                                                        SHA1:85D3835506AEBBC06731C140E211BF287DF67E7E
                                                                                                                                                                                                                        SHA-256:77E97533A708391B5ED096E28BA09837B4203FF78FE08BCB02943E89CC5960C2
                                                                                                                                                                                                                        SHA-512:75AEAC44D2F3125C263DA6A51C47224C09498800AE0DEAC536C4C18750255FC7F4DC0CC58708C0FF39CEA2BA2EE4E10AE6EFF30727C1C5FFDA9322C250F3D82F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-1.25daaddf.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE...............nnn.........................................................................................................................................................................................................................................................................................................................................................................................................Y............................vn...e...z.Q............l.........r.........e.P.I.....y.._....b.P.....Z.....................z.L.....k...M...~f.K....O.J..K..Y......w...s.W......y...............rW.ZxS....r............ts.i{.........x......x.#.....tRNS....T2..n..t......-.t...YIDATx..r.0..&.....r.m..........i...VOz.>bI..@...^.Z-.$.[6./.>...A.R.T*.J...>T...L.R.'. "O....@~..o..E.#K.:q9v@..v....no=V..t%..._...qv.U'* .

                                                                                                                                                                                                                        Chrome Cache Entry: 221

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 663 x 1237, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):73028
                                                                                                                                                                                                                        Entropy (8bit):7.977889333364363
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:urT1EhPQCfcTCHKzzh8zsdqWnRRizKWu0+uOYW7fHmr35Egyqavi:g1EhZ3m2SqWnzizKW76fHvvi
                                                                                                                                                                                                                        MD5:88B8AA084221F79DA657FB97BD7758EF
                                                                                                                                                                                                                        SHA1:4EACB6530EBEED12AB7F76958994F0F7B08AC6EB
                                                                                                                                                                                                                        SHA-256:306B64A2751FB08944FB822DA042062175033D218C675011DAAE22293DE9ED95
                                                                                                                                                                                                                        SHA-512:3BC9B1C9E6A0E8671E9F598B09925158E1859FBCE1CB1545EA8440AE30249D19A3259932A3DC99DDF0C5EA8758D80B7AB27BEF464E58E4075A2432539015F66E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................PLTE....................................................................................................6....003............#$&.........669.....**-.......................==@.......................UUXjln..FGJNNQ.............[]_......qrt...bdf...BBD..........xy~>..........................u....................'...........8...........{L._.R:.................s.....H+)o:......i...4..w..X'......n...O............hS\@;w...o....L..;..V#....RRw...................||:=_.....R.....r...AJkzW[.k<.....9.n....v;?.{r02Q.P.._o...NS..`d...v..`,.gj....kJ..C.ic....3"............o#(..].z@...^...]....zW@....GS.68.......k..|...v&h.....h...........ma{%(B.t..L....Z..L..[b.}..i......:o...=..sX.h.@.......2.....g.Do{....Ow....q.g..".....tRNS....Ihf.+....R....R<.......IDATx...A.. ..P..F+.../.?F.Yt.(....n...&.....................'M'..1...0}.Z.#.7e....)m\oO9..{...TqlC~.k ....}.l.%o.(.q.9.4e...F.*..b.M...`.dJe7.J.l..$.....F_...|

                                                                                                                                                                                                                        Chrome Cache Entry: 222

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 288 x 288, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):18401
                                                                                                                                                                                                                        Entropy (8bit):7.960134833929269
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ZufF1T9WbHXHy29g5WD4JOM2GIwhzaJyoQOhumKdkR2w9v9jYhRr7:kx9WzS2WkidwwxuQ2q+m7
                                                                                                                                                                                                                        MD5:5BF2F25D9DD6FFA0ABE78303A7376A3C
                                                                                                                                                                                                                        SHA1:B0EBA0DA234C54435967C75C9DBFF35B2F058135
                                                                                                                                                                                                                        SHA-256:A6EE012B26448225E4B34EF4797AAA2D9955042679FEDF2D9910B198F38838A2
                                                                                                                                                                                                                        SHA-512:086910A2BE67EFE15B7019FBB23E4B165E3E446E9A9A44DA98EB78C3866EBDEA5AD8FF81A039347DB87387E26BE51B694C1DB7ECAEE22D197E40A6CD6799D1C5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-2.3e3799e7.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR... ... .....#]^.....PLTE.................b..........................................%...L.........................O..........D..].P.A.P.......O...M.=.t2.jF..............................Q..W..d.....].....K..o..j%.]........uJy...D.....I..|..........................J18..C..Q..C.....B.....B....B.B..M...........d..D.71.b.A..B......4.O.E..W.._..I....t..[...A.l9.g..V..o....;....K.....p..I.q~....K.<....W.............t.......}..gk.....L{..RO}.Q.w.O.7R....N.....................x....w..=.....d.....B...~..\.~u...Y_..V.......pZ..j..K......a..m..s..g.........^.......................c............c..C...[....s.IlRA............B.....Z.Q.P...W..........g.9r.d..:....qI......f.......O....U.....{...|........~...{....5tRNS..........` .(../.>F$....vOo7O.Vi..-.....j.kJ..{.......DaIDATx....@.@.(Q|..'...m..N.;.(...I.."~._].KK....M.=.m..p.Q......n.[..j.\...z<..z..}.t.3X-.n.k.7..6.i8.=].oo.dgeO'

                                                                                                                                                                                                                        Chrome Cache Entry: 223

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 145 x 145, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10613
                                                                                                                                                                                                                        Entropy (8bit):7.969519207899228
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:r4bYlWiNrG4NCDipJIfC9w24iNxXOijd9SmsoSvj7WZSPnrmedIQ9eF:dWTeC+p2f615hd9SvlSZ2txI
                                                                                                                                                                                                                        MD5:0CE957FF769D91BF85EA8FA3BD1588BA
                                                                                                                                                                                                                        SHA1:473D549616A57378690BCB9D7E6D235E21DB1FD1
                                                                                                                                                                                                                        SHA-256:E7D7409888C659FB0A8C797E0A374FEBF1CB555889AF77D6FE99A83BE0F333AB
                                                                                                                                                                                                                        SHA-512:D175ACE9220C956AEA0248414DD715ECE08EEA3972B3792364B938A9786624E5EB2CF2BF8E40347FB21B05ED99D7E9F9A15C53F512A1174F857EC1A83803FEC3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...............Z#....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..'.IDATx..}.t..y.?..\<......H..%Q.%...:.)5....4.i.:I...-.m..>..:q.8..k.........G..(..D.H.DJ1I..H..A.|.$..x_.{'.....3;{q/p/...#..;;;;........5.PC.5.PC.5.PC.5.P....58.9....b.ACb.....5.P..<[.....q.l..jpA..!^:.I........8..../...W9j>.....mA..%...>.......K...3._....+..=b.M.J=p..'Q.@.N.|......O@......@C{.*&.UM"'.........$q.h..R..).UG"A..X=.~...r..P#....D.@/.eS.8[.).t...*.R......U%.bl.......'hh7^.j.G.......?...34...pE..I4..R....l.....p..I.0.X..@.C...........H..2....9D;..*....2^.$.3..W..;......|.+P..H$I ..n.,.d>.C.p..Ys.5a....@Q......r..3.....$.V._..x..

                                                                                                                                                                                                                        Chrome Cache Entry: 224

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):52214
                                                                                                                                                                                                                        Entropy (8bit):7.963521995118885
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:xSUQwGp/aTECMyhE3H8qlJcGlHA6rNMLwSaS:xSf3gXu3H8qliWgVLQS
                                                                                                                                                                                                                        MD5:F1FAB1492D70D6799DD575E5ABB3CA90
                                                                                                                                                                                                                        SHA1:8EF7A9C5CDFBEB5FE208E8E5201C499344347CDB
                                                                                                                                                                                                                        SHA-256:60982CCB8E7BF5D7D20E13F57ECA9ABDCA3063BAEDEF07E432CB91865F2A284B
                                                                                                                                                                                                                        SHA-512:5A8F378E7E9FFF01C2A9264484575AACD62C30F98ABF9EDC02603FF49D27E0FF37284DDE78C47630CC62BE376280ADA8F18AD01D9DFD8076B51E55764AB4D9E5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............zzz.........QQQ.................................................................ZF?VC<......Q*......^IA...R*.T-...V.W/.\0...a...X2..l.......e.d7|Sk.T+.h:...Z/.X._3.a5.Z2.V).]6.[4..j.U..X1rmy.q|...R,cJ@....a9.b2.S'b....i...kgr.iu.in.d4.d<...._0rMe...iNA....W-.l=.......^....R@9UD@.....p.].S5......O).............e..h7.[8.|...............u~..rw.hA.^<.ot..................y'e...y.....`MG{......l......wpQB.y}.....e...............a=....N)...nI.....G...............h.....k.~.........\o.wH6...]ha.w.S.l=._.M..E}r}..wQ..iC4.x{fqh.eH@x..R:.vQiVO.zH..t.p..j}ib...._.b.qB.~d.......s.ar^Y....sn.......]H.;..g7e...x..^..hZ:..B.oZ...f>4!.....=...t..s|uKn...~PM-{...4.b|......]tcD..FMN[&P.K_w.J/.G.jJ...d....tRNS.....8.Tp).................IDATx..An.@...jH....]`..RV.ue.....@.bq..,.@".@]v.[.$..a.....L&M...H..;Q.Q>..y3..d2.L&...U...{QC_F..Hh...0..A........6y4......l~..}n6.....-Q...

                                                                                                                                                                                                                        Chrome Cache Entry: 225

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999771159297996
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:9UX/ytgcmN4ZeOZ4XaQk41DaCAuK190rbndlDj7OaLnv:9a/ythmSZGVk48CAV1yrbnzj7OG
                                                                                                                                                                                                                        MD5:D3CA6C436622EEC40B5BCC7B59B3DDD5
                                                                                                                                                                                                                        SHA1:FB1BCA4AE93245DF3CB88A784FD112F4038F955D
                                                                                                                                                                                                                        SHA-256:F6A96B6234B1D4A2A250CD5BC270EA25D18E7E3184B3DE5F398727293D6E5980
                                                                                                                                                                                                                        SHA-512:596E856FA5CE1846671AA0782CBFB27E0A717DA64EC9CDCCB72BA895878599469057BDA19EFB534C4D54305F48077000EA5E1C75760E14449AE1685A26BA7AEB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:10
                                                                                                                                                                                                                        Preview:.i..c..c.1%..h........L.hxoS.[......8|.F.A`y.....`.1|.@.X...^D.8/.....np.m..."..7%...s[ *..\.....j).'...~.b..tI...8%.M:..T..N!..|qK......E:1Va....,\.^... .$...4...._........x.-..3.@s...0.dZ.Jl...aA.5U]..c%.l6.\N.>/.u*.*.n&c..TU...V..B%...e.~.....H.. ...;...v.X..........*...`.X..V..aI..c.Qp..0..GF...P;..H+...$.@....&0.J.*a,..Y..In.,..........;...'k....;.|?..&H...DE.....% ..........X.t.G..~...!-X....!.bP,..4.4...;.......&g})W.. ...h5..C.K.>.{............Z;9~...CmlS.....l.'O.=o.Of....X.....z.........4.!..X..'.p../[V.O..q...4^.......J.......&..e..$6..'(.h;2.(..oX..-..4oS..n.".....P.9....*.......A/.k.+.........|....+.;......_$..I..^.gH.8g..%.o.....$.C(.,.;..........$.6..m.... <.7k.....p`...?..v..X.N.@.5..f.....F(.......T..k.s4.V.N.Cc`.u...P.+....L..j8.1.)S.N.v.?..Ib{5..E..z.:..w.....~...4..o.....(Z........E)...u.S^t4.W.......J......)....pv92.....E..l.f.W...##....K+..p.@..q.Mbk..lp...iW...F....+ .....9?.\!...`..hAf,@.8...V..5..~ .c......b.....lfS}.

                                                                                                                                                                                                                        Chrome Cache Entry: 226

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):58441
                                                                                                                                                                                                                        Entropy (8bit):7.9430727556328
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:p5ML7XgwWC4GpozmQD/gGckcz1a4QrZBdfqLRBYsp:fe7H0D/ghz5aTKp
                                                                                                                                                                                                                        MD5:A2CE6F8AAB6A24D6CCC1D29D892C347D
                                                                                                                                                                                                                        SHA1:802C2AA62CC9C1FE8CE3E4DC03D6397472130AFA
                                                                                                                                                                                                                        SHA-256:152672C20605881C313AED9004E060F2F6EA4C7F8AC59C8736A5177B1D490D50
                                                                                                                                                                                                                        SHA-512:74266FA440454CF8AFF3A0A88400FA24EC63501E57DB824A3435B760EDB5B7ED0A1FEA7B20439775B6CAE233004FA4DF108BD5B874B8D69A0B2EE5CDBBF490C1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE...........zzz................zq.....u..q........}...........w..o.....z..................v..y..........|l.......nf........M..q.p.ti....qm.^j................r..?..C..s....DI.iu.F.-..KR..U..r....4.....|....8."y.T].....}....<.+..;...Q."...j...o5.f........@6P4...j.{<.,}.T?...{...b....~...1..........#vH5_....-..g._.......+..'..L..Wz...j..TDNL...M.u(pL6A......e0....-k....>(B..?C.z........?../*Vx.....pOYvv...BR{]...:....;u.WOau.....&.D...:<....&o......Z.N..X..w......v........N..8[.<Gie..$h.E.....p`n..........q:P...]..j.Y..:..,7h`Y.......Q:s`):..........fQ....m{...M`..G.6..`..Ns...Jlq............d..Oj......|..E..K...ye/.......n[.....t.n........x,....\.....).o..........\..B.fn.g{.IK..~.W."..p.HB..R.Lur.D?......tRNS...U8.s..*......IDATx..Mn.0..+4vJB.....)."k..Z.f.....=F.WC.)..ub..(QJ....q().\....r.\...Q......T...#.`6.\.....*....$.@...N.CH,....../w..+..*..nF..}Cr..,H?.Qb.Tw....*b...

                                                                                                                                                                                                                        Chrome Cache Entry: 227

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999493725913608
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:TXuRG3hkZRd3H842tyrmczPmlLh7WZ+pAPPJfS:TXuo3Mfetyrmc2qM
                                                                                                                                                                                                                        MD5:1F3D7F810C43FA0173BCBA646EFB0AF1
                                                                                                                                                                                                                        SHA1:70BD12C1B6072E4938A8FB861FF038374723DCA3
                                                                                                                                                                                                                        SHA-256:DC0DDF7481DFEB7E5C696A17E5BDB69EA4CB90BBF4C28B57E2D9BF25C0C7C83E
                                                                                                                                                                                                                        SHA-512:678C9742861861AB47B857C08AE399D196ACDEC240719D4E0E2368D1E1ECC99CA0D16D6AC365C0D3CD237870C600C3DAEB36437D0A28A34C0CBC60CEF22F3EFA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:b
                                                                                                                                                                                                                        Preview:.....t.M....MC.\.U..P.._..A...J`.H.l._...*......e@./....D.....(.l....h....me.Y...")/{Nrq.T.9..b..i...]R.j-.o...R._g.C...O.s..."..H{..Pw/...J.G.e........32EI..c....ol.'.....w!...nBM4r.y...y.o...vqVK..[..'.0.B=6...&..u.......|...jZ..kT&........o.......8.jjhQh4.\.m<z..........Xu...&.0.~Hv.......do`|93L..4..GOS...w.E....j........C........;TF..$..r.wC...).7 {]..pUk..Y......pS.._..~..X>F..t.K....]..V.!.;"..Rb....I...e{......W(3....0.v.J.........W.c..{..p..|... O@..w.v.Cw.\q...E.}._.\..R.%t.T..a...C..I%..>xf...4.....qqf...!..1...|.W..7.<...>`...+.VY.0...e3.1.Q g,.go..o.JL6b3...<_rK#... ?.{...1Z,..g.L(.zw.&.G.....(L8.....f.$...0!.;`.8...1.(..\#ah..@roO.+.0D.h...k/..'W.q;..X..#....L'..#...3..2O\H.?g*......j....Y#!...l$e.O#....ax.O..F67..r.7:.X.....s)%,*@Ml.....z9.C.ChuXSr..i.........|R..^..rG.go.....<........;/UX...L...d..7..1m+_.1f......=H!..@-...M4@.vZ....m...U.%'....:.#..8..~.&..q.>UY.!..V......:.a>..\.uu9...u>|.....l..fN.N1...W`wz|3@?b...q.d.#.

                                                                                                                                                                                                                        Chrome Cache Entry: 228

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 537, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64395
                                                                                                                                                                                                                        Entropy (8bit):7.92416127965162
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:H5RsqmiSid4QcHs+FOSdnqLn2a4DxUN87SPpNe4zWkB8Kbu:H5Rs53QcM6OqqLnl87SxB8Kq
                                                                                                                                                                                                                        MD5:8A0723E83C73C374E0533F2D7FD5095F
                                                                                                                                                                                                                        SHA1:C77826D9C0B50011F1348E5F5898536597C8A39D
                                                                                                                                                                                                                        SHA-256:C27E828138D0259A2D08F53A6133272ED0FCC75586F8A471C10B5CB31615EFFE
                                                                                                                                                                                                                        SHA-512:0C19B333A4BBD9DA75432B5C90C29A2BF0099525F735EA8533699BEEE4AC6A91D7CD11ED915E1E7B6BAA175347D045B9729C9EBA8DEB19D03B9E496BDDAC4FCD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............%.....PLTE...............pppRRR..........................................................................................................................................................................................................................................SR....................................................................................rj......................................................................................................................][..........................l......~{......nk......{s.....z..gb.|............Q.......VM.Z....yq.vpc.u....tRNS...T.8(9..n........(IDATx...K.Ka..p.....=...H&..6...Yt..D.....@...N.YX..6..!.X....C.|..O..^.w.<....._..s....$.H$..D".H$...f.%./..FTP..hN.t...v..u.c..}......Nq....uW

                                                                                                                                                                                                                        Chrome Cache Entry: 229

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):35304
                                                                                                                                                                                                                        Entropy (8bit):7.9742668972721615
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Pd24VoXv9aJJwRIzzDxsm/3WK1zKsZv4mOVSQeEdeCp+i++rR3Es:VZoXv9Awy3/xzKsemtS+inEs
                                                                                                                                                                                                                        MD5:D9EB20D6C7B9AF71AD3A9E5515549A0E
                                                                                                                                                                                                                        SHA1:0297B88C948696F5B2FD0F01C8E10E08A99ECFDF
                                                                                                                                                                                                                        SHA-256:55976AB7E3177781BC697F893592DCB27EA70AB35319B29112DC51565DC96DF5
                                                                                                                                                                                                                        SHA-512:6C95C668E400B7788BC30A8254B681FD1874A49A3DE4B2D3630D744772FBE5906970279257E8F4BBD2F66F977819915E76447DBA8C94D989939EA7E05F27BD4A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE...D61=52;514/-:2/=54.~q=1,?3-"#$'&&E6,)().$%&.jW...ycKKHQ......qhq...{i4..{q7.]..qhq.TC...~s=...s.}.w|>+ @-!C/#9)!?-%D1&<(.6&.......:,#3(!&..2#..........#..H3'-$....*!!/%%. ""&(4((+02046......%,....+)+H54;235...........49;...,..C11:,,aLMM98I=?..`h_dA68.. K8*..[S>=`Z_..:=@rekgQQ]GG....WCD.......'KIO^SWlWXBCH.4".@--SPV...P..V.....MXJNsoq...cOCF".......s]^......xvy........hgk........K................~........r?...................................zB.x..W.#-.......y......"2C.wK......^]m.ws......pX..}dMD(t`-yh:.asJN1;J..S/1hjz.iBF.......JUf5.....{`7;...XN4..XF!'..M..i.$;.RW....weT):HZ..S..m.EC...w._S...n0..._f.og[?.qf..........wQ..@.cV._E.......{w.on.m.!AY....hf......-6.y..vtwhK.W_.x.k~..I?...R)a......&tRNS..0Lc~......&.M.s.@...b.....e...E.....qIDATx..=..Q...f.1.-....iB $a7...u.A'r.8.....N5..`c..'...[.._.s.;.$Y.7i..u.1..3.s.{.DLLLLLLLL".L.R.d"...L.3 6._H...r&..U..T*.4_...d|

                                                                                                                                                                                                                        Chrome Cache Entry: 230

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 374 x 374, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):16911
                                                                                                                                                                                                                        Entropy (8bit):7.934373703337371
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:QSOW+DyEX3jVahDPxHnivjHpD1kvKURoCcmsaeXQr6o7:J+tWPliDx1qroCcmxcC
                                                                                                                                                                                                                        MD5:6B09F48B65A18886447C92B4F6285881
                                                                                                                                                                                                                        SHA1:EA811C1A652CAA584B91A500D2D92D6D924C8AB4
                                                                                                                                                                                                                        SHA-256:5B90F20FC8A9EE5CACC2A1E9A6ED72FFB1EEB183C770E67CA9190F6F7A883076
                                                                                                                                                                                                                        SHA-512:A41E6CC8C5CCF16FDB4F3B3B490CF0506B8C87A2F655A4A92AA6B213F2456B17CA133866F31CF327D14B7D3FDD60F34B3FF30DC1DEAA2C1656DF80088ADCACD6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-17.ca026495.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...v...v.....M.CW....PLTE....#C..........Mg..5....Vt..G.;h..........<i.......<i..........=d.................9.........................:g.Ve..8.Xq..%.....@.7`.......Nc.......8`...................gs.....I..S.<c....bn.......bn................{M.............8h.X..Bo.......;j......................>k................5g./d.\...R.2e.Fq.*b..\.>m.T..$]..T.`...[..Y.&_..W.............)`.............Bl.....*...../.Px........%..............4........Z........... ....Y..d..^u..O._..6`.m...C.g..<g.Lt.......r..\p.......+\..8....0_..>.z..U{.iw..;.......'U....k..k..Tf.....T.j..8e.Q..e...........f}.2Z..J.................H....P..<`.C[.;Y.dy....Bb.cq....$Z..U.......)O..D....Vl..N..N.o.....Jd.J]..U."G.R_.NH....]l.h-._y.Gi....:.......|...@...r............<P.../E.|....^P.r{.|1..!.xC.rE.....a.N........JtRNS.. .\. ..g@.. `..c@...Y0p.g@0....1...?..p..........PP..v...$Bm|..>}IDATx..............................].wM#....#.^.b".Z.B.C.....B...R..%M.. ..r...!......(n.I(..rE.t..?......

                                                                                                                                                                                                                        Chrome Cache Entry: 231

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 280 x 280, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):12985
                                                                                                                                                                                                                        Entropy (8bit):7.936839991503054
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:lRHlh/zxECBngIp0bjjvkQAFL1y6xD+/6r:THlhmApWL5MBVxD+/u
                                                                                                                                                                                                                        MD5:EC913DE479188EDA839D59C3688983B9
                                                                                                                                                                                                                        SHA1:2D04C7289C3AFB458641A2194016CAAEA30B7F40
                                                                                                                                                                                                                        SHA-256:9C4AFD4FACE2D4BC32934F4F815C6026DFBA45FD915A242CB112C4CC976B7378
                                                                                                                                                                                                                        SHA-512:19DE875EAB953D78C6F41DC58C23390ADDBECDA8BFFD0491F6D5F662DB2DE87FBCBAF2F1200723305B58651101DE59B58C22CA8B727DC2CE1CCAEB41FE451223
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-18.49af16e6.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............P......PLTE.......x..............s..................................................................................................................^........a.....C....|...@.....G.x...E..H.z...Z..H.G...].E..D...X..U.u...W.?...R.:..B...G.I..7...>.r...C.. ....1...........,......C.m...M..G.M...O..G..<.....[..O..E..E..W..K..;..7..1.....,..C..J..?.S...R..B..@.L...B..>.P......U.....D..8.G..C..4..p...3..8..@..=.....4..+....l......1..T..A.....:..6.....C.K..e...\..H../..'..<..%._...&.....A..5..(....p..Qw..?..-.i..[..=b..9.c..U{..R..5..1..H..!.j..7\..=.'..Fk..?.....*.X..Ms..:.O..(O..4.Bg.Jo.1W..$..5.t...G.!.............'.d..x...&."....GH..3.}..>.+......UY.pM..#.Z....`..X.. .u.......[l..P.qN.4.f:.......z..s..j..D..........tg..O..-.?+.t..U....6.T+..Y..?..4...N=F.....tRNS... .@`..........0.p...oP.!gp?../PIDATx...n.0.E....x..%..;.Z._........rIYE.."..ED.rpgH8.D".H$..D".H$..D".H...I.i..[..~..(O".Y.4..$.I.J...Egx%J^.,.$.........|wX...!;..{.Z...5;.$

                                                                                                                                                                                                                        Chrome Cache Entry: 232

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1622)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):4374
                                                                                                                                                                                                                        Entropy (8bit):5.842501022898673
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:pTR7xXwuxqq8FerrfHfjfcQfzPDo9oYUd1GodG9GSCNjIzJl:yU2FkD0dUrDdQBCFg
                                                                                                                                                                                                                        MD5:7EA999039B2BB5842A61CB65E9CE8672
                                                                                                                                                                                                                        SHA1:ACF56258097E8B5D2FA386CD8C1B7750FCD5291C
                                                                                                                                                                                                                        SHA-256:189A84091ADE8025B14B8D2391C17ABBE8C0D0132F7EB6B43336EDA8ACA2D9F0
                                                                                                                                                                                                                        SHA-512:316C15EF99927D965669593403023729B5C2F67E20FB330305CFC3FE42139DCD80B86ACF9B7B5882643645103B001452028CFCD318D7CFCC56BB953213B35572
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://im.qq.com/index/
                                                                                                                                                                                                                        Preview:<!doctype html><html lang=""><head><meta charset="utf-8"/><meta name="Copyright" content="Tencent"/><meta http-equiv="X-UA-Compatible" content="ie=edge"/><meta name="keywords" content="QQ2023..,QQ2023....,QQ24..,QQ9..,..QQ........,QQ.....,QQ.....,QQ......,QQ....,QQ....,QQ...,QQ, ..QQ, MACQQ, QQ2013, QQ2023, QQ2022, QQ..., ..QQ, iPhoneQQ, ..QQ, androidQQ, WPQQ, ..QQ, ..., MacQQ, .., .., .., .., ., .., tencent"/><meta name="description" itemprop="description" content="..QQ.....QQ9.... QQ9..............................QQ........"/><meta itemprop="name" content="I'm QQ - ........"/><meta name="description" itemprop="description" content="....QQ.......QQ...QQ......im.qq.com"/><link rel="shortcut ic

                                                                                                                                                                                                                        Chrome Cache Entry: 233

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999048206471408
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:zcvrzFCW4mOB3HSNKqLRl0E6cgvfplny07Ok7VmCi3tUKM:QPctmOBXS99V9MfpJy0KmVmC0M
                                                                                                                                                                                                                        MD5:CD7D1149346D823ECA9B2612EF719154
                                                                                                                                                                                                                        SHA1:F57DF41D085CA94595119B8C6D70AAEE6AB78AED
                                                                                                                                                                                                                        SHA-256:3F95E9DB80CDD2A2A83A888E24FA2421E85C4BDD54EA4C58EE923349A3664D29
                                                                                                                                                                                                                        SHA-512:2AFF2462BF148AC1C49856FC8ABAC41A50A88C361B37BA41BB4C5E1A354E0104946AF49E344F6040AD541E895BB0A2D48103EFED29731D5697213F421A9547A1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:14
                                                                                                                                                                                                                        Preview:....`.[i.L.P.....am....v/{&........h..+../.6.. .q.*d]!j.....EF....x.$..gn..$?.$.!.{.mI..].Y.(.n.~.Hk|....`..c.h]mx.......c.P..*.....@...m5.%.?..^.m.B.e1....`..?.m.%.@...U..9.W../.....x..f..A.7.!.]QJL*..`}fct.*1.K..Q+&.....L.i.K>BB..... \U..k@.'....p.tbY....N.?..=.XKz./......G..u...>Mq].._.k....g.dz..E.J.Mk.....+?....M..6.&&Z.w..y..jG...4.?O]7.0if..!.Ul*.....!..A.YFh.,.4.pa.tL(.k/.j3......@d...`..dS.....I.....#...R{8.x.V..|.).J...X.rW?.]......./5..%...&..E.2@.X:.....D.0.......l;..g..{....-.....n.`.E..U...BW.9d..8............)....;gv.e7...?...(m. |.6...$H..._..=F.<$Ib.6Zg.JD.hz.-..'.`g...0..s...V$.O....I....4.#.;(a.O../....>...LJ.|..8..t6K..F..F...........mU.~..._.R...{.1v........9.d}.F"!E.b..1W...;(q5.9...1.x.s.....Ak$.c.v...#.9....P.Q.......r.|y......l<S.D.e=... ...1.....UVoD..8.-.$..x.....Njb..0@...j;.f...>..>..t.Q..3.E!.2......}...0.e...y.*k...B.%.=....._...B.v"..]_..1.`z....E*...[........!P.p..G.....(.7.-R...L...........uP....(:..u+

                                                                                                                                                                                                                        Chrome Cache Entry: 234

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.99980567772675
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:ZkmFdOqrpBXQroEQIXHgd8BJs2wMkvsmz5tW5RIqTCohV23wT1jQ:dFkqrtEQIVBXwMkvsmFtW5RfOobN1E
                                                                                                                                                                                                                        MD5:00D0C545FEB3B500415C3BE24D5B01F9
                                                                                                                                                                                                                        SHA1:88CFA63D3E586FF5F4AD6B703EF205B87E71EDCE
                                                                                                                                                                                                                        SHA-256:BDDF8737BC1B6059850F3B4F1EED309069EA292DA87E82318596D7971536949C
                                                                                                                                                                                                                        SHA-512:A5EDBA257438CC936C29D87A3340FC690CDEF51BC471DC1D06EC97FC58A5B75A98A5ADB268777D2794A883C31380E835BF26AB8DE46D014A5261459F56B6F11A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:12
                                                                                                                                                                                                                        Preview:..e..+.j..1..VKe...D.8\NUW....l...a....o3M....$.&...*^..e.z.=..U5............W.f.'k..B....{l.../b^xK....|.Q.......V...e.O......t...5$.;..`..E...C.<.(W?q..O}..c..k.S...%.5|).. .3k.D...1T...s9.F..S...+..z.FG.Z<..cC....}Dg.F..b....Q./1....m...~.%......3..._......U...../.4M.o..j.w.!o=1.'En.....fi&}.H/..|.N....n..&.i..Z..5...tI....,Vq.Z.(5.THh.........H.\Vt.C.=...6OT.Xg'..d.F.L.%d....p.jW.~...3..5g.H.M.d.l6.?h.`.n....`.;......N..t.B,..D..1d...y...2._...'...).r.....VA'....3.I...R......%?.\9..5..I3"...VsXq...\=...ePb.Zp.v..OI..KK.;..R...&?L.r.z\.9..EZ......:.....f...W.h5/.......E.k2n]%.UZ......zLx..7.u/.o..j.?....^..@.G[$e... .iqq.~L.Ye ....PN..;G....f...q..0..7.MA&G....}.RmLc.J%...c.E.R._.H.$...M.n1.V(N.LE..=`..7.....od..yw.j.$.g.]...3.o".....Or.`j...^..*I.....S...-.../U.~)....?29L.....h...T:D..&:%.dB.. &R...0b.}.ev... .l.$..'w...Q..7....+0_.}.?..^..^.;*...,..N&..Pn.C..}..3.....j, T.=>x...<.@..p.1F..1.'.3Q..mq.Bukx.%.z..F..h...y.uw.|E*).o..

                                                                                                                                                                                                                        Chrome Cache Entry: 235

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 311 x 311, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):17747
                                                                                                                                                                                                                        Entropy (8bit):7.963201877508795
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:+kEaThRCFQnjM54cjUXc8o7QwTVGuZSxrwtJMghDtE46+c:5CFsEjUI/YuZSxkM2Dd6+c
                                                                                                                                                                                                                        MD5:38E67B8BA9A7863DAA3E6433D86F629B
                                                                                                                                                                                                                        SHA1:D2D2C240927406F54D76806CAF92E36A229F48B5
                                                                                                                                                                                                                        SHA-256:2404B986239DF15C16E2E3CE72F671370FB145B5491BBB608A1613D8CB7B82B1
                                                                                                                                                                                                                        SHA-512:FA095CD3230A27410A32A7B0C202378126F7DA6935C1DAFEA2BC2E3FE448586F9C10766B32C7FCDFCE19BC8135A7855C0AFFBA7F1A9FE73B122D9BCD66BD9B0A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...7...7.............PLTE....yz.......hj..1.~".."...........%..)..'...................~ ..............%.....$........$.................W.................$........T........U.......} ..U...........S............~.p........S../................{|..........}~............................wx................yz.......................................................jk.......rs....qq......................gh..........st.mn..Y.tv....bc.uw.....V.....U..S.......lm.....S.pp.....R........W....oo..P.de..P.ij.ef.....O..........^_..Z.....Y..M..................._a....aa..N.\^..\.....I.....K..(........@..C.....:..Z..,..T..]..W..<..2../..G..\..4..E.....7..%..Y.}!..[..K.."..D..'..P.z......+..4..U..G.....R..N..K..0.[\..U..>..B..;..8..K..#.WX..J..T..m.QS.x.IK>.[...d.^0.X..{..r..nW.]v.K.....b...1.HX.I..Bc......FtRNS... ... ^.@...~@0..@..`.o.._0..P! ...oP..~...0..o...m..........O.K..A.IDATx...1..0....$..E.^..t...#..![...@..~.^.f...;.;}...................G....O~W....B|)...m)..%&+z.R.+

                                                                                                                                                                                                                        Chrome Cache Entry: 236

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 716 x 110, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9809
                                                                                                                                                                                                                        Entropy (8bit):7.954559967359701
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:XRrl09geCFh4JwyxrwThpjMARIE9ZNIXF/Qe/jrj:B0C/TbhpjLRxWdR/jrj
                                                                                                                                                                                                                        MD5:5AF07979C5CDF3FB896B467640D3ABA0
                                                                                                                                                                                                                        SHA1:64EB66EFBBC890C5D8AC6FC43325624AC73E576A
                                                                                                                                                                                                                        SHA-256:0F1692A7F73D039DCB6703ED915D094E5C6E88EB1E01770AD1927C0B5F21CE52
                                                                                                                                                                                                                        SHA-512:DCDC5E65035AE596508800DFA53D256EC2C087694B2F5E9258C61BB40DE741039B062359E7C1952A38FC31C61F608CC01F80F1CDDBB26AE3B1FB6168B63F86C5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.......n.....3.E.....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..$.IDATx.._r.....x....`D.*..V...`...X.a....YA..F...v...b.7.....{>..k.m.i.l.....C"..N...w~.@.,......?....?...a0...?.>.B"s..C.c.}.....c...p8.x...w}|===..........':n.......8=..^.-ONN...w.....c}.x...+.S..8.5<}....Y..'=..G.]\\..ey&.. .....>m.#..._....NT....ITt,a.e..........C=.&..~..r._.l.@G.....w.....e.....8.w.w...^...4.or}..!..g<....K.8...z........z.09.L..5.W.g.i}..`z2Qb0MH5....d......<.d.L..f~3..fuo>.=zs{._>.`y.....K^...^8.z5.........I2@....,p.....O s...| ..3I.'+~6...b...f'i.$O..97l;9I.....t...Gz...J..<6......N.Q.1..N.V$...'d.3I4..H.......L.U.B.

                                                                                                                                                                                                                        Chrome Cache Entry: 237

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 362 x 362, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13803
                                                                                                                                                                                                                        Entropy (8bit):7.936047500471041
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:XToMW/+wWSgfERy/c2BT7ESs8HaIcHQDsZbW4K:jW+wrg8YBUIaIcHQYRW4K
                                                                                                                                                                                                                        MD5:81D7CB8BD7DABF68B4708E360C1A3AF9
                                                                                                                                                                                                                        SHA1:B37EDE8F179BF294F55D6E8A7F3A6E485D17FCDB
                                                                                                                                                                                                                        SHA-256:32C09443BBAD070BE70434F6677AA6526231809752E1351C7408E2902C5AD858
                                                                                                                                                                                                                        SHA-512:739898A682022545643C9A9320152E0A4E94432FADDAD13E2BD2763A634518494E7450DA39C627F7E0923EAEDE3B7DF185BE7D4658DD15BCEEA7E883CBD97257
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...j...j.............PLTE.......................................................................(............................................................................................................................................................................................"................X.........................................................................................e...................r......l.._....`............z......u..q.................._......Y....[tRNS...... .@ .@.@0.._..oO ._.`....p .._O......`/........oO....o@......o..... ...l....3qIDATx..............................].{m...x.fP.>.U....){..p..b.......(..y.C.&..._9'......'..{.p..sn.......90@..z..W....7...e....O...........O.._/nN......8.M.h.y..........G.O...6P.Nq.B..h...O...s...t..c........Xk.~.$Ib..~.....5.P....^.1.&......`x}.. .6*.g+.E....n...6.....Eib2:..y..M....)7`.i.h....(...Ug{...s......c+)mm....V..,.lw......<..4....j'=...5.......u..62.."...4<..

                                                                                                                                                                                                                        Chrome Cache Entry: 238

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 62 x 62, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1710
                                                                                                                                                                                                                        Entropy (8bit):7.815359096255759
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:48:+d3c0ynwMD6Oc1CRXcyDRboT1orXBLfkn:+ds0ewMuOc1eNDRgIf6
                                                                                                                                                                                                                        MD5:3FAE94D642A719D2BC650BA73ED01A9A
                                                                                                                                                                                                                        SHA1:E13584E4C35B7E97D2586694E6DDDAAD2D635D82
                                                                                                                                                                                                                        SHA-256:1E7E5864219DC3E7B393709A5689456EB54B4EF7467AA8F87BB7BEFFE41C6611
                                                                                                                                                                                                                        SHA-512:8CEB7DC97E0985514302D7EDC2F78982444D3397AB95D6478628D25FBD4DBA2BC776ECCE091D80C743F21E463E9DAE5714AF1BC08BE7E625BB8B5183AD0F0FEE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...>...>.....D.Xv....PLTE............................ .... .......................... .........$$$............MMM..4E1.8'. ....................zzxxx.ssYYY.........oooTTT<<<.....% .............r...............jjjbbbWWWCCC666...............}}sss..l..PFFF.DD..).."..................x...........v..............................hhh111'''........................................}t.ee.cc.~`..Q..D.:.**..................&........U..H.....D........8.............."...`..Z.wS.kK.bE.......................................nn.^^.ZZ.,,.".<...bIDATH..w[.P..s....XF..,AhE.b."Z,.uk..uv...{..!{orM..&..?$...$..^..(..b...F.L:VT.K.X7....L.....d.b..a.V/.>R.Y*8.#.FAV....(Z..}..:.N...A.-&^.l).x..D._O*U.0....3L...zU.. ...l...M..A\5..W.......6...#.*....72.E0.B...#.Jx..r.. .I.T+@...... .aZ.c.f.1;. .........W.w...(....j.jv.@...K..0.k...[.-X*.....$.X.E..Y.m...dS...u..D...........$.<..I7.}@S.....:|K.C.#........B*.......zK^.,.....m...F.....2xt;.#....l.......u.twF..

                                                                                                                                                                                                                        Chrome Cache Entry: 239

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):71635
                                                                                                                                                                                                                        Entropy (8bit):7.96894871105753
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:RppHnC8DL4KgdMu8m42e3X9e+CA+4Z5xZKtJLJ5mCB9EWizMv:R3nCsL4VdD8V2LA+m0rLvmG9dizMv
                                                                                                                                                                                                                        MD5:4F355848BAA5C5919CAE6C6B848396F9
                                                                                                                                                                                                                        SHA1:FDD7093F94E6024F1C4755AB29D7BEE6CE15791C
                                                                                                                                                                                                                        SHA-256:50133CDAE17EE8E49099E7DAFF2F72C8EDB83A452C507D464259E5D6BAD4D7FA
                                                                                                                                                                                                                        SHA-512:CB5D9619708F1AB3615174630C1ACF1ACFDE3E725A87C26B56188F65B8A8FCB2CD74B6FAB8D3129AF794615758F7D14D19E69616982C75B0581421229B194056
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-9.348ed857.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE...........nnn....................Z:.dA.kEm..q...^=.....|.........eF..x..{ .....R5...v......kL.yL....!.r...sK....rF.....u.................zS..).6%....$+g...oS#bJ......".......>*..O.2!..U..V..o.(.....&,..)|......`.rZ9...bJ..L..*...e..<1.,....J(~(........z\.>#.K/.1fL...0/.....Z...F4..X...6..#...................d.yf.>,..............+....Q+F"..............c.*"..l.I2....A.........y...2*.........<jO....=0.P=....H,........f.7..W6..p._/...n]....8$..J......cR.bA.+..E<.}......v.'........m..K,w+...z....!..A*KoU.{..qI..B.P..;'.......iS*...HuB).?.....[;.UG.j3bx].U4.V2.pA.N.l..*..`.......y6.h..(...nb.ZO..A...........x..Q.Y.lSB...d5.......O[F.Q.a..<.y..ou.l......r.g.RA.N.v.mf........~..d.Y..u.^..+....s.....3.~.W4-..!........FX.O....tRNS...T2...n.S.....vIDATx....A....E..=B<N.K.i".....MP.....T.A.<.....m...Bbo.!..`-ha......@q....^...7...]"F...<...w...............ZV...+....!...j.n..bi.H.p.l.cW{.v.....*....v

                                                                                                                                                                                                                        Chrome Cache Entry: 240

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 109 x 109, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):10650
                                                                                                                                                                                                                        Entropy (8bit):7.974743785874016
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:1RykbutDjmIpiZJ74aSo0CSrXt7ORWR26IIQ8ihVzh1TTNLg:vAxaIg8FovaR26jQ8ihnlxs
                                                                                                                                                                                                                        MD5:70E6CA8E5D7D983AED25C7A3AA5FE556
                                                                                                                                                                                                                        SHA1:2669ED69894AB0CE4BA4A9EFF19843BC0DD19515
                                                                                                                                                                                                                        SHA-256:BC64C29E5189BF9A3BFA33BBA2A87EC95B09A85450BF65CE6CE1EB03B5D46842
                                                                                                                                                                                                                        SHA-512:B3CC4A4F6FC19F9D60A98619784A93D503EA2538E0B1D2BB3991BDF04C70F1E13073767121FD8AF2D4D8D3A9D9A7674A7AE1835126D66C163BDAE265A56798BF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-10.fdbd43f2.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...m...m........V....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..'.IDATx..}....y.W}..?..=-h.-..XH.A.....&.......a..c...1..A.9'..2.8...L.$.....&..`.l...D8. .....>.....]....o...JzB$.................;...C..;.......R.C..).Li.IC..)...B.AL1......1<....a....i-..d>...c...{qN>...#.X..6...[v.m6.&.d..>..,[.......[....+h..b...._.o....-..F..fn..p.2.3.6.AJ.H]=..$z.M.Y..|.y..}.ro.B2.......X..U.5...8.t.A3..Z...........3&|..:%...o.@j.F;.@.ci.....[.._.1@@9b&.5..1~.7.%...ow5.p.....hR.mv...t..~.Z..L7...!S...IpC...8..<.a...?{.p.E.....V....1HW........9.D.i\...X.Cf.1uf..;5...!..4b...4....).Li.7*]...B...d.*.....Z..(....3..xc.2.p.....

                                                                                                                                                                                                                        Chrome Cache Entry: 241

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 369 x 369, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):16731
                                                                                                                                                                                                                        Entropy (8bit):7.934811457314126
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:t6tUvgyafgNzKZjCbA87llmXyul0WyL0s87eab9tjky:Qtc2szQjmzLul0Debf3
                                                                                                                                                                                                                        MD5:FD86FD75E7DA848163C4B41CD0989D03
                                                                                                                                                                                                                        SHA1:1819060631186CF29B9C070E6B84941A7F075D2F
                                                                                                                                                                                                                        SHA-256:4690D37928F54D8FF0CEFC2CC93C8DF80E71C232BBAD2291D1A946994B571EC9
                                                                                                                                                                                                                        SHA-512:17BE335FDE8C08AE4F4726DB63B05F733598221D58CAC002BCD8E283985BD59C5288BB03B9B1F4024A8ACF5895E528C64A8214282F369A8B21FA7809BC9397E3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-29.bf39516b.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...q...q......Yh.....PLTE...yM....xH.wJ.wH.wJ.wH...$.....#wwwmmm...........................j.......................l........i..........h..i.............k`V.....*.........|um....r..........i....qqp.....w.I.....Pi.._][....c..._.........i...................................................k.....t..R..n..c..q..U.....L..z..X....\..f..<..w..A..&.._..F.....I..~..,..g..6.....9..}.}......../....O..[..`.. .....D....2..?..3..............N..Y.............%..........?...................F.......................U.................................,.......D..>....+....w.....m..2`............MSSS.....'..Z..@ddc[[[....=..c......Q.......MML.....:....x..k..a..Ov.............P.. ..i..F..t..b..m.......S....].............~H..g.(....e.....g...G..)....GtRNS..@6.+. . .......p0..p`...O!..e.......L.}.D.}`RN.@...........#..P..=.IDATx...............................:Vm...8~.v...(I..@..,}.$....N........u{<.^.]u.........B.!..B.H..v.Z

                                                                                                                                                                                                                        Chrome Cache Entry: 242

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):50531
                                                                                                                                                                                                                        Entropy (8bit):7.966740321893992
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:EMVMGp73Z0dyPU23vL/zeZwWnkOmbA1a2UuJ:rVMM73qds/emWMbA1V
                                                                                                                                                                                                                        MD5:8CEDD744B699C86ECC62E474026FF0C0
                                                                                                                                                                                                                        SHA1:1912B7A1D5444D47E4069D85DED80B0534E6AA9F
                                                                                                                                                                                                                        SHA-256:7C677F62E0BB1B84ADF3361360596B61A1277EF550597AA228945D686F127C42
                                                                                                                                                                                                                        SHA-512:158F9FD16D42C99AED25C191FD72C871D1AD6AF0B0924497078982771D224F5E76CAD9DDD474F437ADCE724EE380C064FF01CD632C8F6D54C6E2CABE6F51717F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............zzz.........RRR......................................................................................................................`\V...\YV.....d_X................................fa\......a................................WVV...je_V....W....e.....................rZY.......[..........L............z`..^][......x_].....A.................t.........\...........oid............Q.......\_a......nkK.....@..zff.......urNOR......v..U.........x......~sk..~.....q..T.........~.......g............h..P.......vjq.qbgi...^.....w........................_....p......................^........k....m...mv....}.........p..Q..U.....q..f............fT......h..|....C.......{..a...{....a..x..6....tRNS.....8.sU)............IDATx..An.@.E'(...g..."......Mr.9.{$Vl8......*7......z6f4...n.KQ.EQ.EQ........._*.G.<..h....8[..Cu)L&.T....2(B......x....TN.?..U6.8.....*F.....~.x.

                                                                                                                                                                                                                        Chrome Cache Entry: 243

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):35683
                                                                                                                                                                                                                        Entropy (8bit):7.955053490136009
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:YSktyF96W/Ed5UVnIYyDM6Hdy3EUNMwb+Xte/V8W3rO:BJF96/iI3DrDNwqXEbO
                                                                                                                                                                                                                        MD5:583975B4342FD718871603AA4D228980
                                                                                                                                                                                                                        SHA1:7E43257C86651A17D4EBDE6527B730B676196B39
                                                                                                                                                                                                                        SHA-256:876A311EEF77C10933A7E93DA9007811A824DF220BDABDD3F7AB451455F3C2B3
                                                                                                                                                                                                                        SHA-512:3CB04559444EFECCECB45CBCBF5BA8F2F2B4851A570501F1E1D74CBA9D7C427382A56FFE2C6C23E3A5949059850473035238E3EFD89E92F5B7ED35F96E18A0B4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-sd.a5b9101b.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE..........j..... ..'..U......>E....-...@..F.......g.P.v!S.=..4.....i..k}4:.7>._p.....l...59......]r.Xm..v..R^"B..x*.H..^..................................................Zv......~.lFV.n.................gx...................[l....w..o..2L.Qp......ySc....h..`z...Wf..bs...kW9J.K..................o~pO_....v............V.....x~.....S..b..r.;.....[..z........AY........K......E../..........x..NOs.C..........qr...................Gh.np.{}i.=.HH.PU6...|u.E....xKZ.....\a..].6..+...:\.gj.1G...C/<....>...E..F.&.,p.;c.V\.._.pj......!U....Q./.......DX..E]^.YL........x..Z.`q.`j....Woths.0..<... .R1..v:CQ$/...A.+.Bk......&8.c..n.a.;......[S`#.. .tG#YL5.../yyZ..q..n....I+..R...sm.).E.X.$...n.J$o.G.iA...:.g.p|.....{.s.k*w.......*tRNS........2....J;rT...x...tX..e....y....<]t.....IDATx......P..p.M...K$D.D.N..KDl..h.....%H.CfD"6....8.6./`.........J.....}.9.j>w.......zz.....eff..E.V.\.UV.\.........wy.o

                                                                                                                                                                                                                        Chrome Cache Entry: 244

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                        Entropy (8bit):3.5465935642949384
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:7Fn:7Fn
                                                                                                                                                                                                                        MD5:1093E1A6FF610F824EDD80B8F7C2E5D9
                                                                                                                                                                                                                        SHA1:7AF98552E2A774F65E166CEC5A781B1A9B05C555
                                                                                                                                                                                                                        SHA-256:0F9ACC04DBAC5096B11F6F3B16188FFD8E9EC18A1F6408015285454581080CF9
                                                                                                                                                                                                                        SHA-512:6C7CE358C51DFDAD72B4B3950C92EC725DBD14296D544C80429E89AC82B9E56CF8519F21158D65650B441F3C774EDA66B872E7CAD206CB6EF695752D59693D3F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:403 forbidden

                                                                                                                                                                                                                        Chrome Cache Entry: 245

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):55588
                                                                                                                                                                                                                        Entropy (8bit):7.967886615532094
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ThSIDXg8xSi8lU9LTjUju7IkTKZFRY3D2gdOLlyE0x8AeXE0AGherWHUZs1:Thjdci8kLTsMcAT2bLly1DGIrWHYs1
                                                                                                                                                                                                                        MD5:EB338AC3C26A1473324D01C330AC54DE
                                                                                                                                                                                                                        SHA1:19C460EE023AA3716C950554E4598782AF6BDC11
                                                                                                                                                                                                                        SHA-256:2D72AB4ED632E7D709A81A955825D934BA2EB2CCB107F1FD9D142282F1529008
                                                                                                                                                                                                                        SHA-512:AEA5C5C9E24B1D4CD6D1D7742E221A68D1B39195CC99750044E2BC99706357C7A5D42A1FEA9EEA179E01D730A780FAB960555ACC75DE0D27200E9D8514EAC98A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-10.de84dd3b.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE............nnn............................................YM..nM;sO>.gt...TG.VK.[M._R.dq...bU.............RD............]S...kw...eX......VI.am.].p{xQ@.^i.eV~Ze.l`.^...xV`.........pe....h\rR\....o.`Q.^T....kOW.c....z.f.v...j[M>B.Z....M;.....o`.b.dZ.WN}RD...J79......X.qh....a5+.jb....d].}s.N;.wm..|.......u.V?XFJ....m8O..Q8...'..V=?bKO..........nL.....kLGp@2.j.q- !.uUN................bD?.G/.aDp&,..{|aZ>P/.zS.B/.j.yh.zj...@/2....V%..$.............og.{&.f8'(ES..\CU5.{..+.....s.];K/+.....yVAep..b.KGc.M(.R........zjn.........Tb.zv.p`0.iny....v*....NX.rG..CQ....t..".......p..n.jt.K.z.3.../8.....^zL...k..z=.l.....^..M..^..{..[m.Z..F.p.%N....Nc...bI~...R.w....p..ORZk.OeC........o|..z6:K..5.......tRNS...U2.....nF..4....IDATx..A..0.E.LRP.N.}..;.*].8.x.|..P.M..M.]?...?..B.!....."...Z....%P.U."...<E.A........Qk.to....R..J....`....)........>a..K&)C)U.W[.(....$..*.6......

                                                                                                                                                                                                                        Chrome Cache Entry: 246

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.9996684872680035
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:gcSDqjGRAeLiAHX78zZQu85n1wFc6B/Tv+VTXqwJ+UQbgyWfQ:jSRRdkCPSc6BbCTXjJ+UQcyWfQ
                                                                                                                                                                                                                        MD5:7EBC5B8C98D5513033F97F2164ED2AB8
                                                                                                                                                                                                                        SHA1:58E00A75CAA64F3D6318EB5B33D5F37AA20D2850
                                                                                                                                                                                                                        SHA-256:D5032B86723E8711DE9B312A5F4B9BBE2738E3A3C2FD13769C2D48B6DC41EF25
                                                                                                                                                                                                                        SHA-512:2FBEFD5D5AF44ED3124C7364366B5A0058EDCEDC29CC39D324093AB97013BE5753809D876DA8B04D6C574E34DDCA23F29227F9AC1B8FBDDDF1DF71DA89C04AB8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:15
                                                                                                                                                                                                                        Preview:.d.../.._O.....nW...3d..(..u.}$c.....P.%. ..4[......,.F..RW.C.u.1.[!.~].)*.Qs.v........*R....~...~.C.hZ.G.4.BQeU:..n...C{..MA.......e.N.....O..:....[V..O.?#=.........4.........q.Y..;|3...Z`.X..b.J.r...L..<....]..>....M.%Q5..M.dJ.....<-a.j..(..r...:.Mb.R..."'..H...2[.o:i4.yJ.......}...I*..a....t.........n.m.@.W.""..o.M3.B...V.....L...q.O.b.....(.(..Jr...8..M.W....'.,.......w..$.w..}B.r...... ..y.X......rg^....t!.........k..S..u...!..N.....F`.7...Z+..zxH..6.....M..$.].h...z./.k.c...7w..W.kq.a....\..W.|GA..Ue.......(..a.+:..F;O..xX......P.;%.|R.pO.8=...GSJ_..w.}q..5..V.>8....o..i..oA.42....*..f.f...b0..VYF.R.w..g~.9.e......3..\.......-.W. .k.v.X..Bu..g..[.>.#...Rh......Z.fus5....Hv...../.<..=q~.."9.oL.O.O.... .h.gZ....#..&W...6Ix.&...Q{G...f.t...l...DV.}.PC..."X....G.1".(....k.J...O2#.z..RzJ...t.[c....k.F...U...o."....Am3.Z..VR....eEQA..].q...ke3..._.@w..(v.,....*B<$?G..u.fPE......'..g..4.7........Uh.b..Ed........$`p;.]A.-d=.J.Z..c..r..I..h.\

                                                                                                                                                                                                                        Chrome Cache Entry: 247

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 814 x 1555, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):103063
                                                                                                                                                                                                                        Entropy (8bit):7.978507916796797
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:ItSF0R3ulBWhFvTMnS2OWuYfROEH9+U70kyQ4q:It4O3ubghTMnSouYfzH9VL
                                                                                                                                                                                                                        MD5:E36F69BFAEE8E4FF2CF071430B20D60A
                                                                                                                                                                                                                        SHA1:A568FBF8DD6AF84F794FF8C2C563D9299D196029
                                                                                                                                                                                                                        SHA-256:C6EAC38B55F2A38D1A081EADEBD3BEF2B5DF2A57C0C058BF03F6DB7E496997BC
                                                                                                                                                                                                                        SHA-512:CDB4865B872273AA88D1AF36CA76F60FDAC8BF1BB7BC081F77517AD7D3DF1B142C8FEF0358C45E0BE0BAC9B0452238AAADFACFEE1DB685D24A4E258715F3BC2F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR............."..M....PLTE....C..>|.=u.?..=.................................................................................................a9MMN....................................................................................................................].......................................................o..............................................................mln......]]a...>=>...............dej%%%..........................................VVY...{z{....................pqx...x.............667........GGI.....................H.................~..sv.p......x1.........x}...............j......................r.....................N....................s......uU.................jE..............b^..`.......c>....B.g.J...s....N...iE.wU0.v.I......tRNS......JmS0l.....w........+m....4IDATx...............................sA. ..(u.K...u[ .C........N.EQ.EQ.EQ.EQ.EQ.}.tjy_z.G......Z.......T....o.?zD..(.k.:...`.J..H_..U.\2.3zZK....9S.K

                                                                                                                                                                                                                        Chrome Cache Entry: 248

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 109 x 109, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10650
                                                                                                                                                                                                                        Entropy (8bit):7.974743785874016
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:1RykbutDjmIpiZJ74aSo0CSrXt7ORWR26IIQ8ihVzh1TTNLg:vAxaIg8FovaR26jQ8ihnlxs
                                                                                                                                                                                                                        MD5:70E6CA8E5D7D983AED25C7A3AA5FE556
                                                                                                                                                                                                                        SHA1:2669ED69894AB0CE4BA4A9EFF19843BC0DD19515
                                                                                                                                                                                                                        SHA-256:BC64C29E5189BF9A3BFA33BBA2A87EC95B09A85450BF65CE6CE1EB03B5D46842
                                                                                                                                                                                                                        SHA-512:B3CC4A4F6FC19F9D60A98619784A93D503EA2538E0B1D2BB3991BDF04C70F1E13073767121FD8AF2D4D8D3A9D9A7674A7AE1835126D66C163BDAE265A56798BF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...m...m........V....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..'.IDATx..}....y.W}..?..=-h.-..XH.A.....&.......a..c...1..A.9'..2.8...L.$.....&..`.l...D8. .....>.....]....o...JzB$.................;...C..;.......R.C..).Li.IC..)...B.AL1......1<....a....i-..d>...c...{qN>...#.X..6...[v.m6.&.d..>..,[.......[....+h..b...._.o....-..F..fn..p.2.3.6.AJ.H]=..$z.M.Y..|.y..}.ro.B2.......X..U.5...8.t.A3..Z...........3&|..:%...o.@j.F;.@.ci.....[.._.1@@9b&.5..1~.7.%...ow5.p.....hR.mv...t..~.Z..L7...!S...IpC...8..<.a...?{.p.E.....V....1HW........9.D.i\...X.Cf.1uf..;5...!..4b...4....).Li.7*]...B...d.*.....Z..(....3..xc.2.p.....

                                                                                                                                                                                                                        Chrome Cache Entry: 249

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):64325
                                                                                                                                                                                                                        Entropy (8bit):7.967705821097859
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:zCw6Rco5a8qKG9WzlHCpyKfl301dtsb7/y:zMRL5HqNkCpFd5K
                                                                                                                                                                                                                        MD5:83D60FE0C5E9BD5838C3A173FA42E93F
                                                                                                                                                                                                                        SHA1:8828F2A8234DCEBFD7437D1534FF418519FA5B7D
                                                                                                                                                                                                                        SHA-256:320783C41ED98540738C723B56B4A048D0D33B7D7DA37C03CE9833D81E898801
                                                                                                                                                                                                                        SHA-512:DF601DEF87E690E8F64E21874D7E9F83D238AE51FCC8C0ACD8A75D971C6F98B6EEAC65564977758DA158FD9B3ABE6EF23C4546F29403BA3C107C632238FEA91E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-4.4a2b7aa6.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............ooo.......................|...w.MJV...bW...q..]R|....ZT`.....n.k.aK!fZQLWJIU_V`....dU....WR].hN.cL...^L.cNVPZ.y@......]+...ROY..b.P...|7.........iX..i+dN.hN.<.aR.L.p0.G..2.|B..njK...j.1.........'...{:eeH.@.ZO..v.P"..`.....\T[.t:..{d[d......O. ...g-..VVMU..Z.,..D...5.Q......8.e...u...ub{=@.l......q.@Wr8.f".<..juP.+....^.d/.H@eP......@.n3}@.eX].z,..^..x..X_..Z.wR|jH.q8..vvT......Y..~@..z.Y6..C.f.......v..M.9.]-..a.,..}n`b...}.v(..n.V..F....sI.M......m9.|$..{&z]d.a....wL4s[.o?NjS..J_rQ..R..J.SF}j...B.|.eG.7ac0$XK8[L...|\...N$w....R...Z....gw...w.....bPaGV.T........`u.Y\........K,...Jv^e.}..s.t...m..moe4r................wijX.qC...d1^NS.q.f.m......G..mSO..Z.e....I.|TC....^......tRNS....3rT.....k....IDATx..=o.A...PB...8.Hq. #].....Km.O....K7.DOA...(.."..E*..OP3..3.6..`.y.........:wL&..d2.L&.....L..6..q./D07......u.@..Q]w..[..'k.....w7...-|m...z

                                                                                                                                                                                                                        Chrome Cache Entry: 250

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32
                                                                                                                                                                                                                        Entropy (8bit):3.702819531114783
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YA/JHaLWAiI+7n:YABHAWAiLn
                                                                                                                                                                                                                        MD5:07AF6F1DDC7312D27CB0B3EC3C6A5F11
                                                                                                                                                                                                                        SHA1:E14461D6C670B627DD5F6ECFDF493BD9B28A39B1
                                                                                                                                                                                                                        SHA-256:851404A868D79418E64C0C164C587EB92B651B44DD5B0DB6544E7E797246ED7F
                                                                                                                                                                                                                        SHA-512:BA3CF0F7367C2CE4D1E44353A72FB6B479926B9142B8A895FC9569EC1EC3FA0EBB844038873E76B90D93BB4FC60F65566A8E21F1CADAFB08B311B6A98822E285
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"error-type": "unsupport-type"}

                                                                                                                                                                                                                        Chrome Cache Entry: 251

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):108197
                                                                                                                                                                                                                        Entropy (8bit):7.965925240016335
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ajIplz8CNI/Oe+AxiRgR5kxrGJt/ElI3bo6i1PsrjzDipWOSkO3FaRTRpa7gx:aWlo/OeTL5kqJEqusrLipWOSxoPMcx
                                                                                                                                                                                                                        MD5:E7CE14171EBAD4B5EB07FB8A70E65F09
                                                                                                                                                                                                                        SHA1:13A0EF7C70413B97BE94C5537F8704123BC2EE28
                                                                                                                                                                                                                        SHA-256:0BA0B3D297B7A2AB57110F1E18728CD18100B6A6E7F8EB3784D8BD44F3A5ECDE
                                                                                                                                                                                                                        SHA-512:8BD03D0388E8860E85D7B9FCCFCA0D6C41AEC3EE85BB06BAABABE271A8CA03122023F76EFF8FE12F5E15F275F2EA2E2173733D56436E6C38DF4115DD6266F3C3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/poster.712f34ab.jpg
                                                                                                                                                                                                                        Preview:......Exif..II*.................Ducky.......(.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 23.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:A0B87D03944A11EE8656EFD4C33CE12A" xmpMM:DocumentID="xmp.did:A0B87D04944A11EE8656EFD4C33CE12A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A0B87D01944A11EE8656EFD4C33CE12A" stRef:documentID="xmp.did:A0B87D02944A11EE8656EFD4C33CE12A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................................$$''$$53335;;;;;;;;;;.............................%......% #...# ((%%(

                                                                                                                                                                                                                        Chrome Cache Entry: 252

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:y:y
                                                                                                                                                                                                                        MD5:81051BCC2CF1BEDF378224B0A93E2877
                                                                                                                                                                                                                        SHA1:BA8AB5A0280B953AA97435FF8946CBCBB2755A27
                                                                                                                                                                                                                        SHA-256:7EB70257593DA06F682A3DDDA54A9D260D4FC514F645237F5CA74B08F8DA61A6
                                                                                                                                                                                                                        SHA-512:1B302A2F1E624A5FB5AD94DDC4E5F8BFD74D26FA37512D0E5FACE303D8C40EEE0D0FFA3649F5DA43F439914D128166CB6C4774A7CAA3B174D7535451EB697B5D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://h.trace.qq.com/kv?attaid=05700050920&token=3619167286&topUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&pageUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&domain=im.qq.com&channel=0&from=2&version=1.15.2&platform=&kernel=origin&_dc=0.5179496214337087
                                                                                                                                                                                                                        Preview:..

                                                                                                                                                                                                                        Chrome Cache Entry: 253

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):271
                                                                                                                                                                                                                        Entropy (8bit):5.077273104025034
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:h4QW3z6Ie/KYkUbU7AqJmOs43Le4mYn1K+Mch0MwWXfGb:hPgzG/A2UEqJmDujP1K+MCL1Gb
                                                                                                                                                                                                                        MD5:033D4A8324DBCD62BE77466E5C21EA02
                                                                                                                                                                                                                        SHA1:F618C5B81A86E0BEDD2D240D987923066CA21A75
                                                                                                                                                                                                                        SHA-256:4A7662449EDCBEDBADB613E882544D8FE4B1E5DA5649744B4833707711589DB6
                                                                                                                                                                                                                        SHA-512:69418A83BE25CCECE9DA50C0CC1CC9D4A63F7845FC670CCFFD2EB92A6D1167F265A60A9AEA528109147DFDF954689B899A560EB75EF0EF035DD254A3D375455B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://im.qq.com/
                                                                                                                                                                                                                        Preview:<!DOCTYPE html>..<html>..<head lang="en">.. <meta charset="UTF-8">.. <title></title>.. <script type="text/javascript">... //BJ_REPORT.tryJs().spyAll();.. window.location.href="https://im.qq.com/index".. </script>..</head>..<body>....</body>..</html>

                                                                                                                                                                                                                        Chrome Cache Entry: 254

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):62227
                                                                                                                                                                                                                        Entropy (8bit):7.985539475072989
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:mhm4eCgiAhaEqHlzLnx5X6Hz/byL3nS+eA/UMZ+kIdoup5YcyxEdgn6qPoDa:mh3jNRLDS+++e9IQp5cEdCQm
                                                                                                                                                                                                                        MD5:2C24916FCB318129CC24AF2A9ACA8D3D
                                                                                                                                                                                                                        SHA1:F7814B79D0EDF290A36B9C3BB12EFE5E972191B1
                                                                                                                                                                                                                        SHA-256:3375D3627D1022D14AED431ACC3495F376AA40F2C71A2FEB0AD1B5524615666B
                                                                                                                                                                                                                        SHA-512:C7967C2BCDC955D524DCE80FBB9A1D547694B5A6085B8DB5D297EC3410DB97DA37C300ED284F73FC45127FD8079FCAF515A02D540C086A599A72F3682070C6A6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTE...epw....#%......(.1MV[AIM29=... $&..........................................(.0....%(#*,.!$&+-.. .."!')."$*/3+15........ ',/.!"9@D-4829=/6;$)*.#';CF6>B<EI...?GL (,!%$4<@$,0...P[`DMRBKQISYKU['/3GQW078MW]AINR]cEOUU`f...#'&NY_(*(...\ir.44..... ...Wbj!!.....z_mvYen6<<q}.OWY,-+my.$...~t..apz/1/alqx..dt}|........KSW^gm..qju|......V[[;><597...HQS...m..i........d=B@`L>.....vBGE.._x..fw.'%"s..U_a......o..[dh552n..j{.+!.FLKmqp}.......u....X1' ...82'.........bed@81...gki...QTSvywT>5iNC\C9.....7*#]`^..zTK:.....MNN.........oSH......=IPM91@/(vXKHA0......HC=G4*...................`SI....pa|.........w...|]QziI...aTMKD'29.~ewn`....i[.........m.wVb\Rj]C.xj.~WXYSTRH...........p.....cmcX.pO.th.......q=P^...2AM*9C..{J]j+=/..z...D &......Z&-..Pj~...{2=.L].h.5p.a....tRNS0.OO........A.....IDATx...k+e..z....!P[1...%.S2.8.\$...H<C...L80......8...F.....Z7n.`)B.)..!.{........%Z...o..i{...y......s........p......S...,F.?W./....]........A.......

                                                                                                                                                                                                                        Chrome Cache Entry: 255

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 248, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):57081
                                                                                                                                                                                                                        Entropy (8bit):7.985896019418537
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:edxFhMvVUhpos+XmSr05cvlHrezI+CIlhnZUDh:dVUhuj/0uycKNZmh
                                                                                                                                                                                                                        MD5:1E7C5EADB5E51E5F94DAF988419923DD
                                                                                                                                                                                                                        SHA1:A4C0FB87B0AA1B1C9D7944C2B5855BCD3ACE5F8C
                                                                                                                                                                                                                        SHA-256:25839FB3D654A4D8ECE9223531E4B8BF9DB30A125038E3D5F0F737D9CA3D0E3B
                                                                                                                                                                                                                        SHA-512:9CE5E57AAAFDEA324575A96D4FE8BBCF5A935F0CD2721374A814FB345033FFCF87CAD8FE698D59ACDC97E3FE0661B49962E54953BD47D7B98B7C2EE737F33AE9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...............3.....PLTE...Lv.Eex+..C&.R/.......G]g<( \gnaG5<".px}...".....)..a..Z2....Q,.V/....K).....$!\.....R}._4.d8 F&.u..Ly.:.......e=%2".@".......8'.5+'......V.....]9#...z.....jA)...i..l="". ...........vA&2.....b.....A-#...Gt.......<1+......qE-}H+.............n..Xy.>72......MC<G;3...g.....^..d..........G4*...........)(*YF<...S=2...Rs..........PIE......B=<Bn...).....YOG...R5...p.....cTKEfu....Z:Lm{w~.sYJ302......|..@^kP4$_t}.....uH7p..~dS...n..bLA..}un...paWc}....}..|O;..............uojg\R...ilr_@0...Vlv.}v..|xw{.ma...78=.wkky.^YV...lgb.hAoqxVRQwh_gE8..plN@.J...{CCG.YDf`[9Vc.dM...oZKdo..^^ccfl.wa.(....xP...k,......mT.Z..x....w.!..bC[...<...GJLR.._.~4.S0.~.a).a.D ...\r.....o...qSV^.S'.8".|e..1.uF...=..hG.G.|K.o..l......[./....I...}...5.o%..Z..DR.R.....tRNS. .........s.....IDATx..?..Q...J..NB..k-....v@.....k3..} ..I!X.H.....X..`!.!...5<..{..fF...<....Lf3...y.#..O.XOG[:..:.7...z?~..)....~.j..5....9...G...h...Y.|.....i....

                                                                                                                                                                                                                        Chrome Cache Entry: 256

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):35833
                                                                                                                                                                                                                        Entropy (8bit):7.968432364063312
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:uRzyOy/ma+XXWqSA86MlBjK3ybYd1okZiwF:um/VEhMlB2ibYdBMwF
                                                                                                                                                                                                                        MD5:B3B6BF49A0DAC771E6231C8ED7B50B7D
                                                                                                                                                                                                                        SHA1:7D08C613473985C3DAAF49EC38066202D823565B
                                                                                                                                                                                                                        SHA-256:70D372944A2862902B182B09E2E6EAD81242FED2BB7E9C01448735C63A230F20
                                                                                                                                                                                                                        SHA-512:093EA5D747DFB9822A52A969982789A03DE9311DB21E7E4AB1DC70A87EC35A2C87148F1121552C8006CC40FBD74567C2280BE9125AE5DF8D5CFD7B6E4CA5F073
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-jy.26b790ff.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE..........tv..............tu.....vx..................t{t.df......h....Od....q...........................................................................0!3......(.).........................d`...................{.?=.....fi........x......oe.................wo.....:%;.....u...|}...x.Y...qp....ZU..C*B.IE.....d....~...yy..b[n...TT.KG...{...UQ.......o..PO..........oeivTG.sx|np... .!.qe...^^........gG=V92.n.U.y.]v...L<N....c^B)$...............lfG.n}Jh....h...r.=?.uj.^O.....h........s..h..........=p].f..A?.....}.>M8....It95>....p..{J_O.i..U.u.nq3'1\IeA\........]RYV+ Qvd.~..C+...^......S....deZ....|...............0/..@...........S..8_..)^..]Xq...........Zp*........U....]...VK~.i....tRNS...!? .U.E}.lq...............Nkd....IDATx..k.Q..S.Kbb..F#.D[....5.R)I'.B(M@.+......%4C......s...8\...(.$.....%./..~........}.^........^..B.P(...B.P(...B..w.B.h4..(.&..v.4.B

                                                                                                                                                                                                                        Chrome Cache Entry: 257

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 146 x 146, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):14148
                                                                                                                                                                                                                        Entropy (8bit):7.978254582428027
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:q1GHKV3Zd0HakeHlNl6EbGLXIHWZUhwsXg+:OGHKVD8ZX1Z92
                                                                                                                                                                                                                        MD5:479DB0F10762671239DAED3178E75A46
                                                                                                                                                                                                                        SHA1:D83E281B5609D98ACA781976C00B8E17A0920038
                                                                                                                                                                                                                        SHA-256:3E206D38432A886D92CA15AB44C1B94CDE12D819C668B8ACA8D88D9701EB00AB
                                                                                                                                                                                                                        SHA-512:CC0B4CEFB63520C9DFF4B02518A25E00F0F7EC4BB29DB229C4E0EC0D9E87E66044E2D51C4F60F7ED92459B436ED93DE37E0DD6AC0EDB5FBB83ACB15020CACD18
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-9.32e87ba4.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............{......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..5.IDATx..}..eG..W..{.[._/v.._.7...m&..qw.L`...AVl)...F...%...)..h.h..0..@..D3..%.#...V.l..K...K/..~.vO...._u.........S..s.;..._U..}.K_..J....l.RN..i!.4..*Q..W.......,?Q.......F_~.E.....Q.~.:.....eyM......w....!...q.w....u....\.@/..m.....^.9..X~.r....9.].....S.jK@k+j..Q[......~R..({j.5.6...~\..~....Y.H.$."y..g...tV.5.hj.(.....^..u..N(p-...9........n`...~Hg...e.{O..uQ...roPy.......FI.H..l....b..s_.f..]s..R.A..........w.j_.6.wW...z=p.......8;.|.!."....e..6..n..~3..$6.L} U..;@TLq.O.;......;6.........BA........|..}.._...H.</....P...........`.....

                                                                                                                                                                                                                        Chrome Cache Entry: 258

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):78041
                                                                                                                                                                                                                        Entropy (8bit):7.994232648382918
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:1536:IKiW1ekBKCgKIxaAgkCgeCZwrDe4f+XwyISuI5ofFDRUI5K3dos:IceCgKGlgkMPrDe4fNkofFDRUj3P
                                                                                                                                                                                                                        MD5:517898A28FDC274A85B7D9CAC871418C
                                                                                                                                                                                                                        SHA1:DC4515A9663955E842D8BD4083B5CB1095779BED
                                                                                                                                                                                                                        SHA-256:5AA735F3747384609123A6FA0E7372D79A66D62EDFCB15991DDA844F146D5802
                                                                                                                                                                                                                        SHA-512:6EC89AAE3FA1C9C1D44B4A0EA20D6E6A82AADD93B03B8C0CEF0C1C6C668F3AA12E29CA3C24606F96607D3C7F7C8DE1545D38384B052B3B57A5096DD6519B90D2
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-8.2357f6e0.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTER`l................bu...............................................*37...0?F..........;B..................+7=?NX5AE...6EL2BJ\s.=KT...3>BBVcBR\GU^1:=...:HQ...du.<R_w...........Vo..../58.........^v.Ss.KYbT`i;EF...ky....n..G[h.........Nfv...'/2XfqOi|O\e..._nzG^nx..epy...^js......t}.......8MZ...^|.........Vw.......Obp...o.....i.....Ow....On.lv~..........................{.....s..L^k.....g.....m.....YdkV}.>HK...........VjxKq.f{.BYh......GQU...y.....................Gcu...`.....~..`..a.._..4GRs..T..u.........k..ELN.............V..NVZj..U.....9?@......Fm.................Kz.z........x.....x.....Eg~x..>\o......{..:Vg................l........ttu........V\^gkm...i....cbbF........i...]...#&..y.......vib...TQO6b..tl...F....`XV...5o...........tRNS0./.0..O.OOOOO.OOm.W...-zIDATx..1..D...Q.B.d.0L.d.).l.|.{.o{A..F...b+r....ie%.......mD.._a.....W.$.L&.Iv.y...^9...._f.^.7..Z.T._r<..0...^a....6.4...fe....z%..^....F.%f..N..

                                                                                                                                                                                                                        Chrome Cache Entry: 259

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):52214
                                                                                                                                                                                                                        Entropy (8bit):7.963521995118885
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:xSUQwGp/aTECMyhE3H8qlJcGlHA6rNMLwSaS:xSf3gXu3H8qliWgVLQS
                                                                                                                                                                                                                        MD5:F1FAB1492D70D6799DD575E5ABB3CA90
                                                                                                                                                                                                                        SHA1:8EF7A9C5CDFBEB5FE208E8E5201C499344347CDB
                                                                                                                                                                                                                        SHA-256:60982CCB8E7BF5D7D20E13F57ECA9ABDCA3063BAEDEF07E432CB91865F2A284B
                                                                                                                                                                                                                        SHA-512:5A8F378E7E9FFF01C2A9264484575AACD62C30F98ABF9EDC02603FF49D27E0FF37284DDE78C47630CC62BE376280ADA8F18AD01D9DFD8076B51E55764AB4D9E5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-13.5bb4e455.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............zzz.........QQQ.................................................................ZF?VC<......Q*......^IA...R*.T-...V.W/.\0...a...X2..l.......e.d7|Sk.T+.h:...Z/.X._3.a5.Z2.V).]6.[4..j.U..X1rmy.q|...R,cJ@....a9.b2.S'b....i...kgr.iu.in.d4.d<...._0rMe...iNA....W-.l=.......^....R@9UD@.....p.].S5......O).............e..h7.[8.|...............u~..rw.hA.^<.ot..................y'e...y.....`MG{......l......wpQB.y}.....e...............a=....N)...nI.....G...............h.....k.~.........\o.wH6...]ha.w.S.l=._.M..E}r}..wQ..iC4.x{fqh.eH@x..R:.vQiVO.zH..t.p..j}ib...._.b.qB.~d.......s.ar^Y....sn.......]H.;..g7e...x..^..hZ:..B.oZ...f>4!.....=...t..s|uKn...~PM-{...4.b|......]tcD..FMN[&P.K_w.J/.G.jJ...d....tRNS.....8.Tp).................IDATx..An.@...jH....]`..RV.ue.....@.bq..,.@".@]v.[.$..a.....L&M...H..;Q.Q>..y3..d2.L&...U...{QC_F..Hh...0..A........6y4......l~..}n6.....-Q...

                                                                                                                                                                                                                        Chrome Cache Entry: 260

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 200 x 174, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8768
                                                                                                                                                                                                                        Entropy (8bit):7.922964844859828
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:QAhB8Ztl/3eu6Ot83RG1xtCwpcovaxOJwZKh6zEtFtc9KrQE:QiqZ7T6Ot83RiZnvuEw0pE9Kr1
                                                                                                                                                                                                                        MD5:80E85FEBC3E5B7494B1FC825B13ED505
                                                                                                                                                                                                                        SHA1:4B1CE6AE606721284C1A9C28FFA96F0731B4A5CD
                                                                                                                                                                                                                        SHA-256:98E2DF484E9DA9002CED06EC0C5EC5FA2B97BDA21E7390D75C543EBD45A70666
                                                                                                                                                                                                                        SHA-512:509B3513131768FE0A5BCB08F942D00FF2C2AE3B2EB840906D66E067D727E8F0F28F8494F7EDD38510C83CE75C09B435800F9C963F7B281B0ECDE802412B8B76
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............D+......PLTE..................................................................................................................*......................................................................................................................................................................................................................................................................................V.............[....S..........A.......O...................L..?................'...^.........H..........b......................E................g.............................t.}....K...........y._l.......C.......Y...1....ym..X.............Y.E..#........;..A..z.......n..R..7...[.......$.h....*..5..........U..i.;..4.Z,..x....M........*tRNS. @.`p..........P.0.`P.......0...`.1..x(....IDATx....N.Q...)R./.."...(e:u.4]@C,......XG.P.a.O..'..\.i...."q.K..sn.L{;Nq.~P....9.........$..1.../m\.w(..;[........tr..........5

                                                                                                                                                                                                                        Chrome Cache Entry: 261

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):11002
                                                                                                                                                                                                                        Entropy (8bit):7.9776073354641674
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:A42SVjLW30Z//kSr0tG8GaehbHCPSRRl/e5/PHeVxoHAiZIRb6jdQzaVtzc8Ybxt:A4ZVj12ShazR5XeroHmRb6jdoX8YbxMw
                                                                                                                                                                                                                        MD5:D70DED7A0C0898BF1430ECF1D45620DE
                                                                                                                                                                                                                        SHA1:550289501C2DF637C0278092CE126793C57B83B8
                                                                                                                                                                                                                        SHA-256:2B8442D43FE84FBC1DCC64A970CF92C65E6DDB5D52159A7972BB427247C99D67
                                                                                                                                                                                                                        SHA-512:B3E07E5739CBF7D158BCA701591AA3CC1D49636705F1E5A4BBCE3B6629362727CEA6DA4F22382110496B7478F2E75F20E30D3046DB962580FF51D5E348C85019
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...l...l......fW.....pHYs................eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..);IDATx..}.t...w..{zz.,.[6f.d..c..$.B.6Y.YM'..!8. 9=..}&'Iwf..d&.=.0'.....s&.4Y.$!../.....l.X.....i{{...K.'..l...P...r.~...{....I..I..I..I..I..I..I..I9....c$..2a...3D.*...CyY..=.@.0).&.j..R...B..4:.eV......(... .....|..6.%...)....(T0T..!....X...I.M..!~.p..YS.(U...5.......5.Y....c.d.a. ...V.W.{_...[..o.b..2.T.r.94...m.....,k..G!..M.|..m..T..8\.pa.'(..LfqSs.rS...Bc......1N.T.G)_...].J.I.....r.A.x.W.2.^748...A..VP(.......x..)....|.ar.rE."Q...U.U+=.~....O.........Q......l..h)......f........[ ..*E..U.TQ...........V|.{.p..O..A.,f....t.

                                                                                                                                                                                                                        Chrome Cache Entry: 262

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 795 x 1537, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):542510
                                                                                                                                                                                                                        Entropy (8bit):7.982870793616109
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:ghWGsIHttizdlq40Q1XUVAAo0B+EmJK6HOiQN8PtJOx6GFiEe:g5tqXyG0B+LI4ntUFch
                                                                                                                                                                                                                        MD5:01F2EF8C6EAD93573EF6B0F02174B65A
                                                                                                                                                                                                                        SHA1:D96ABFC9DAE3353B67C1F442865577B14C950B4C
                                                                                                                                                                                                                        SHA-256:52E9890D61E298CE3E7A68E22A7A22719AD34CDB590B60EAD170281CD9D39948
                                                                                                                                                                                                                        SHA-512:5351C8BDD1F46636C49A2A08A08720C33B878B233E7C7328EB8F9BC038B3280D3E58A4A65BBD740DA06F6707DFFD91E0D6D59BF297367BA148D63ADED37C4C6E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/page-2.9a3b1afa.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR....................pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..EoIDATx..}..].Y..V......X.ZdY1..{.C.MC .[.mC...W.YB.i!.B....Y....-m.....M...4...IH!lR.w..1...,...V.wmiO......3..d[...Iw.9s...s.....".......................................................................................................................................................TUU.......b...b.....|.M.m....O..k..i...)}.~\.o.......!..k......Y.Z{<..O.=.=w!.mxo..........j./.?...^^..q.y..~.<.32.........|...dK` ..e#.a...").....W%E....u.qz^......F..k..A.-j..G...;....weW..M}DC.^.+.....$.2.7...\czZ.!.....k./.e.hWZv./EC...L...r.......}...G.]q'$........6m

                                                                                                                                                                                                                        Chrome Cache Entry: 263

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 152 x 152, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):19176
                                                                                                                                                                                                                        Entropy (8bit):7.983338413624944
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:GOlPWT70FVi7oViVO9eJaFIntcJrlbNoldw9OBh/esTTrVz:GOlPQ7e87W9eJaKtA5mldf//1TTrh
                                                                                                                                                                                                                        MD5:B8B3AC9B2ED87863B567118CC18BBD15
                                                                                                                                                                                                                        SHA1:AE314CBB019CE1710D39EA0FC4EA23D60D177A70
                                                                                                                                                                                                                        SHA-256:15DC12C46BAAC97C8665C5D40A3323BF7242F266FCF511E14C15EC138ADE546D
                                                                                                                                                                                                                        SHA-512:0A78C53541DD77E0BF14E5799F01CD75E39C9ED2A8A51A71FB9DF9F24A3C3D2C105BC6C7BF133855F5328B4F16F073BEB7F5530C29A4BFB8BD22DDDBA6D6643B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-6.1922815c.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR............... !....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..I)IDATx..}..]Gu.9..&u.-Y..q..../.2I.c......Y.&.....M.Y2I...2..pB...[.|...1X2db......"c.V...$.[R/.....^kK..JT..w.u.....N...d:.N...d:.N...d....(...5.>{..p2.L..).+|n.2m..a8.N.cM.@].u.,.uQ...t|.4.td...h]:.b.O..N....f.D........[.nm.Z.s4..].>....W..4{I..+....{.._M.......o..aW..Jtx...8....E...h.*@2::.....\..)....!,P\x.+^N...o....p.S.(..}.S...;v...?..~...=.....0.y...[..|.}....>..`..m .J..;..........6..X{.8$b.#..U.}_............;...x...w..e~...iN.L.$.k.o_}.g..6.'d.d+..>z..y..O.*..^.........`.?......x .>.;v..|.Oa....W.r...,.Y.u...Q.....nZ.Mk

                                                                                                                                                                                                                        Chrome Cache Entry: 264

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):28
                                                                                                                                                                                                                        Entropy (8bit):3.8073549220576046
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:HeSHmn:HVmn
                                                                                                                                                                                                                        MD5:2F1B7ECD11027A3EB456F564D2285918
                                                                                                                                                                                                                        SHA1:7D556814804D309B847296EB929A8702DD7FA5EC
                                                                                                                                                                                                                        SHA-256:5ABCE29EB96232BBD0A5C279F657CB029C418CAB6614ADD54D0844C4CEA6D435
                                                                                                                                                                                                                        SHA-512:A125EF654538E41C8FBFF150389B0011C77DD84E089FE0BD14D1F22CA72D619B0EA801E958DCEB642A7AFA1F80A05D375DAF81174F172F482F520475E8F601F3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzQSFwmvaWfNMuYq0RIFDQbtu_8SBQ0G7bv_?alt=proto
                                                                                                                                                                                                                        Preview:ChIKBw0G7bv/GgAKBw0G7bv/GgA=

                                                                                                                                                                                                                        Chrome Cache Entry: 265

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):59873
                                                                                                                                                                                                                        Entropy (8bit):7.975051851127102
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:RsP+dBO2mkqldbtMDjJkoyfiP8HMJE43RVRTvlkLwTXuL55WBU5W6EL3IDQfCWSr:emdBHmFlJtsafpH5wRLGqud8h87Lk4
                                                                                                                                                                                                                        MD5:CA542FDC551D6A47773C942ABA49E1EF
                                                                                                                                                                                                                        SHA1:C5E4AD7B86B6FF99AC8ACB6CA5AFE1DB3014040C
                                                                                                                                                                                                                        SHA-256:7230FF37FA7BF159A3A483EDEE96D61C533D6EB3299FEFB7277B1BE4CD7C850B
                                                                                                                                                                                                                        SHA-512:4D57930AF3A1C5D9FD3BC1B86BEB14CC553697E37A45AFB1C4D5C59B1F3A4420E7114DCA138F7D76377030F526D6BB30470551F3D33125CDA5C24C839587CDD9
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-7.12c86460.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTE..-)......*H..A0Ru....../Rt............t...............0O3.("..-Af+<]'6S.*J2Mu.%D (>...6Ik."7,.......2.....9:S{..?.."[TZ%.E0S.RJM"3\+Cq..1^\pJDG:Z.c^hecoSOW..)ihwKc.`Z`..+[Yg@.4......fav......8C]<a.... >_3<S.....l|....4JEX.&..u..^v.o..ZPQBQq.......Ul....VUaIGQok|Gp.....8jXk....<g.e~../Yrr.P`.A=A."."Nx#Hj......616......J}.fq.-].j_]{~...........v...<`.eo....w..FOco........qw......8*&).....|y.9o....7..Z..L.....Ip.......Yf~......................OZr...\y.........y......^.....f..pgj"...........{m.O.Y>.!L..'l. [....~........jWN..y[LDu...ja...x_X......:......y..,~......ur`..k...&....c..,..QC;...xcy...C71...M..~$Fu.._..d..shU...2R...z..S.7b..x.2.u....2B.N.+.....w..L...g..o..D...B_.0.....s..Rl.Cm.6.a..Fqg._.....J.}...e...I5B..[Sh...v..m....tRNS@.@..?.@.@@@@....[...IDATx...Hke.....?.h..~8"Z..tk.L..O\Y7...kR-....l.LZ..e`.EB%..........cq...."Jn6......;.k.s....>....{V..Me.._.e....%.qp........30;.2..y....9.N..?..F.ssc.AT.

                                                                                                                                                                                                                        Chrome Cache Entry: 266

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 644 x 1394, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):500143
                                                                                                                                                                                                                        Entropy (8bit):7.997463471995346
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:12288:wM/RXIaQptkpRnquUoIGaezl75XXt/cBNVPBwaR:wOIqHQVC7pXtUdZL
                                                                                                                                                                                                                        MD5:C99A57EDF453AD280BE2101ADFF1A8F4
                                                                                                                                                                                                                        SHA1:550A742C9D7856DB62CFCCDECB43DCACE7D758EB
                                                                                                                                                                                                                        SHA-256:87ADA15169D408E2AC3F82E6AA8B5C337398AFDBC6619E8409B40C2CA17CFD46
                                                                                                                                                                                                                        SHA-512:F148866610B2BCFA805544AE9EA2E54B0DD3323AA89DBD913AB4019B5862564A6C2159ED464BDB7B6A454134A407B39543A905331E55806AA884282950D9DCED
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.......r.............pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6....IDATx.....q..U.{8.=...^.G$-Yj[.....@`:@.|J.@.....?.+..B.....5...r.... n.K.D..).(..)J.(...w<.a...[....U....P"iu?...>.Z5W.Z..0.....g..;DG....6..i7...).|............f....G.........SA.}..s....v.....o..d_...J.......t.....1]....;j.I......R`._'y|F...6..~...4T.(.37...W.mL..gM:......j...U..<.o|...C.S..N..3............/r....../..P2.;....E+.t|..g....1..<.^........j.......<..G....y..I.......?..!..~.{.....z...e..e...[..e..v'E......_/6y.pe.E..7.^.@..I....5m...W:...+....m...5.[A...\.z.]..W^-';.....t......B..)]....{...5.z....L..Z..s.....9.../.].7.WNK......

                                                                                                                                                                                                                        Chrome Cache Entry: 267

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 146 x 146, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14148
                                                                                                                                                                                                                        Entropy (8bit):7.978254582428027
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:q1GHKV3Zd0HakeHlNl6EbGLXIHWZUhwsXg+:OGHKVD8ZX1Z92
                                                                                                                                                                                                                        MD5:479DB0F10762671239DAED3178E75A46
                                                                                                                                                                                                                        SHA1:D83E281B5609D98ACA781976C00B8E17A0920038
                                                                                                                                                                                                                        SHA-256:3E206D38432A886D92CA15AB44C1B94CDE12D819C668B8ACA8D88D9701EB00AB
                                                                                                                                                                                                                        SHA-512:CC0B4CEFB63520C9DFF4B02518A25E00F0F7EC4BB29DB229C4E0EC0D9E87E66044E2D51C4F60F7ED92459B436ED93DE37E0DD6AC0EDB5FBB83ACB15020CACD18
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............{......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..5.IDATx..}..eG..W..{.[._/v.._.7...m&..qw.L`...AVl)...F...%...)..h.h..0..@..D3..%.#...V.l..K...K/..~.vO...._u.........S..s.;..._U..}.K_..J....l.RN..i!.4..*Q..W.......,?Q.......F_~.E.....Q.~.:.....eyM......w....!...q.w....u....\.@/..m.....^.9..X~.r....9.].....S.jK@k+j..Q[......~R..({j.5.6...~\..~....Y.H.$."y..g...tV.5.hj.(.....^..u..N(p-...9........n`...~Hg...e.{O..uQ...roPy.......FI.H..l....b..s_.f..]s..R.A..........w.j_.6.wW...z=p.......8;.|.!."....e..6..n..~3..$6.L} U..;@TLq.O.;......;6.........BA........|..}.._...H.</....P...........`.....

                                                                                                                                                                                                                        Chrome Cache Entry: 268

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999622422416069
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:QKYdzGoczXhbmKJP9+8o5J4ovbVphkMYCsb7nTHHT/AleFPt3u:QKYhuzxRJP7ooozVpeMdmnzHsliPNu
                                                                                                                                                                                                                        MD5:0BA6BCD14E92599669CBFA864186A57A
                                                                                                                                                                                                                        SHA1:FE68D6FBDF72285D4A6B6FB59F4C308A62FB536D
                                                                                                                                                                                                                        SHA-256:B9D49437A8FDB6584DED5BE989F932D66E80AEB0076B936421B514F3E1FBFF06
                                                                                                                                                                                                                        SHA-512:980F688F4D57DF197CD111DBED5051E27D5E35075DE2A3938C4517D7A00E44EA57E5B45F4B8B3569491A55F45CF44E804AE95AB78DCA9D7C3F3400731DF94E1B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:4
                                                                                                                                                                                                                        Preview:.A..i....*q.]....~X[.w.. .......9.\.G *.....&.U...8..t.p.8.%PY.#.o.~]?..O..+XjJ4v....K.7.p........j ..XH.N......S......t....i.....S#.b.'c.=...<..pC..Go.7.Gd:O....u/......VF...g.l.!.b..BY.+2.["AT/.."...z..=8..&.^..?_.7.>.f.2...6yp].m....a.b..m.'F...s..1]@"%....t......M.R<.9B..&8._}...*."....H@...<..j......}.x..2.qH.r..<-\.!a.v...@....Q$.D...1.....!.Ud).t..EQ@...t..gl.....C...i,4w.."...;.CMZ....+7.@....t\..V...4.,:.Ap.c.l.,@'....."v... ..H.D..(.".M....~...1..w.HL|D.vn.'WsDwv.@.'.f.....`...r.b..>..@H0....&..........!.UM..hA..@..K@.#...q_d......j..e..../....x.%")U}.C.h.....Y.).e......0.....g.q....%...".P.....b.O...w%.y.pgy.18\v..T..*.l.l..UD....u.=..A......^3...6c.w.....V.r........V..Y.DG.@.3..]-.PM.>@.....r.......&..p2~..h..4G.%)C ..6...3.2g.e.b3....C..O.....ZSn...O7...6.....(S).ja^.j..6m...m....f.]...n.'W......d......z@........eZ.*...t...F.<..V.I.0..;.|&b.#.MsvP.....P2P0.&..L.....X.Q..)l..R0*PyCm...!.t....G0..s.W...Y.7.J.G.,R..u)

                                                                                                                                                                                                                        Chrome Cache Entry: 269

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1076, components 3
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):81925
                                                                                                                                                                                                                        Entropy (8bit):7.712420480647295
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:GmWQQjVmtXMAQ2cs/Q4q5/6swII60eNUAarYphHkreGJBN1mwmo:QQrtXc2MrYIIdmRjptkr9BNowR
                                                                                                                                                                                                                        MD5:7B0ABE7BED4DC357226C2C4BDABCEC2D
                                                                                                                                                                                                                        SHA1:53463626DA4CCCCAE2962274619A022B4563A1CF
                                                                                                                                                                                                                        SHA-256:1A3C2CE9B513F5074C412351839D0D1A0ED84DDCE04BA30AA21A1DCF4DB4D523
                                                                                                                                                                                                                        SHA-512:9EEC358DF3828E5F3FF549359495F7F7F70FA378A8921ED73C7C1118725A21FC4B1C59121047578457AEE16E6EA486BCB0FEC34D17C7B51942F5ECF48D00DE2A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9_introduction_poster.jpg
                                                                                                                                                                                                                        Preview:......Exif..II*.................Ducky.......D......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmpMM:InstanceID="xmp.iid:84972B9E904411EEA99AE0B90F894467" xmpMM:DocumentID="xmp.did:84972B9F904411EEA99AE0B90F894467"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7C573D7F901111EEA99AE0B90F894467" stRef:documentID="xmp.did:7C573D80901111EEA99AE0B90F894467"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..............................................................................................................................

                                                                                                                                                                                                                        Chrome Cache Entry: 270

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:OpenPGP Public Key
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999605959277708
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:H/kmGjt6aMuy/sbcrBB7Ewd33A/J7gO+4daD3mwh2FZ4w+B:H/klx6aMubbozD33AaIYDBhsZ4w+B
                                                                                                                                                                                                                        MD5:BB0B360F2011D60B066950F64FD155CE
                                                                                                                                                                                                                        SHA1:C312997B7A77157C038E440A87C9D91170FC5879
                                                                                                                                                                                                                        SHA-256:488A9E136B841281F72A3A50082769073D53AC8772461638AD808E27DA8BB670
                                                                                                                                                                                                                        SHA-512:2B36A2EB5B7D868132547F483758C31100EC0FEAEF510FAB9EE8C5E767796FA31F3174AAFDFD7EDA1A2E25AA50CBAE51D8EBCA4B8E2CC93F96EAAA1C22DB2986
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:7
                                                                                                                                                                                                                        Preview:..8.:io.LT{.J%..........K...]..a}XL.....+.a]Ab...l..,....}f].t..)!B.~...Ed......S[.#.1..._...l.~........s..[.E...0.J....f.N....xu".K...?.=Al...g...5.....oo..X.D.._>.....8..,..@RS..k.......}|EL.3...."3.'O..}L.kD......p..p.<..EB....P..J.`q..Cu.V... ...\...d/........&t?..;..R.-......a..+0...M...m.v.B't..~B./..o..=.sW.I.K).........[..}.C..]....1L..t...H8....t...#.......d.J.....8coY#...y...:4S....S...o.5kV....m...a{/N......C..S&.W...g...L.%1.Z..1>R%#V.WY..8By_O\.....D/.S_..r.X.X...4.]Ogi.qe.-5k...3.....}..axr]....4._......}&....7.....aq..#.8.2.....KD.9.R...J-}H..>...K..+......V%cqc.j'.......d.....1+..,.T.tO..&........O..]k.I47...F....O..... G.....}M....r#E....*..;.....v.#..S.W.....jb..-....T..+;..K..{.|8c,(..h#+{;+..y.:.um.. .yu*..'. DF.H...@.jp.v..?....9W... ............R .3..mK.........Q$.P |......K.......M_..-.)....a4ny....ft....ei.0..p+Q..sJ...G..X...d..o.tQ.V..e..U.o[.n.3....5...{:r...H..F..IrD.0..G....;...1\.Xb^x2Wd..

                                                                                                                                                                                                                        Chrome Cache Entry: 271

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):53552
                                                                                                                                                                                                                        Entropy (8bit):7.957624598794933
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:pOhnzpYr0Vl0+0oe2wWkshEJarHNjpB/TvoYgUHhzwp2G7cZWd8MixCRpKYFjAcj:UhnzCa9PF2o5ProcHK2YcZVCbKYBAcJt
                                                                                                                                                                                                                        MD5:2BA7372C1CC901630FCECA0F23915FFC
                                                                                                                                                                                                                        SHA1:F317EBB8E6D879F668357AB8240579028A67CD59
                                                                                                                                                                                                                        SHA-256:8C69F057FB44E6A4E9F51B9E6DB35CCFE7FA089FFFBE266CEBB3A502379959C6
                                                                                                                                                                                                                        SHA-512:AFA9724E6258ACB6295E15B16A03197BD4AD3CADAF764E1A3587A7E67A1A138E4A16C71C54495063610D5737C834DB0B2B2C8862419BD8BE11300946ECC8EA6F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-4.cf504f86.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTE),J.....5-'87R.00F...Lg....E[._s.:Gsz....=v../<tfv.,@j.....Oh. 2.. 2+;".......)"#77.>../("2-&6..).....1..*..9(%8..##&=;2C,)=0-C..2.."..8..*.$F..@&*D....0KA6H#4`..X-;c$-M.'PC;N+5VKl.........65N...d..Pq.J@SFc....Wt.7:XPDW..;\....3Gu-?l............K..<S.X}...`..C^.+<w...<?^...k..7M.......5Q.%7lSJ_{..Pa.8Dk-C........aPbr..?k.8O.8O{u^m.....~....jXi7?..........6Z.......CLr...H.?........y..BV..q~......j.......~hvs..BX.EHi.................p..U..I..../H..~.CR~m.........y.....Ti....FZ.f..Pc.m..w...........Bx.DAb6!/...l..E_.at....S\.`x....W7IZ...^HW...`q.....g|.Y..?f.Xj.Kd.>F.SQkY..ap.oN`^..MTz......v..S..n...z..[g....h..om.H.....i.....h..Y..Fi....N..{w..s.[Ztx..j..{..Yo...tz.Jx.UX....fc.......h;Q8..Di....Z.....+g.<X.MM.....F_.........k.(..=....tRNS$$...`.`..```.````O.T.3....IDATx..[L.e......!]qa.omiK.rQd.5.....`.....%.C......Qc..p.P.S..7...EC.).q.6.1$:...y....!...mYYh.y.....?.[.....n.....5..W7.~...z....L7...o.o..

                                                                                                                                                                                                                        Chrome Cache Entry: 272

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 323 x 108, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):14758
                                                                                                                                                                                                                        Entropy (8bit):7.977532405504438
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:gnEPGtlyJPY1ujvePNBsUyBBsLmd3IPr4WVfK0zR4lgG/8b9dQ24Sd/A450tyCdS:gnSGtwWQSVqemdQq094lKptCjQ
                                                                                                                                                                                                                        MD5:1C27C52714AF312A8698B26AC8615E25
                                                                                                                                                                                                                        SHA1:762F8ED472CCB3C7BDDEEC0BB61A29D262F33CC4
                                                                                                                                                                                                                        SHA-256:3B12CF3572945F32D7CFF79A0DCE732A78F0527BFC1B86AF34ADA79F34CC72F8
                                                                                                                                                                                                                        SHA-512:E317213952FA7FD49BF71E1BF7B79357FDC519E2EECA89ABF4AC8D9AF7074613BFAD617F8FBF38604FD67994B9C91C7E8B58E2B78019FE5514AA827D7800D1D1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/qq9logo.2a076d03.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...C...l.......P....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..7.IDATx..}.s%.u.........nY."'..U...S&P*....KK...b..\..wm.&......*...y.6yp....DI..@.2SNd..$L..^&y..X.....=.=.O..\|\...?.{gzzfz...s...`.)..b.0p...6.....a......6.....E..h...7.....C.0X.`v`...........\9....pVi.)[S..m.(..3...8-...8.....{0O.n.eU.....C].;.....R.=......!CK|.CX...(.[.2u.2.O....>....\{....]....f..{..l...........S.5O..P..r..c.../+;... ..jd;....lkx....y.d..y.._......T..Vm..Vv.../....6.o..]6.p..h2\.K\.V..........{2sO...G...&?mCjz.MR......Lq. .\ ..(...k4...XY.F.X....c.....2...2.a...w{../M..a....e.... .$.......S.k..-~r|.q......'(a.DHs!

                                                                                                                                                                                                                        Chrome Cache Entry: 273

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):71635
                                                                                                                                                                                                                        Entropy (8bit):7.96894871105753
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:RppHnC8DL4KgdMu8m42e3X9e+CA+4Z5xZKtJLJ5mCB9EWizMv:R3nCsL4VdD8V2LA+m0rLvmG9dizMv
                                                                                                                                                                                                                        MD5:4F355848BAA5C5919CAE6C6B848396F9
                                                                                                                                                                                                                        SHA1:FDD7093F94E6024F1C4755AB29D7BEE6CE15791C
                                                                                                                                                                                                                        SHA-256:50133CDAE17EE8E49099E7DAFF2F72C8EDB83A452C507D464259E5D6BAD4D7FA
                                                                                                                                                                                                                        SHA-512:CB5D9619708F1AB3615174630C1ACF1ACFDE3E725A87C26B56188F65B8A8FCB2CD74B6FAB8D3129AF794615758F7D14D19E69616982C75B0581421229B194056
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE...........nnn....................Z:.dA.kEm..q...^=.....|.........eF..x..{ .....R5...v......kL.yL....!.r...sK....rF.....u.................zS..).6%....$+g...oS#bJ......".......>*..O.2!..U..V..o.(.....&,..)|......`.rZ9...bJ..L..*...e..<1.,....J(~(........z\.>#.K/.1fL...0/.....Z...F4..X...6..#...................d.yf.>,..............+....Q+F"..............c.*"..l.I2....A.........y...2*.........<jO....=0.P=....H,........f.7..W6..p._/...n]....8$..J......cR.bA.+..E<.}......v.'........m..K,w+...z....!..A*KoU.{..qI..B.P..;'.......iS*...HuB).?.....[;.UG.j3bx].U4.V2.pA.N.l..*..`.......y6.h..(...nb.ZO..A...........x..Q.Y.lSB...d5.......O[F.Q.a..<.y..ou.l......r.g.RA.N.v.mf........~..d.Y..u.^..+....s.....3.~.W4-..!........FX.O....tRNS...T2...n.S.....vIDATx....A....E..=B<N.K.i".....MP.....T.A.<.....m...Bbo.!..`-ha......@q....^...7...]"F...<...w...............ZV...+....!...j.n..bi.H.p.l.cW{.v.....*....v

                                                                                                                                                                                                                        Chrome Cache Entry: 274

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):58
                                                                                                                                                                                                                        Entropy (8bit):4.178945167795604
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YXCA/7DgHfe3nLTQaWJDgLcYYn:YyA/7s/AFWJDgLc1n
                                                                                                                                                                                                                        MD5:7C80C87F763075D7C8C369A48FB112FA
                                                                                                                                                                                                                        SHA1:32AF99D18AD24800CA024C00674B6947CCED5B5E
                                                                                                                                                                                                                        SHA-256:BB221A7E60F804731D8965873F7826F750F4DEF4ABBE5B3BF132A9CE4B5E636E
                                                                                                                                                                                                                        SHA-512:ACAF77790AFACBF1CC42C806E6850E3E75EAEA5884446DCE2734E91E6CA68169ED08B9F83C189AF7660C01DFF7895152E9186AF187F4A12244C2ED653846F835
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://aegis.qq.com/collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer=
                                                                                                                                                                                                                        Preview:{"retcode":0,"result":{"is_in_white_list":false,"rate":1}}

                                                                                                                                                                                                                        Chrome Cache Entry: 275

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 537, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):53918
                                                                                                                                                                                                                        Entropy (8bit):7.967764757896754
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:J0sY0OWIXy1iBm14ZDl453WtXIFchYgIoZkmiHS:nriA4Zu53WtXI8bkVHS
                                                                                                                                                                                                                        MD5:8A85AF6CFFF1363A4E9929184FCF95BA
                                                                                                                                                                                                                        SHA1:AB3AFA199DA9B52067B4EF608AE3392BAB51FD69
                                                                                                                                                                                                                        SHA-256:5A45C326B7F38945F2DA4CE282C29DC36C995EF27AEA10C057F051EB1F54021B
                                                                                                                                                                                                                        SHA-512:63EFFAA3BD0E8EC916A289ED73D520414D4AF5E1E942D54CEAAA4501499060B3D04C51B56F2736251C064CBFAC9A51825041F4FA99934CF64F9A413E1FF7CADE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............%.....PLTE...............nno....................................................}.............{..}...................................................................................................................................{...........................................................{.....................w...................................................................................~........................................................................u...............}.............r....q...............}.................y.................p...g.........w............h.............................|.[...j..}..R....T.U.qL.jB.so.W?..Ky....tRNS....T2....v.n...%...>IDATx...n.@...ibE...AH.^u.&..KT.bW.T..]@y.n`.H..X..#..[.9....3.q.m.6..7..g....q.D..A..A...C...X .=..x0"....}.(.Z.:..)#V...e...N.i....5.....r4.[.R..Vj....

                                                                                                                                                                                                                        Chrome Cache Entry: 276

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (31721)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):31768
                                                                                                                                                                                                                        Entropy (8bit):5.224788353742077
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:+Sl3u9OjQjQxDBjb2F7IyUouK3wBZ8lGz+tHWSOGoDAfilZuluh+zZXQ1KbpQPUr:1ZjQjQ36uoX2pvYmsUwr7dEAZf
                                                                                                                                                                                                                        MD5:78CE85CF25B73A3E634DCBF283F5C4BD
                                                                                                                                                                                                                        SHA1:8970A0B36D915D86652A8E760016E41DB37CEED3
                                                                                                                                                                                                                        SHA-256:1D3877307B44C0898E5EB8E51F862249958FE6411EE86F36640387F622C104AC
                                                                                                                                                                                                                        SHA-512:35744F5B856DB405C875CE05DDD4BCC9253306231566D26866E0594E1C2B02D2DC6A84F75CFF0FBBCE02FD133D369A31B1DD9533A3A4E97FDA4933AFDAD8229C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://beacon.cdn.qq.com/sdk/4.5.16/beacon_web.min.js
                                                                                                                                                                                                                        Preview:!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define("BeaconAction",e):(t="undefined"!=typeof globalThis?globalThis:t||self).BeaconAction=e()}(this,(function(){"use strict";var t=function(e,n){return t=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}||function(t,e){for(var n in e)Object.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n])},t(e,n)};var e=function(){return e=Object.assign||function(t){for(var e,n=1,r=arguments.length;n<r;n++)for(var o in e=arguments[n])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t},e.apply(this,arguments)};function n(t,e,n,r){return new(n||(n=Promise))((function(o,i){function s(t){try{u(r.next(t))}catch(t){i(t)}}function a(t){try{u(r.throw(t))}catch(t){i(t)}}function u(t){var e;t.done?o(t.value):(e=t.value,e instanceof n?e:new n((function(t){t(e)}))).then(s,a)}u((r=r.apply(t,e||[])).next())}))}function r(t,e){var n,r,o,i,s={label

                                                                                                                                                                                                                        Chrome Cache Entry: 277

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 243 x 243, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8670
                                                                                                                                                                                                                        Entropy (8bit):7.87551147076075
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:SmFo2tPjYj5vYPrkZPqz3V9VE1iFYVKx85EyKnqS5EvQjs+:SKombYjW4A77RFYVKxEU2vQn
                                                                                                                                                                                                                        MD5:045BAD5526851F2D14DF3BDC67946623
                                                                                                                                                                                                                        SHA1:40106348D7139EEC4C91C9C25645883F18648080
                                                                                                                                                                                                                        SHA-256:D6BEFCD61EBA657E81A623A45EF30695B9F436847D13ECF9362AFD522B93A006
                                                                                                                                                                                                                        SHA-512:3ADF77F149D974172435756797D0BB3E313141FC850EF6AE4D6E40FCB4993B22DB4376E881DB13B4FC1A822956AADB82A25DAAA4571FCE8F2FF199DB78815822
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............d(......PLTE...............................................................................................................................................................................................................................................................................................................................<......................................................................................b..`..............................................................E...................................{..u...................N............o..N.........._....b...............N...........h....?...O.7................W..M.......%..P..x..|...........v..v.......l....... .....&.....J..G..A..].Q..W..n.....v..v..a..K.5......$.r...atRNS......@@@. . ....@..._.._......` ...0 .....p..........po`P0...o```/...pP....!.....oP!y......AIDATx...... ..0...~.X0X$...G$.A.........f).Q.....=...S....l^..(>.".....B.Z.+.-....p...(m7%.1

                                                                                                                                                                                                                        Chrome Cache Entry: 278

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3050)
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9409
                                                                                                                                                                                                                        Entropy (8bit):3.8627449454505975
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:KvkADp0wXlhMnEXb74PtkADp0wXlhMnEXb74PPkADp0wXlhMnEXb74Pe:mrbXlX741rbXlX74nrbXlX74W
                                                                                                                                                                                                                        MD5:AF8675A61A81E9941A3CB303E4FD987D
                                                                                                                                                                                                                        SHA1:6E72CDF2677356CA4D7AB8B99E544042F43D6D7F
                                                                                                                                                                                                                        SHA-256:65A5FE2D566AF66945F50B6B3A428B01932C9F585EF251D2594100CE786F87B6
                                                                                                                                                                                                                        SHA-512:638221A4F5D6D930C01D9F71025CD06E7EA1D33ADC1667A5BD80F6CD37564E350D2F2F23E1B53E6CE264250112B4C2D4FB5F3A906DBB12CA6825E1F40C764C75
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: <svg width="971" height="292" xmlns="http://www.w3.org/2000/svg">. <path. clip-rule="evenodd". d="M105.756 264.757C130.013 280.641 158.54 289.132 187.73 289.157H351.498V249.96H288.875C301.838 238.074 312.526 223.967 320.389 208.298C330.308 188.53 335.468 166.803 335.47 144.782C335.476 116.227 326.826 88.3107 310.616 64.5635C294.405 40.8163 271.361 22.304 244.397 11.367C217.433 0.429948 187.759 -2.44079 159.128 3.11769C130.496 8.67617 104.192 22.4143 83.5408 42.5953C62.8894 62.7763 48.818 88.494 43.1056 116.497C37.3931 144.501 40.2961 173.532 51.4475 199.922C62.5989 226.311 81.498 248.874 105.756 264.757ZM187.878 249.96H187.861C166.589 249.964 145.793 243.798 128.104 232.239C110.416 220.681 96.628 204.251 88.4855 185.027C80.343 165.802 78.2113 144.648 82.36 124.238C86.5088 103.828 96.7515 85.0808 111.793 70.3665C126.834 55.6521 145.998 45.632 166.861 41.5735C187.725 37.5149 209.349 39.6003 229.001 47.5658C248.652 55.5313 265.448 69.0191 277.263 86.3233C289.077 103.626 295.38 123

                                                                                                                                                                                                                        Chrome Cache Entry: 279

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):55620
                                                                                                                                                                                                                        Entropy (8bit):7.974861509667521
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:3lkPULDSHgd2kbXfYzmBG4TFvRSRFpFC/Qixz2CFTYQVudXBCz0gSTHLKCDigKgX:KrMjfdxzSO/QqJrurA0tL3Digfs6E0
                                                                                                                                                                                                                        MD5:798149665DD41BEBFA1A29B345D8A887
                                                                                                                                                                                                                        SHA1:6C36919B12772F406A1E461ECFAF5EA8B208B18C
                                                                                                                                                                                                                        SHA-256:3E9BABE314BE382C18E2E5C1D4E0914475AAFA0712717A8722181521647672D8
                                                                                                                                                                                                                        SHA-512:D9C38A4811EA78BAF6838F423638E1547EAF42B3D9403F71B4E3D2F0C715397043AD902F51B931A992531ED77DEBEDCC1548D1D9A4FA5EAD2D8EC09CDF6E6E34
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-1.45f490cc.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTEe]s.....8..FX.6...Qj....t...COh....Qs.Q......9..:..#(H...7.....f.....0..[.....SLc..........................z..o..s........E........VUj.........N......`\q*1S....fq....ldw...1G.nl.9:V......~...y....Ni..iwJ].Wd.A......;Bgdj."e.....vu.......?S......]Qt..{p.BJr...`QfG\.<N..../A.......5T....BU}Ut....IK[...`a~......U.....f..o.........z..6...%n..|~.x....OY|.....m_f.bu......$Z................q....{mk..........vp...tz.{.._.....1:_...NBB............Bx.%5j9^..yt.q....hXW[OM...Qy.:c.<..........A..q..W........9t.m.....|_[/|..........W.....W..g..:i.[......n.....Rg...........ia.....M..V..=...x..............Cm....G....R..){.;..B..J........w....."Si...^..p..~.O....=55...o??............n.qn.O..FP............Yf.R..P..c.e..{S..n....tRNS$...p.$...p.p.d.j.....IDATx..kH{e..R.utC=yD.... ..Z..../....B.]..Q..7..X...,-"(kdTPlTR.."....D.AH....=..\j..s.sn.......y..S..O=...:....N=..3.z.......Kv.Tg......?..

                                                                                                                                                                                                                        Chrome Cache Entry: 280

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):357269
                                                                                                                                                                                                                        Entropy (8bit):6.109071633909067
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:6VBDegE7nse9Ms9hDSveF7krMg4MUe+eJnErHgj8z0zO/A9eJ:6VBDegE7n/hDSWJ9g46+etEcj8ozO/A+
                                                                                                                                                                                                                        MD5:BC853EE8A743232DB54AC24B4526473F
                                                                                                                                                                                                                        SHA1:EA459CED0A383AEEEBE3FC0CD1AC4D446145015D
                                                                                                                                                                                                                        SHA-256:802453C4800B33829F970D03971A9C33AC9D19E310996F2E865C310A9997053C
                                                                                                                                                                                                                        SHA-512:E51114223E3F9DC89D4A8F921AA472E298D70240B6595FEC4DF16FD3FCA0235F39BF9F98B26F9B88CDA6C0D9F37703EDEDCD905AAEA6D9D133CC8BBC7DE732BE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Preview:.max1600{max-width:1600px;min-width:1007px;margin:0 auto}.topbar{position:absolute;left:0;top:0;width:100%;z-index:900;border:1px solid hsla(0,0%,100%,.08)}.topbar,.toppic{height:64px}.toppic a{color:#fff}.toppic a:hover{color:#09f;font-weight:500;opacity:1}.topicfixed{position:fixed;left:0;top:0;right:0;width:100%;height:50px;background:hsla(0,0%,100%,.8);-webkit-backdrop-filter:blur(6px);backdrop-filter:blur(6px);border:1px solid rgba(0,0,0,.08)}.topicfixed a:link,.topicfixed a:visited{color:#333}.topicfixed .logoLink{height:44px;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIcAAABICAYAAADcWeZrAAAACXBIWXMAAAsTAAALEwEAmpwYAAABZWlDQ1BEaXNwbGF5IFAzAAB4nHWQvUvDUBTFT6tS0DqIDh0cMolD1NIKdnFoKxRFMFQFq1OafgltfCQpUnETVyn4H1jBWXCwiFRwcXAQRAcR3Zw6KbhoeN6XVNoi3sfl/Ticc7lcwBtQGSv2AijplpFMxKS11Lrke4OHnlOqZrKooiwK/v276/PR9d5PiFlNu3YQ2U9cl84ul3aeAlN//V3Vn8maGv3f1EGNGRbgkYmVbYsJ3iUeMWgp4qrgvMvHgtMunzuelWSc+JZY0gpqhrhJLKc79HwHl4plrbWD2N6f1VeXxRzqUcxhEyYYilBRgQQF4X/8044/ji1yV2BQLo8

                                                                                                                                                                                                                        Chrome Cache Entry: 281

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999710489093819
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:ijp3A8uQJJZQ15iVv4Q4g2sb3x4g50x+CE3baf6c:CNJJeXiVAQAsyu0x+3bQZ
                                                                                                                                                                                                                        MD5:A4CE453A0A078C47A71F36C127360309
                                                                                                                                                                                                                        SHA1:C7BBE3ADCB258CDF51DB814DC7FEF7452E2D503B
                                                                                                                                                                                                                        SHA-256:869BE7C8F510F2F1BD9B8644650189A01A8AD9E3CA65FEE7CBFBBCD7E6A22D5F
                                                                                                                                                                                                                        SHA-512:FE1C18A0E55170FD589EAC5F6B3140580DD208B80B9B47BDA72080E8E80959EF53DA2652A1463B72204DC7AEF3A6E3342103F9C702C33FAF4A9944F6448B6991
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:f
                                                                                                                                                                                                                        Preview:......a)..j.C.E..<.E.KmC...:ZD.@..o......x.Tj.g.R.i&..:0....p....kE..^..Jg...E.n..1.x.<T...O...!..!..p..a...5.=......A.J..h.........5..._...r...q5'&za.h..u-.....'...!DW...Bn....ND.{E%....()Gg..R..f6_.A.c..Z5./.MJX.^`.=m.&-IP.+..........."..H..V.dB).Y.....#....x.l8.h...@.`.}...ED<M;.0...@.G.i"Xc.Ou.5.E..TE...Q..6.w.^...R...j.@A"}..#C....X.F6m.....;w~?......%...4|.Z.?..uv.Q-.h...=<...$..U..6[.9.f..l....J..%.q!..cd#.X.........m..H>...q...8.%@.d,....N.J....5.|....C...... ..@}...%.Z+.Av&.. ...K....U."-..|.~..h..........."k]?...D..NM.2..E:IR2....W>/...i.qB.m.0x.....y.....v.Q..$.........T.{.r.R2.....)=]&..A!....7.....?x..Z.3.....uKh...."Y.....]H3&.Vi.;.B...F~.8..gw?j$.h......F.mk.......;%d.%H-..._vY...h..*5:.....3.,k".N'._$..e._V..d:......X".d.TJ\P..K.[.uy...R.....2,....\xG.U.`h...<*.".2...p.^...).Os.s..Wa..-Yu'.[.1.......F0..[.....0{x,W....wM'z..+.cO.q.,.....'.&.@..`.m{.~HP.e..^..i/U(.L...p.-C.."f+.^...j..hU\8^....E'%..q.9.QL3....pW.L...m.N..

                                                                                                                                                                                                                        Chrome Cache Entry: 282

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1076, components 3
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):81925
                                                                                                                                                                                                                        Entropy (8bit):7.712420480647295
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:GmWQQjVmtXMAQ2cs/Q4q5/6swII60eNUAarYphHkreGJBN1mwmo:QQrtXc2MrYIIdmRjptkr9BNowR
                                                                                                                                                                                                                        MD5:7B0ABE7BED4DC357226C2C4BDABCEC2D
                                                                                                                                                                                                                        SHA1:53463626DA4CCCCAE2962274619A022B4563A1CF
                                                                                                                                                                                                                        SHA-256:1A3C2CE9B513F5074C412351839D0D1A0ED84DDCE04BA30AA21A1DCF4DB4D523
                                                                                                                                                                                                                        SHA-512:9EEC358DF3828E5F3FF549359495F7F7F70FA378A8921ED73C7C1118725A21FC4B1C59121047578457AEE16E6EA486BCB0FEC34D17C7B51942F5ECF48D00DE2A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:......Exif..II*.................Ducky.......D......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 22.3 (Macintosh)" xmpMM:InstanceID="xmp.iid:84972B9E904411EEA99AE0B90F894467" xmpMM:DocumentID="xmp.did:84972B9F904411EEA99AE0B90F894467"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7C573D7F901111EEA99AE0B90F894467" stRef:documentID="xmp.did:7C573D80901111EEA99AE0B90F894467"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d..............................................................................................................................

                                                                                                                                                                                                                        Chrome Cache Entry: 283

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 369 x 369, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):16731
                                                                                                                                                                                                                        Entropy (8bit):7.934811457314126
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:t6tUvgyafgNzKZjCbA87llmXyul0WyL0s87eab9tjky:Qtc2szQjmzLul0Debf3
                                                                                                                                                                                                                        MD5:FD86FD75E7DA848163C4B41CD0989D03
                                                                                                                                                                                                                        SHA1:1819060631186CF29B9C070E6B84941A7F075D2F
                                                                                                                                                                                                                        SHA-256:4690D37928F54D8FF0CEFC2CC93C8DF80E71C232BBAD2291D1A946994B571EC9
                                                                                                                                                                                                                        SHA-512:17BE335FDE8C08AE4F4726DB63B05F733598221D58CAC002BCD8E283985BD59C5288BB03B9B1F4024A8ACF5895E528C64A8214282F369A8B21FA7809BC9397E3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...q...q......Yh.....PLTE...yM....xH.wJ.wH.wJ.wH...$.....#wwwmmm...........................j.......................l........i..........h..i.............k`V.....*.........|um....r..........i....qqp.....w.I.....Pi.._][....c..._.........i...................................................k.....t..R..n..c..q..U.....L..z..X....\..f..<..w..A..&.._..F.....I..~..,..g..6.....9..}.}......../....O..[..`.. .....D....2..?..3..............N..Y.............%..........?...................F.......................U.................................,.......D..>....+....w.....m..2`............MSSS.....'..Z..@ddc[[[....=..c......Q.......MML.....:....x..k..a..Ov.............P.. ..i..F..t..b..m.......S....].............~H..g.(....e.....g...G..)....GtRNS..@6.+. . .......p0..p`...O!..e.......L.}.D.}`RN.@...........#..P..=.IDATx...............................:Vm...8~.v...(I..@..,}.$....N........u{<.^.]u.........B.!..B.H..v.Z

                                                                                                                                                                                                                        Chrome Cache Entry: 284

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (46621), with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):46621
                                                                                                                                                                                                                        Entropy (8bit):5.928597281254282
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:SBL0qIKc1YFobig3K7EHoyA5xSa9TC9vcuMumXhPDs7zpBEyc90U8EyRIKsqa6Un:Q+zJHNxa9TC9vcHp6Eyc909EyRIK58
                                                                                                                                                                                                                        MD5:6292EE42E29E82B306DDA42A2E7E0E79
                                                                                                                                                                                                                        SHA1:B8F4F14E3AA453EA1FAA8AD12BD3A10E70B9FE75
                                                                                                                                                                                                                        SHA-256:F7A848FF37AFF9BBEC43A4B17D241A8FD85339731D870D4B299971A488FA8236
                                                                                                                                                                                                                        SHA-512:CBCA5B5361BA58709C0D4A14C4D1DEDC0A62BA1FF30F5020443CA31F462E0655E1F903099F9387B95FBA836037A49661BBE6C65BB243E1A3757753593FB53451
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/mobile.0d250445.js
                                                                                                                                                                                                                        Preview:!function(){"use strict";var e,i={2029:function(e,i,n){n(6992),n(8674),n(7727);var t,a,s,o=n(5010),r=(n(4916),n(5306),n(4765),n(9653),n(3396)),l=n(6623),c=n(4870),d=n(5678),u=(n(2222),n(7139)),v=n(5082),p=(n(1539),JSON.parse('[{"name":"\u6ce8\u518c","link":"http://zc.qq.com/phone/index.html","pvg":"immobile.menuzuce","datongReportValue":6},{"name":"\u5b89\u5168\u4e2d\u5fc3","link":"http://aq.qq.com/","pvg":"immobile.menusafe","datongReportValue":4},{"name":"QQ\u4f1a\u5458","link":"http://vip.qq.com/","pvg":"immobile.menuhuiyuan","datongReportValue":3},{"name":"\u5e38\u7528\u5e2e\u52a9","link":"http://url.cn/OLVsaa","pvg":"immobile.menuhelp","datongReportValue":7},{"name":"\u63d0\u4ea4\u53cd\u9988","link":"http://mma.qq.com/feedback/index.html","pvg":"immobile.menufeedback","datongReportValue":8}]')),g=JSON.parse('[{"name":"iOS","link":"https://itunes.apple.com/cn/app/qq-2011/id444934666?mt=8","version":"v9.0.17","icon":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGYAAAB+CAMAAADhhJSm

                                                                                                                                                                                                                        Chrome Cache Entry: 285

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):139706
                                                                                                                                                                                                                        Entropy (8bit):5.394870829759392
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:wHaVo+oo+NC9aNO4pqGqK3Sdl3hpMRgV1a8HxiWcRIZRvi9It8ixrwfRgK4HZqv1:Joo+EeZUK3Ip/4Ib4b991
                                                                                                                                                                                                                        MD5:4F1A32738E3BA3090BA80EF6787116F4
                                                                                                                                                                                                                        SHA1:11246335D790170AC9AC27B6597FEF01D8208B4F
                                                                                                                                                                                                                        SHA-256:C2632F43A3EDF5ACA12FBCD5B2358E505D4E378C6BB13D0EBE6536214187ADB9
                                                                                                                                                                                                                        SHA-512:FCC3C1AD61E431976CEF5932E7522E0AA26816E59AD43D525207D6B684CE1C88D7F54F1E6D8CAB7CFDD8854AD14443B2EB5B7FE991E184C4C25348657C4C978B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/vue-chunk.bc9c2585.js
                                                                                                                                                                                                                        Preview:(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new||[]).push([[277],{9662:function(t,r,e){var n=e(614),o=e(6330),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a function")}},9483:function(t,r,e){var n=e(4411),o=e(6330),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a constructor")}},6077:function(t,r,e){var n=e(614),o=String,i=TypeError;t.exports=function(t){if("object"==typeof t||n(t))return t;throw i("Can't set "+o(t)+" as a prototype")}},1223:function(t,r,e){var n=e(5112),o=e(30),i=e(3070).f,u=n("unscopables"),a=Array.prototype;null==a[u]&&i(a,u,{configurable:!0,value:o(null)}),t.exports=function(t){a[u][t]=!0}},1530:function(t,r,e){"use strict";var n=e(8710).charAt;t.exports=function(t,r,e){return r+(e?n(t,r).length:1)}},5787:function(t,r,e){var n=e(7976),o=TypeError;t.exports=function(t,r){if(n(r,t))return t;throw o("Incorrect invocation")}},9670:function(t,r,e){var n=e(111),o=String,i=TypeError;t.exports=function(t)

                                                                                                                                                                                                                        Chrome Cache Entry: 286

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 223 x 206, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10534
                                                                                                                                                                                                                        Entropy (8bit):7.972168833531366
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:e/2Vsi7KFbmNSR5OZBzfILVeUVjBgCqXxGJhfpkvl5khLBNL1N61dRODFbd:e/2mFeowzfufVjBEYivvkhLnX61dROn
                                                                                                                                                                                                                        MD5:A1E07D3D8BB55DFC2F935D7F9728CE02
                                                                                                                                                                                                                        SHA1:6D2E229C15B8473419E0E7073D63042EDA7C09F9
                                                                                                                                                                                                                        SHA-256:8B8D55DAEAB9F04B425E058872184714ED1C6C1CB9DA644C7E43A0A2CA2B06D7
                                                                                                                                                                                                                        SHA-512:6CCDEB90D25AC0F24A8C28F78C9F082C77BDFD7A3555F6CF5C1E81E19A1972B69A8DF2EB2BD8C913CA540BCDA3B931534144C5AD714BB7CC476D656546F8DF9B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...............' ....PLTE.....................................................................................................................................................................%..................3<.........i..........`.................y........................?.....P..............................u............................g..............KO.6D.........GO{...<F........3B.:G.......@L....1;..t...np..{.n...+5......./9.7E.M?...F..1;.................................................................................................................................................c...'.o..8....O...C..X..N...4.z.........&.......J..b.!@.......20.....]...4.W.+;....................*.=....I.#0....sh.......&...........`2..%...y....Y<.DJ.CR.Y.....tRNS.........................................................o.."...............C..,....2......I...^....m.!.J..?.\....m...............v.........%>IDATx...............

                                                                                                                                                                                                                        Chrome Cache Entry: 287

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):53795
                                                                                                                                                                                                                        Entropy (8bit):7.974223305065804
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:WCCly8m2oGlDoCk89ALyWWN6/d2Ru3t1c:WLly8m7CbmyWZgRkt1c
                                                                                                                                                                                                                        MD5:E45A512CAF1BFECF4C9BB018BF791B58
                                                                                                                                                                                                                        SHA1:7D56230FF5E552C828CEFCB4D1ECF8BDF0062548
                                                                                                                                                                                                                        SHA-256:4DC833994645A107E10E6C346D5C5E72E792E16080BB5831559B1F83A32F0C92
                                                                                                                                                                                                                        SHA-512:DE95613C44D4AF54106BBA642639744D5BD5D25107478F5E540103391DC8F7589F050DB706D9F915AE67F937D06FE89846BB63E0FFF2C2F6BFE5F2D2DDEAFC65
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE...............yyyRRR..........................................................lQFhNCD.*nSI...rTI......kOC[F;eLA...XC8dJ>..................iPF...uXN...pRFqVN...G0,]I?mTNhL@>/-......8+(B20aH<........F53N95V?4......aHDA,';-+...x\U...U96Y=:...J30eMHXD@...XHGNAB..N# .f_|aZP51R>9...qZTsUS^B?QDG.le.tX...un......lOL[LL.qj........gRMH<?.....}....zt...5&$..x.....<($..............................|`.........?6;^QS..........L.)..........E!.............kd.....(...|x.ut.tq........^sa^.eR...SIUc@8............|ki."....J.qW.....r_Xa.....}.YG.n[...l.....................z...........kv=$.....lWt./D.".bu...y5U.B6....|!.A].T#.h.....UX.i0...us....Z..?.T:.U{.>...^.......?>....~\......JC.......~...z....Uy....j].....)..{..h.&..8R|.~.;...-....tRNS....7)T...t..qqcFW......IDATx..=..0....`........j...r.4.....+.O..e.].EY......>6.......L...a..a...jx.O...6.&.U@..d.\_..8O0.c'.%3..R..<jH..]L..'....h.].T.!4.z6!.....*F..

                                                                                                                                                                                                                        Chrome Cache Entry: 288

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 243 x 243, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):8670
                                                                                                                                                                                                                        Entropy (8bit):7.87551147076075
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:SmFo2tPjYj5vYPrkZPqz3V9VE1iFYVKx85EyKnqS5EvQjs+:SKombYjW4A77RFYVKxEU2vQn
                                                                                                                                                                                                                        MD5:045BAD5526851F2D14DF3BDC67946623
                                                                                                                                                                                                                        SHA1:40106348D7139EEC4C91C9C25645883F18648080
                                                                                                                                                                                                                        SHA-256:D6BEFCD61EBA657E81A623A45EF30695B9F436847D13ECF9362AFD522B93A006
                                                                                                                                                                                                                        SHA-512:3ADF77F149D974172435756797D0BB3E313141FC850EF6AE4D6E40FCB4993B22DB4376E881DB13B4FC1A822956AADB82A25DAAA4571FCE8F2FF199DB78815822
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-8.18097ed7.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............d(......PLTE...............................................................................................................................................................................................................................................................................................................................<......................................................................................b..`..............................................................E...................................{..u...................N............o..N.........._....b...............N...........h....?...O.7................W..M.......%..P..x..|...........v..v.......l....... .....&.....J..G..A..].Q..W..n.....v..v..a..K.5......$.r...atRNS......@@@. . ....@..._.._......` ...0 .....p..........po`P0...o```/...pP....!.....oP!y......AIDATx...... ..0...~.X0X$...G$.A.........f).Q.....=...S....l^..(>.".....B.Z.+.-....p...(m7%.1

                                                                                                                                                                                                                        Chrome Cache Entry: 289

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999612613283304
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:jfmYkmtd3Af+UtTpeVTlMFF/pAgDDoS08R7o+QB:6k2+UtTp0+FfdL+xB
                                                                                                                                                                                                                        MD5:3CCBBFFE2160C5EB2647D36B5AACE943
                                                                                                                                                                                                                        SHA1:88AC25BF4A3650FE7F781117EDCC69E4DC12FF7B
                                                                                                                                                                                                                        SHA-256:B97CA158A2017568E54F29B88FE6A86759F15377144107BC5AA79DFA8C962EE6
                                                                                                                                                                                                                        SHA-512:2E7460EDC54FD19687CEAA5C5D36D0EF4736230740A39153EAB7590A563EC2509CF6942EE315569136504383E76378CA4AEE45DBB18F139B22A6FD9B24A7C5D8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:d
                                                                                                                                                                                                                        Preview:...'....{.#....q.;......b....S.7....~..>..m=..s....u\M.R...:,Y.Es.4|.zA.....V....3....k.?.%._.]......igY.;....}......2n''...rJA..t]U.....4...A....."/......n...N.C...O..W.'.-D\.^.....s5..6.<g...{-oV....2-}(.Vm...t...t...x......tNg...a.D($;.~.......D...fN(.k8.J...M.P.....j.B..s|c~..3v./..P.r$....p."..sA{.b......'.".M.A.z<.......(...3m......xb..c=..\...~4...M.....d.w.....9x...tq^7I...'.M-..V...~]$4.B...U....a.|..r.......Zy.B.zT G..L...*z_.Za.,=...a....m.}....mQ..~.;.8.0...;%.>.n..~]..%....*..b...."/v..O..Uf./J5.y.......saw..k.0......F.......].M-.-..T.*.&!p.x.....G..Z.G..Y.......g.)...IQ...?.68.X(..p......o.#/....S.e....Q.S..\...B......|....."....(.7#.z4...h..#4../MS._....=...s...n;.....LXFu\....+IK..U.....,.F{..#%.^Ym...i...c._3...-...D..w..i{.....M.. 3Qt.a......w&{.cM.......o.8..tq.',....l.....4.X?O.8..Q.EP.....e.......K5.C....+...;.z.......'...f.]I.b......S^.w.fe.._.<...z(.....}....a.....h7...R(%G.LU\(s9...{.1.r...j.>..2._3.~!.1

                                                                                                                                                                                                                        Chrome Cache Entry: 290

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):33514
                                                                                                                                                                                                                        Entropy (8bit):7.959490679912619
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:p0cnHDvCJkiBf4sQu1N9RfIrxg2bSl1u5D+TF3AGWiLDTh:p0YH22cff3fZQbSfSD+TF6iLDt
                                                                                                                                                                                                                        MD5:B50E3305D3EF24787D34A0F86A9FDACF
                                                                                                                                                                                                                        SHA1:A698ADB59DCF9D9620740555AE121BAFFE9D464A
                                                                                                                                                                                                                        SHA-256:1768A03E093969E1C23C41716E01BFBC05A09D027BB857BF575C0FA8A044C595
                                                                                                                                                                                                                        SHA-512:71ED500745DC9022DDD43DFB699243BBF4B24F3EAA6E0615B316EDCFE99D673BDA0C328312478789D241E49C2B3B5A57FA84D57E6A8C68D0AF11723C597066A4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE.......SNTQX...HCF....u.pf.?7..H.......'&.......*&.v.1.................h`.......D..MD..|...93.~u.xl.......^X.P.G15.F:.G..lf.....l..f.....k .n.......c.........d..............g.............I..P..`..d.......V.....Z..^..B..[......., ..C..j......._..[.....%.......K..R..T..9..%.......0........N..J.....U...................8...........G&............A......[.$..:!.....a..C...._]...0)*...T.....FD.I.. .......b;<.....RRmDE.C....<56.OK......]....ic.fn.>.....XU....JAW11.....i.=2.sq....{u.:9...NE.5..tT.O..8..+......8:....af.QN._M.B7.-.uMN.FF.c..5....U].\S.a@.I:.~...qU*..?(.UZ.T%.W..R..~...1.r0.xK..wlr.NR.=5.me.UE.F6.^%.)..0/b9....s...up...cP.}.d]a....c\......\..D......D.l>.J3.7......u.\.!..v.NA.%.u.........tRNS.........*!..;BI.~iZW..j.{................/r....kIDATx..n.0....F...F.]... .."...UK..@W....I..U..}..E..R...M....D:V...tt..Y...B.P(...B.P(.G....?`.......&...7U.^....u..I.m

                                                                                                                                                                                                                        Chrome Cache Entry: 291

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):34850
                                                                                                                                                                                                                        Entropy (8bit):7.97508088854308
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:08UOOsZBoSdrXgf/mz+KOGesdq3xNeBG5GUEB4r:iO7oSC/mCbI+HoINCy
                                                                                                                                                                                                                        MD5:39E35891E9266850A457CB7B868C3760
                                                                                                                                                                                                                        SHA1:562C2FAA7DD1DF7D34DF09146E2058A5F8CFED6B
                                                                                                                                                                                                                        SHA-256:3768E6BCAD89790FD98B0E234AB256DFDA9654646060D672A8686207494DF7B2
                                                                                                                                                                                                                        SHA-512:6C0640E08525989DD15F07282474002A806C8AFACBFE7888E40FB876C7179CD6025D90B9781DD966CCACDE16FB1774E1F1A99652BADAAF68C2F69C996E6F1548
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-ql.44e6743e.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE...5/0DNm1,/..802#..##)=E_..n.xt....i..",*.BJd...hD#...BJf.r?Q8$..O...S.so.sL&..A....m0uP(....yw.zr..C.~=.j..`.(&* .#$#'**//-1..................315958....,.74)&...#%/9/+...;:>......,$#......%.#..s...).....B>A.~"..24= ......mQ8#..)+0>=,".x.g...HCFA4*...nK,*...aG1!2$..qK9,..y...`C*eI/2..;%.[>%.h3 )sP/iE%..nV?/..FNHK....ejM8C46.].H.h2.Z.@R0....\9.F+.._...[1WKN.n:.Y.v\SV.a5....uT9f?.16I.U.P.{@.R.K.d7.wC=&0rF...D.Z,|S/..]..L.S%.j............[wM%.P..O.Z=.q9...]A;......O8>z[3..B:>P.....k@.7...dA...t6.`-.:i_].d......ukj.....|O.....{2..L._%.z..V!.i+...WR.c\.nk.sgtKL.l..tL...x~.o.KH..a.up._..r&.4..._`.7:.~............qo.}Q.]Y...............^y.........t...........\.....vMe.XT..j.WT........i.-.......'....)tRNS...0.S.i..%.........L.L.t....l.......A......IDATx...n.0.......%/a.W.~"K.|..........w~..M;m.Fn...)$...ccg.....g.y(I.........R..=....yT.......w..}...O.JR*....|=...&.2.>

                                                                                                                                                                                                                        Chrome Cache Entry: 292

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):47110
                                                                                                                                                                                                                        Entropy (8bit):7.976803512948249
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:9L/Dm1LC5bpkhvjZFXEHBWDiR6QvYUs1TC+vLyq7TeZLWYTEeNbZcib/jppeR8GB:dmRC5bpkhVFX/2k1TAcyTzJdXpAJ0jKz
                                                                                                                                                                                                                        MD5:2AB8F5C5A6C57CE00974E904430044B7
                                                                                                                                                                                                                        SHA1:DE1C4F98727E300F9F491CAAFD9435C8EEFB8B35
                                                                                                                                                                                                                        SHA-256:4B320A69C7597D83F9F331A715BF923613181AF8AC32D014EC40E28B0C6880E0
                                                                                                                                                                                                                        SHA-512:35C0488B00B9E25681B446EDF82F9F8AB648C230CA44053BFEEC2E8E26B33C9C2063F713A1459710E3537664E91E9D737296074230010FE7496F5B5DD4E4939F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTEM=.\R^4,5pr..B..<......9..).P....$J.......9V.@[...'....rU=).x...E..Z4U..h....z^H/.~Vd....H.....pN........G5%%....lS4.vY.i.Ja.......z_....^..s.tQC?.........}.....&O.VHd^Ul~g.uZAxeL`[W.p.F<5zU..kQ.............RJO.}....h}..o..tD:D..wqgkf^_Q.nH9N.~jZo]s......{o..id`..h..l..K8....h.[C..F)....4~.......of.........8)".[..s`.p.8..`I@sUYcVG..p........../IZ.V1.sB/.kQwl.....+e.S.........]..lg<%.|\..W.|.OT....v...'".......^IUj...l...{GQR}..A..Scv...m.............&...eMS....Xa.%2[.....no..{..`m....4.5...u..J@V...}..{.....yJ..O8...lm.Xc.K.3.z...pL...8.............O...f..i:vn._89....~u>H............._l/..x..xI.c...4Dp.......S[B1......E..}R!...,.d%..s.I..............2.%./.Y#ap..u*.V...3b......e....7B.w..za.]..eb.Q.Fv.@.......tRNS@...'.......IDATx..kllS.....f..H......GN..WB<.....kB..!..A#..Q..-.IP...1M...f.j.Ns..L...(.D.A................K....O.}ZZZZ.Bg..Q.N.D.=..D....P."..^..#Vo~.J..L.wFY.D.......(.~..

                                                                                                                                                                                                                        Chrome Cache Entry: 293

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1716)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):4387
                                                                                                                                                                                                                        Entropy (8bit):5.854713346993039
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:pTR7xXwyxn83rrfHfjfcQfaPDo9ocDd1GodG9GxZ7ZauNjIzJl:ywBtD0LDrDdQu1ZjFg
                                                                                                                                                                                                                        MD5:82DD0AD99D88EF244A50BEDA00969266
                                                                                                                                                                                                                        SHA1:78B9961F404FAC3C2E26A5C5E55B6EF40C011792
                                                                                                                                                                                                                        SHA-256:58E829D52141FBD6F04AE6E990C70A810FE3F98A5C9192B06A086D73F810BD7C
                                                                                                                                                                                                                        SHA-512:76EE8496BBB52461C652CED6EA3BC7AD7D427E7270B60F290FF781EDEBD08490D3BE1C91547F371AB612A7D78376D37A9D5F2A843C15B071AFD9BD9CF6512595
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://im.qq.com/mobileqq/
                                                                                                                                                                                                                        Preview:<!doctype html><html lang=""><head><meta charset="utf-8"/><meta name="Copyright" content="Tencent"/><meta http-equiv="X-UA-Compatible" content="ie=edge"/><meta name="keywords" content="QQ2023..,QQ2023....,QQ24..,QQ9..,..QQ........,QQ.....,QQ.....,QQ......,QQ....,QQ....,QQ...,QQ, ..QQ, MACQQ, QQ2013, QQ2023, QQ2022, QQ..., ..QQ, iPhoneQQ, ..QQ, androidQQ, WPQQ, ..QQ, ..., MacQQ, .., .., .., .., ., .., tencent"/><meta name="description" itemprop="description" content="..QQ.....QQ9.... QQ9..............................QQ........"/><meta itemprop="name" content="I'm QQ - ........"/><meta name="description" itemprop="description" content="....QQ.......QQ...QQ......im.qq.com"/><link rel="shortcut ic

                                                                                                                                                                                                                        Chrome Cache Entry: 294

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 108 x 108, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):11002
                                                                                                                                                                                                                        Entropy (8bit):7.9776073354641674
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:A42SVjLW30Z//kSr0tG8GaehbHCPSRRl/e5/PHeVxoHAiZIRb6jdQzaVtzc8Ybxt:A4ZVj12ShazR5XeroHmRb6jdoX8YbxMw
                                                                                                                                                                                                                        MD5:D70DED7A0C0898BF1430ECF1D45620DE
                                                                                                                                                                                                                        SHA1:550289501C2DF637C0278092CE126793C57B83B8
                                                                                                                                                                                                                        SHA-256:2B8442D43FE84FBC1DCC64A970CF92C65E6DDB5D52159A7972BB427247C99D67
                                                                                                                                                                                                                        SHA-512:B3E07E5739CBF7D158BCA701591AA3CC1D49636705F1E5A4BBCE3B6629362727CEA6DA4F22382110496B7478F2E75F20E30D3046DB962580FF51D5E348C85019
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-22.77473c1b.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...l...l......fW.....pHYs................eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..);IDATx..}.t...w..{zz.,.[6f.d..c..$.B.6Y.YM'..!8. 9=..}&'Iwf..d&.=.0'.....s&.4Y.$!../.....l.X.....i{{...K.'..l...P...r.~...{....I..I..I..I..I..I..I..I9....c$..2a...3D.*...CyY..=.@.0).&.j..R...B..4:.eV......(... .....|..6.%...)....(T0T..!....X...I.M..!~.p..YS.(U...5.......5.Y....c.d.a. ...V.W.{_...[..o.b..2.T.r.94...m.....,k..G!..M.|..m..T..8\.pa.'(..LfqSs.rS...Bc......1N.T.G)_...].J.I.....r.A.x.W.2.^748...A..VP(.......x..)....|.ar.rE."Q...U.U+=.~....O.........Q......l..h)......f........[ ..*E..U.TQ...........V|.{.p..O..A.,f....t.

                                                                                                                                                                                                                        Chrome Cache Entry: 295

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):55588
                                                                                                                                                                                                                        Entropy (8bit):7.967886615532094
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ThSIDXg8xSi8lU9LTjUju7IkTKZFRY3D2gdOLlyE0x8AeXE0AGherWHUZs1:Thjdci8kLTsMcAT2bLly1DGIrWHYs1
                                                                                                                                                                                                                        MD5:EB338AC3C26A1473324D01C330AC54DE
                                                                                                                                                                                                                        SHA1:19C460EE023AA3716C950554E4598782AF6BDC11
                                                                                                                                                                                                                        SHA-256:2D72AB4ED632E7D709A81A955825D934BA2EB2CCB107F1FD9D142282F1529008
                                                                                                                                                                                                                        SHA-512:AEA5C5C9E24B1D4CD6D1D7742E221A68D1B39195CC99750044E2BC99706357C7A5D42A1FEA9EEA179E01D730A780FAB960555ACC75DE0D27200E9D8514EAC98A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE............nnn............................................YM..nM;sO>.gt...TG.VK.[M._R.dq...bU.............RD............]S...kw...eX......VI.am.].p{xQ@.^i.eV~Ze.l`.^...xV`.........pe....h\rR\....o.`Q.^T....kOW.c....z.f.v...j[M>B.Z....M;.....o`.b.dZ.WN}RD...J79......X.qh....a5+.jb....d].}s.N;.wm..|.......u.V?XFJ....m8O..Q8...'..V=?bKO..........nL.....kLGp@2.j.q- !.uUN................bD?.G/.aDp&,..{|aZ>P/.zS.B/.j.yh.zj...@/2....V%..$.............og.{&.f8'(ES..\CU5.{..+.....s.];K/+.....yVAep..b.KGc.M(.R........zjn.........Tb.zv.p`0.iny....v*....NX.rG..CQ....t..".......p..n.jt.K.z.3.../8.....^zL...k..z=.l.....^..M..^..{..[m.Z..F.p.%N....Nc...bI~...R.w....p..ORZk.OeC........o|..z6:K..5.......tRNS...U2.....nF..4....IDATx..A..0.E.LRP.N.}..;.*].8.x.|..P.M..M.]?...?..B.!....."...Z....%P.U."...<E.A........Qk.to....R..J....`....)........>a..K&)C)U.W[.(....$..*.6......

                                                                                                                                                                                                                        Chrome Cache Entry: 296

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 3840 x 1722, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):793290
                                                                                                                                                                                                                        Entropy (8bit):7.982958424724078
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:12288:Ex7datotWDMRHG4+/YRXyS2ncQHQn6VVk4qQa1DThebvS4FNIVTRm+jlG:ltvo15kmx2crn6VO4W1BeDS4FN61hxG
                                                                                                                                                                                                                        MD5:B8AB281997D9CA30FB94A17328CB869C
                                                                                                                                                                                                                        SHA1:50D8B9C62D0C632736BBB69E694062F53BFC2841
                                                                                                                                                                                                                        SHA-256:9912AAFDEF380FEF9C21E785433A45A5847C8D478922DA1358133089477497F8
                                                                                                                                                                                                                        SHA-512:90DCBCBAFEACA49347E308D86CEA02AF6FA2F1AC4A07AA59E6F58B74B6A4881711A998771BB244B83BEBD85E5C1CE1943B40B91D96FB07559384C6991DDD8145
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/bg.252a624b.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............G,}.....PLTE..................557......TUW......klo...}~.........................................klo.........................................................%..........................ONP,.1DCE..............._TNi^W....."...bdh...lnq68>......................uwz.v....XZ]............C90...tj`.....1(....TH?....xj..............|~.....<....T[n.....]cx.....u...jc..C....~qz~.IRe..a..or..........yo...gj..~4.pfy....vw........|f.............n..{....[........j........\......q.tc.v.........x_Y.....7.....so.J......~...|..8CY.........p....d................$........`n.|K=..`.n.....W,j...N7..^*1D...dQ.pP.k.I......zF..J.qlb...Z7.......O~..W...~@..p..z..RP.......O...t..p............Dz....~...A..r.K...GK.x..J.Q...[q...}u..O.p..`....>`....!..M..........tRNS.Q.H;+b..n..y.../.....S..v...Y\DZ.....IDATx...=n.0....N.....iP.Lv...Z C.\.G(.C...r........IQ.u.?.K.2...WR.......^K...v.......&..M~c..5.R.y....................2.z.0F.;..4...I..

                                                                                                                                                                                                                        Chrome Cache Entry: 297

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):33514
                                                                                                                                                                                                                        Entropy (8bit):7.959490679912619
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:p0cnHDvCJkiBf4sQu1N9RfIrxg2bSl1u5D+TF3AGWiLDTh:p0YH22cff3fZQbSfSD+TF6iLDt
                                                                                                                                                                                                                        MD5:B50E3305D3EF24787D34A0F86A9FDACF
                                                                                                                                                                                                                        SHA1:A698ADB59DCF9D9620740555AE121BAFFE9D464A
                                                                                                                                                                                                                        SHA-256:1768A03E093969E1C23C41716E01BFBC05A09D027BB857BF575C0FA8A044C595
                                                                                                                                                                                                                        SHA-512:71ED500745DC9022DDD43DFB699243BBF4B24F3EAA6E0615B316EDCFE99D673BDA0C328312478789D241E49C2B3B5A57FA84D57E6A8C68D0AF11723C597066A4
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-wz.c59f5aa3.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE.......SNTQX...HCF....u.pf.?7..H.......'&.......*&.v.1.................h`.......D..MD..|...93.~u.xl.......^X.P.G15.F:.G..lf.....l..f.....k .n.......c.........d..............g.............I..P..`..d.......V.....Z..^..B..[......., ..C..j......._..[.....%.......K..R..T..9..%.......0........N..J.....U...................8...........G&............A......[.$..:!.....a..C...._]...0)*...T.....FD.I.. .......b;<.....RRmDE.C....<56.OK......]....ic.fn.>.....XU....JAW11.....i.=2.sq....{u.:9...NE.5..tT.O..8..+......8:....af.QN._M.B7.-.uMN.FF.c..5....U].\S.a@.I:.~...qU*..?(.UZ.T%.W..R..~...1.r0.xK..wlr.NR.=5.me.UE.F6.^%.)..0/b9....s...up...cP.}.d]a....c\......\..D......D.l>.J3.7......u.\.!..v.NA.%.u.........tRNS.........*!..;BI.~iZW..j.{................/r....kIDATx..n.0....F...F.]... .."...UK..@W....I..U..}..E..R...M....D:V...tt..Y...B.P(...B.P(.G....?`.......&...7U.^....u..I.m

                                                                                                                                                                                                                        Chrome Cache Entry: 298

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):37338
                                                                                                                                                                                                                        Entropy (8bit):7.968698839749081
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768://YuAvxMeH7kBGYX4go3Z/MGuRIlviolxzxU8QgxjZgHHaHIDaifSoD://YuAZZHAnneZ/1lvio1vZyHaHIGifSU
                                                                                                                                                                                                                        MD5:74C4ACB3BA4360C7D5D1FE123693F5B3
                                                                                                                                                                                                                        SHA1:6D017B693A7A076ABFA1CE9C223244A0DF4B57AE
                                                                                                                                                                                                                        SHA-256:B8D19B198222BBD3585F56E8392DAA397253388CC284495DD1C5AFF4B9901D85
                                                                                                                                                                                                                        SHA-512:9757AFBC70F2B2C0EEE233805D1FC54571DA2AA23B2A0FD332491DCE8ED64EB2182F84523E459D773EF4495D2AF9120DE68C36F5104A76EA9F06E64DB6220456
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE...406.......+1,*/...}....&"&.........%."SJQjep&!$...baq5,1nepODQ...i..ZOZ\MWXJSUFPN@IRCMj\eJ<E...n_khWc@6>9.64*2dR__O[E:Cvhr....jZj..zlw...rco.w~...F6?..~q{`T\*"*...dX`......;2:/&-...#.$......@1;........'.............. ..........utu...x...........~........dTf..p..........w.................ofl...............6.&......lp....xz........^a.....................idg...tz...WVW...u.RNQ...y............e..j.........nnoLIK......tex...M..=<...go...EBE.RT.g..JGF/8...m^v.....___.22>'0....i.....{V....dk.\......w}.pw.:O.s.^..RV...n..dc._.cN...uW....Zd....n..@G.EE....|D.vU[....J.\9A.T.H!&gFM....NWt=....tj.|H.....t-3...}..t..}..'8....bv..~.uw..Bb.Mt.....[*.0Td.e.....BP.1<...>m.fL.;n.i...#q.X8.UN#tCq.9....tRNS..../J..Ud.......s......r.I...pIDATx...k.`..[..u...'o..0..hJ...zk..1..X."....R.P...AX..\..e.../z.C.x.....yZ..mU./.t.......<K.. ...b.H8......-.f.*W...>..........\."...|.

                                                                                                                                                                                                                        Chrome Cache Entry: 299

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:HTML document, Unicode text, UTF-8 text, with very long lines (31443), with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):31545
                                                                                                                                                                                                                        Entropy (8bit):5.283865065166271
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:TJ2YQ9duI0ViwtqAbx/GUJOhi6A6hqtsIv:ToYQ9du3Qwtb0Uwi6+se
                                                                                                                                                                                                                        MD5:F48538B41F4B87D83B788DAAAAA991BB
                                                                                                                                                                                                                        SHA1:8DC32527637EEDE127E6713D283117289E07A2DE
                                                                                                                                                                                                                        SHA-256:783F4F8E793F7F6C8800B8A684BFB99C4A5487708A4D3D758FE2B4287245E6EF
                                                                                                                                                                                                                        SHA-512:09371E0946A727B1935485052C79A09C1C8EA0327055C34AEB85E8982761807CEDE58979A6C5268C7ADC315CFDD8477519A6CA7E06FF72465D355EA3BFE4F58C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://v.qq.com/thumbplayer-offline-log.html?max_age=3600
                                                                                                                                                                                                                        Preview:<!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1"/><title>Thumbplayer ....</title><style>.none{display:none}.report-area{margin:10px auto;border-radius:3px}button{padding:10px;border:none;border-radius:3px;background-color:#409eff;color:#fff;cursor:pointer;transition:opacity,background-color .3s}button:hover{opacity:.8}button:active{opacity:1.3}.progress-area{display:flex;align-items:center;width:100%;height:30px}.progress-bg{width:100%;height:6px;overflow:hidden;background-color:#ececec;border-radius:10px}.progress{width:0;height:100%;transition:all .3s;background-color:#409eff}.progress-text{font-size:15px;margin-left:10px}.message{height:20px;line-height:20px;font-size:12px;color:#474747;margin:5px 0}.report-btn{display:block}.report-btn.reporting{cursor:auto;background-color:#82bcf7}.report-btn.reporting:hover{opacity:1}.report-message{display:b

                                                                                                                                                                                                                        Chrome Cache Entry: 300

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1080, components 3
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):108197
                                                                                                                                                                                                                        Entropy (8bit):7.965925240016335
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ajIplz8CNI/Oe+AxiRgR5kxrGJt/ElI3bo6i1PsrjzDipWOSkO3FaRTRpa7gx:aWlo/OeTL5kqJEqusrLipWOSxoPMcx
                                                                                                                                                                                                                        MD5:E7CE14171EBAD4B5EB07FB8A70E65F09
                                                                                                                                                                                                                        SHA1:13A0EF7C70413B97BE94C5537F8704123BC2EE28
                                                                                                                                                                                                                        SHA-256:0BA0B3D297B7A2AB57110F1E18728CD18100B6A6E7F8EB3784D8BD44F3A5ECDE
                                                                                                                                                                                                                        SHA-512:8BD03D0388E8860E85D7B9FCCFCA0D6C41AEC3EE85BB06BAABABE271A8CA03122023F76EFF8FE12F5E15F275F2EA2E2173733D56436E6C38DF4115DD6266F3C3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:......Exif..II*.................Ducky.......(.....1http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 23.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:A0B87D03944A11EE8656EFD4C33CE12A" xmpMM:DocumentID="xmp.did:A0B87D04944A11EE8656EFD4C33CE12A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A0B87D01944A11EE8656EFD4C33CE12A" stRef:documentID="xmp.did:A0B87D02944A11EE8656EFD4C33CE12A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.....................................................$$''$$53335;;;;;;;;;;.............................%......% #...# ((%%(

                                                                                                                                                                                                                        Chrome Cache Entry: 301

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 330 x 330, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15463
                                                                                                                                                                                                                        Entropy (8bit):7.960717688850482
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:IVvwNlQ7OjzqKWBQzfRYJaS3n+GiP4IEJ8J7:Ipk2qX3z+JaYn5iP7Ee
                                                                                                                                                                                                                        MD5:05A71DBBA3D4953A14985CA4F13FC508
                                                                                                                                                                                                                        SHA1:8335DD71FD30EF3DB08D1B2AEE9EAAB0DE35DDCA
                                                                                                                                                                                                                        SHA-256:614584147BBAA7503AA7C73A769E5BC00119555104C0571236666458AD49C348
                                                                                                                                                                                                                        SHA-512:6A77578704609DAA537B6FBA071A6B92B025E1731322A4288D528978C091540159E7E804DFA2B6F5D858E1A08D478D174EDB710EAEFDB98EDB3F97FB9D45FF00
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...J...J.....L..7....PLTE...j..,..0...........0..1..1...../..1..1.....7........q..0........3.....s.....3../..n.....1.....1..m..}..m.....1.......E1..^q$.....G.............................G........E........B..>..C..F..E..A..E..D..E..C.....D.....@q....By....A...{.......D...........A..Cn.......?..D..D..B..?..@.....E..D..D...v....Bt....Dk....C..?..E..B..?..A..E..A..@}....B..B..B..?..>..D..B..@.?..@..A.?..?..A..@..?h....A..?.....D..B..B.?.?.@.?..@.@.?..?..BMp(..@.@..>..C..A..?..?..AK....D..B.@Tp&...[q$...Xq%..B.@..A.....B.A:.......?..E..B..?3n-Eo).@..?.....A.@..@..s.A>o+..B.@t|(\...@A...A..E..C..CU.... c....;p-..b.....0......iv%....n..6....O.....6.:.....9..3....g.<....[..Q..Q..w..U..D..J~.*..<..V..<.7Lz1..O.._..3..i..9..@..zu.7e.4Y.3.....<.;g.5W......&tRNS.. . `;`...@...0.o.p..P...... ....P.R.&..8.IDATx.....0.F..I.... ...........z.m.i....8........................O...;.P1.ri....!~=.c..!.....V..9.O...u...sP...q.b..d5.?^../.q. ....^..\.>

                                                                                                                                                                                                                        Chrome Cache Entry: 302

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.918619934259333
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:llDFHtmQPjafXKPONEhKHdhf5tQseClu/Zp6qnUaFfkfX:llZtmQPufaE9Hdr2Zp6qnUaEX
                                                                                                                                                                                                                        MD5:DC39A44C0E9F9FF34A35E509208A70B3
                                                                                                                                                                                                                        SHA1:64C40AEF34DF78C7C1B225DF93D0BC8FE7EDF128
                                                                                                                                                                                                                        SHA-256:A6668698513BEB633EE40060FB6F3022C94F00B60BB33E39254EF818383173FA
                                                                                                                                                                                                                        SHA-512:7B9C1E9F11D31B59FA361D1EAF77B52D5DA17B0D409CE9B0E4A42C789FE2DBBC6B836F61BD43E3DCB30856E06A6197FC6D0227F3E106764FEAB8D721CFC1A9F6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:0
                                                                                                                                                                                                                        Preview:... ftypisom....isomiso2avc1mp41....moov...lmvhd..................V.................................................@.................................~.trak...\tkhd......................V.................................................@........8.....$edts....elst..........V...........~Wmdia... mdhd..............a..!vhU......-hdlr........vide............VideoHandler...~.minf....vmhd...............$dinf....dref............url ......}.stbl....stsd............avc1...........................8.H...H...............................................8avcC.d.2....gd.2.r.......j...............Q0...h.9DHD....stts....................stss.......&.......-...............(...E..._........... ...^...................,...P........... ...............7...d...................*..._...............>..........7.ctts......................N ......'................................................................p......................................................'...............................................N .

                                                                                                                                                                                                                        Chrome Cache Entry: 303

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (14224), with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):14224
                                                                                                                                                                                                                        Entropy (8bit):5.208620707176113
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:yJOd/BFQ13X9qEhMvbMx1TdywFCMC7Rh1Q9JzfFsLw47Jic36oL7:XPFQ13tThMcUwDfFsLwC2q7
                                                                                                                                                                                                                        MD5:549A976EFB6E4679ED06F748DA789657
                                                                                                                                                                                                                        SHA1:B22B547222EDE21978C96D17ACB722ACABFB88FF
                                                                                                                                                                                                                        SHA-256:0640D31D870F781C59F752BAFE13D5DD04851F06675DBFF58903888536C52086
                                                                                                                                                                                                                        SHA-512:3190127C50E816CC5AEC35AA851A57C189320AEBE3E7D7AA6FBCFC1A9858E854A51A314953DD013F3481C75AB159ED838AC09B628C31381E3F065CD2A32FC08B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/other-chunk.b343dd17.css
                                                                                                                                                                                                                        Preview:.q-share-picture{color:#666}.q-share-picture__img{position:absolute;width:253px}.q-share-picture__panel{background-color:var(--bg_top_light,#fff)}.q-share-picture__title{display:flex;justify-content:space-between;align-items:center;padding:16px;padding-right:10px;text-align:center;font-size:14px;color:var(--text_primary,#000)}.q-share-picture__title .q-icon{padding:6px;font-weight:700;color:var(--icon_secondary,#999)}.q-share-picture__list{display:flex;flex-wrap:wrap;padding:0 12px;margin:0;list-style:none}.q-share-picture__item{text-align:center;font-size:12px;margin-bottom:16px}.q-share-picture__item:not(:nth-child(5n)){margin-right:11px}.q-share-picture__icon-wrap{width:60px;height:60px;background-color:var(--bg_bottom_standard,#f5f5f5);border-radius:16px;display:flex;flex-direction:column;justify-content:center;align-items:center;margin-bottom:6px}.q-share-picture__icon-wrap:active{background-color:var(--button_bg_secondary_pressed,#e6e6e6)}.q-share-picture__icon{width:24px;height:

                                                                                                                                                                                                                        Chrome Cache Entry: 304

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):37338
                                                                                                                                                                                                                        Entropy (8bit):7.968698839749081
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768://YuAvxMeH7kBGYX4go3Z/MGuRIlviolxzxU8QgxjZgHHaHIDaifSoD://YuAZZHAnneZ/1lvio1vZyHaHIGifSU
                                                                                                                                                                                                                        MD5:74C4ACB3BA4360C7D5D1FE123693F5B3
                                                                                                                                                                                                                        SHA1:6D017B693A7A076ABFA1CE9C223244A0DF4B57AE
                                                                                                                                                                                                                        SHA-256:B8D19B198222BBD3585F56E8392DAA397253388CC284495DD1C5AFF4B9901D85
                                                                                                                                                                                                                        SHA-512:9757AFBC70F2B2C0EEE233805D1FC54571DA2AA23B2A0FD332491DCE8ED64EB2182F84523E459D773EF4495D2AF9120DE68C36F5104A76EA9F06E64DB6220456
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-gm.6afa3939.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE...406.......+1,*/...}....&"&.........%."SJQjep&!$...baq5,1nepODQ...i..ZOZ\MWXJSUFPN@IRCMj\eJ<E...n_khWc@6>9.64*2dR__O[E:Cvhr....jZj..zlw...rco.w~...F6?..~q{`T\*"*...dX`......;2:/&-...#.$......@1;........'.............. ..........utu...x...........~........dTf..p..........w.................ofl...............6.&......lp....xz........^a.....................idg...tz...WVW...u.RNQ...y............e..j.........nnoLIK......tex...M..=<...go...EBE.RT.g..JGF/8...m^v.....___.22>'0....i.....{V....dk.\......w}.pw.:O.s.^..RV...n..dc._.cN...uW....Zd....n..@G.EE....|D.vU[....J.\9A.T.H!&gFM....NWt=....tj.|H.....t-3...}..t..}..'8....bv..~.uw..Bb.Mt.....[*.0Td.e.....BP.1<...>m.fL.;n.i...#q.X8.UN#tCq.9....tRNS..../J..Ud.......s......r.I...pIDATx...k.`..[..u...'o..0..hJ...zk..1..X."....R.P...AX..\..e.../z.C.x.....yZ..mU./.t.......<K.. ...b.H8......-.f.*W...>..........\."...|.

                                                                                                                                                                                                                        Chrome Cache Entry: 305

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 121 x 121, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):9080
                                                                                                                                                                                                                        Entropy (8bit):7.97339212610903
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:saDQLp60sEUE14XW4ExN7SMZ3G5naQaf6r2j9L6/JdrBPJ35x:stz4G4ExwS3G5nK6r2xcdrBPJJx
                                                                                                                                                                                                                        MD5:CCDBDFB8D84B291EDB24946BE9957719
                                                                                                                                                                                                                        SHA1:27DB831377AAFFA4FA6FF912BFD23F28B5D068D1
                                                                                                                                                                                                                        SHA-256:F75DBB19DB6774F7246351423A6ED594271D5A5BED4436DB59407B2A2A7DFA5F
                                                                                                                                                                                                                        SHA-512:3C58717534262F153C943FDE25C26AB6727919CFBCE0DD76BDCD3173303D8A9015E53072A53EC49B6568F6C74EBD0DE7EE385235C55041D744A1D7DF5C30E9C8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-logo-5.87d757fd.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...y...y.....*$~{....PLTE.............TD........Z.....{.................S.. ................lK +1..S.... &.........rM..z....lJ1>F..$..............!.~S....%+.......#*_kr....b.....S.....#.....~............-8@..t.oK...|..Udm..!.....b..X.ZH..............!.........@NV..$.........>KS......Xgp&07....:B0<E...-8@. 'Q`iUcmCPYVeo.........2?H-6=.............)0Sbk...Yhr...[is...ES\9FN*28!,3......N\f*5>P^g......LZd4AJHV_...]kul{.)3;........JWa#.5....&-fu..$+.")...bqz<IQ6CL......^mw...LYbds};GP......HT\...r..&1:hw.o~..fH......v..jx...........x.................anw....lI.......EOU.pJ...............MD...|........_G........M.XE......xP....g.vJ..|.~T..a..Y.....s..n..[..W.....f..`.....w.....i...ku{....S.........[Am:0.nG\D7.E6......P<:0-S,'.......e.V{p[.zP.dD.D6.}.r..j..Z.{KaD.....HtRNS.1..76....3..4....7....V..:&.........~of`T@76....w<+......w......=.aA.....IDATh...O*W..M........}.%i.i.>..}.C_<..d....(.Z...h.......0.D....r.H.&....7...!.......f.%..|k....}F..K/...[.

                                                                                                                                                                                                                        Chrome Cache Entry: 306

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):50531
                                                                                                                                                                                                                        Entropy (8bit):7.966740321893992
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:EMVMGp73Z0dyPU23vL/zeZwWnkOmbA1a2UuJ:rVMM73qds/emWMbA1V
                                                                                                                                                                                                                        MD5:8CEDD744B699C86ECC62E474026FF0C0
                                                                                                                                                                                                                        SHA1:1912B7A1D5444D47E4069D85DED80B0534E6AA9F
                                                                                                                                                                                                                        SHA-256:7C677F62E0BB1B84ADF3361360596B61A1277EF550597AA228945D686F127C42
                                                                                                                                                                                                                        SHA-512:158F9FD16D42C99AED25C191FD72C871D1AD6AF0B0924497078982771D224F5E76CAD9DDD474F437ADCE724EE380C064FF01CD632C8F6D54C6E2CABE6F51717F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-11.1e3d5127.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............zzz.........RRR......................................................................................................................`\V...\YV.....d_X................................fa\......a................................WVV...je_V....W....e.....................rZY.......[..........L............z`..^][......x_].....A.................t.........\...........oid............Q.......\_a......nkK.....@..zff.......urNOR......v..U.........x......~sk..~.....q..T.........~.......g............h..P.......vjq.qbgi...^.....w........................_....p......................^........k....m...mv....}.........p..Q..U.....q..f............fT......h..|....C.......{..a...{....a..x..6....tRNS.....8.sU)............IDATx..An.@.E'(...g..."......Mr.9.{$Vl8......*7......z6f4...n.KQ.EQ.EQ........._*.G.<..h....8[..Cu)L&.T....2(B......x....TN.?..U6.8.....*F.....~.x.

                                                                                                                                                                                                                        Chrome Cache Entry: 307

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 146 x 170, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):10726
                                                                                                                                                                                                                        Entropy (8bit):7.9699290675293275
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:2taETf9lbSgB72SKFonFcYeGsgUn/+6XIl3YEXx4vy4NjtEe:2takf9x7ASUAcYgn/+6X6o04vy4XX
                                                                                                                                                                                                                        MD5:E705F1CEC1E66F61882A8BA92CA59FFB
                                                                                                                                                                                                                        SHA1:0B78ACD5F83187847147AEC5D31290998206A85C
                                                                                                                                                                                                                        SHA-256:9D68152864EF6CC0D918B972CBFC76A1265E4775C129C3CF5528D5FC09DC28D8
                                                                                                                                                                                                                        SHA-512:BAE4F1D6451861A7D5A88761D776EB35CA6BC62B2F6751FDFF2126B6185332BBD84CDE3A952D3C55E2A500C1D25C92F3DE81C6A1F7A0D8F2CBE94291DB97E6FC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-5.587b1e5e.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............q..|....PLTE...wxofd\.~uKKF..fg`AB;TUO...\]U...YYRYYTZZTooh]]V^^X...ttl^_X...KLF]]WPQK...^^X_^Y...^^Xde^||t......dd]ee^kkd.....tskTTN....}..z...hibwxpyzr...wzs..}.....y.........mnf...............................MPJ......`aY^_X## &&#\^WZ[T[\V01-23/ab[$$"./,()%%&!XZR,.*XYT)*'. ."".((#+,(UWP562 !.,-(TUN#&#&(%8:6350>@:RTL;=:DE>CD@OQINOK...WXQEFB@B<HMJMOG784*+%...@DABC=JKDFHD12+LMJ7;8iplNTPLMF<>7:;8./(bie\`WQWT:<5251UXS892ch_...PRK>B>;?<HIB385mtn]bXRVOFJHHJE'+)Z_VBGE.2.FG@^eaTZW)/,t{uY_\|.~W]YLQLX]TKQNIMFek`ag\fli\b_.D./41...pwsx.z>2&jph"('...............wwsI0.r*......67/..|...ssp...yzwQRN.........|{yhkd....X..C...._c[.G....Q$.|.....Y/..N..N......qxn`a]\&.e......d....?+....+33.9....H%..1.4..m1..C..9..,../.i&..;..?\7 .?.G:/3) +"....l<..}I.l..L.....c=I@7.j3w>.i?(.R<..Q....GtRNS...c.G.....'.I)..>E.......a2....9..r.e5Y...M.......nD&.....\...~....X....&QIDATx.....@...la ..X...B.p......w..J..4&..L.Bp...@EF.b...e..."XH.{.|...B..n.k.....7...1..0..0..0..0..

                                                                                                                                                                                                                        Chrome Cache Entry: 308

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 868 x 1592, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):186062
                                                                                                                                                                                                                        Entropy (8bit):7.976052427970381
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:U4YQ/YltYaktLa++NlpHMSH4v85WebWBHcB5lRrKN2ciWxIjLY70IKEzmdoolifA:U4Y0akVaFzHMSYv8tbWBHcBL5lciHYz4
                                                                                                                                                                                                                        MD5:1802AB075609934B68B194238808E6DA
                                                                                                                                                                                                                        SHA1:27B1C78682B1D25F3EE89A1EF0593EFEA070F5A5
                                                                                                                                                                                                                        SHA-256:49FB5963C746A33F9942D3CE39DEBB364350D0036871B5B369D25FF4AC15148B
                                                                                                                                                                                                                        SHA-512:BBA048B2986AACFE7041D351D658121121F8830EFD11776DDAA6D1F3C9BB4749C84BDC0E78958870B5EA610FBA9CAEE07F19BD5AC4958FBE4EDEC6A5CF9C78D6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...d...8......B......PLTE....9}.:}.:~.;~...9b............................................".._^^...........$...?A@9...........*/5S.....63>$'11.9M..9....2KO\DGT78G........rmn...q..'*E.............:@Thn}PKQ=C`B?KM_.QYu...FMj0..(;:b[iZP]...Zd.iQR.....c..nbdC..,4X\h.RZd....~..|uyNh.r|......Q@B;X.\HKi{.io.#[.fauq..Zt..nf.,VF6:`.....2E.z................p........6$4i*DqASz\go...^...^.50...Vy.i.....=e.:w........Kg.|k.[..!k........XF)....x...zm.aY...-D.4T.....................h............/*D.........g......lE..8....g6 ..$y.;.......KP.}s..s........$....C.....z.....g..jK.L.I)...`..eh.i...Yt.......Y..c1a.@..z.........r......\.T<....H`..A".h.Ak..&..l.....S=...q.Tf...]..)...HH.S#<..S..w.. ..zP.......mA;...%....w0.DW.p/k.....Gs..YT.e...k....{s...6./.....tRNS.....54.r...[...wIDATx............................................f..a ...?.fo3...e..PpdY.@.R..`0.....`0.....`0....c0..x....,...?.^.%.T.P..l..L...C.K.!.....(...b^Q.<..d....A<.N

                                                                                                                                                                                                                        Chrome Cache Entry: 309

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 1920 x 1080, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):181293
                                                                                                                                                                                                                        Entropy (8bit):7.987444042817545
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:a2aab2VmV5SPsWvwafEk8sdTn7KM/8mYol/UaWEXSUM0gRRnuZfETo4A+Mzq2qz0:aFa6V+Wvbckd7sR2ZLXSagPnuOMzq23/
                                                                                                                                                                                                                        MD5:06E40876E3D85A102B955A1BCE327E7F
                                                                                                                                                                                                                        SHA1:EC09F1F5612C2B09C6C6AD37EDCF7D1CDFAF220F
                                                                                                                                                                                                                        SHA-256:2534CE591FC99AEFDCD189315B494C9BE4D464AEAB2B957E03A092B7F6FCD82F
                                                                                                                                                                                                                        SHA-512:3D0911C85AEDFE54EE3FF0447EBA8959393A146C11C29DEC443F27F98083C2E5EB2F680C3BA978604625ABC3D403FEB296C63EC496B91E0246054191CDA1036A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/scene-bg-x.6a1a9834.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.......8........C....pHYs................eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6...nIDATx...v.8.n..z.3xS..l.V`@.....m..2..X......&.a.`...`mn..D.j.......(..mH.....x..V...x...#.k.Wh.?n....-.V....X....K.....V...m...l...(..-........r....@.....Q.=B>..X..fL;.Xa|gF.......!........`n..m.g.C...3..3.m.r....3......`.....yff...`..@....(?...y.`-......<....Y.m.....c<h.-T.z.?.B}...0.. ....&..ZA....]p>.7.C..H....w;#......Y...b..1OiW..C..X....z@...Q.G...`...|.x.sv..A].6...\H.V........B0@.l{.@.....`-.V..s1.u.dy....C..@^.....D`.=.~.@.......a.=...Fy..s.uD........A...........a...V ....8f..:.........Y.....GDh......v ....0.....k....^0.....7...p.B>.

                                                                                                                                                                                                                        Chrome Cache Entry: 310

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 615 x 346, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):24909
                                                                                                                                                                                                                        Entropy (8bit):7.905624713859312
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:uxBkI6ipAh3IEkI591T1pj4/Yu4iS2M5yumjZZe1XmGYHt7Pla:8BkI6iUT31hSBSrsuOZZKXmnU
                                                                                                                                                                                                                        MD5:D99F5228D03D33BF82EA3829DF19433F
                                                                                                                                                                                                                        SHA1:85168A4474C057B743BBA0B1790F6F8964494AF3
                                                                                                                                                                                                                        SHA-256:552A1C45AB3EBA97C44BD109956E365111A7D39F8F6CCE17573C14F1F6A753F9
                                                                                                                                                                                                                        SHA-512:5870EB3DACF81A377B5F76DB831D9537D0D145B14649281905BB0189BCEBB095A2CCC75E0442A812C304551073F6BC4210912A6B83ECB01ED609E316700D3A12
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-5-1.cae9b87a.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...g...Z.....[.......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6.._.IDATx....\U..i...%@(.@H..I..........R.Q..P.#...T..D. .........?.'.0...3{g.......aw.......+'......fB.!.....o6.?...M.!..Bt7..M.!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $.

                                                                                                                                                                                                                        Chrome Cache Entry: 311

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 152 x 152, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):19176
                                                                                                                                                                                                                        Entropy (8bit):7.983338413624944
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:GOlPWT70FVi7oViVO9eJaFIntcJrlbNoldw9OBh/esTTrVz:GOlPQ7e87W9eJaKtA5mldf//1TTrh
                                                                                                                                                                                                                        MD5:B8B3AC9B2ED87863B567118CC18BBD15
                                                                                                                                                                                                                        SHA1:AE314CBB019CE1710D39EA0FC4EA23D60D177A70
                                                                                                                                                                                                                        SHA-256:15DC12C46BAAC97C8665C5D40A3323BF7242F266FCF511E14C15EC138ADE546D
                                                                                                                                                                                                                        SHA-512:0A78C53541DD77E0BF14E5799F01CD75E39C9ED2A8A51A71FB9DF9F24A3C3D2C105BC6C7BF133855F5328B4F16F073BEB7F5530C29A4BFB8BD22DDDBA6D6643B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR............... !....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..I)IDATx..}..]Gu.9..&u.-Y..q..../.2I.c......Y.&.....M.Y2I...2..pB...[.|...1X2db......"c.V...$.[R/.....^kK..JT..w.u.....N...d:.N...d:.N...d....(...5.>{..p2.L..).+|n.2m..a8.N.cM.@].u.,.uQ...t|.4.td...h]:.b.O..N....f.D........[.nm.Z.s4..].>....W..4{I..+....{.._M.......o..aW..Jtx...8....E...h.*@2::.....\..)....!,P\x.+^N...o....p.S.(..}.S...;v...?..~...=.....0.y...[..|.}....>..`..m .J..;..........6..X{.8$b.#..U.}_............;...x...w..e~...iN.L.$.k.o_}.g..6.'d.d+..>z..y..O.*..^.........`.?......x .>.;v..|.Oa....W.r...,.Y.u...Q.....nZ.Mk

                                                                                                                                                                                                                        Chrome Cache Entry: 312

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65458)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):164836
                                                                                                                                                                                                                        Entropy (8bit):5.4141536255986855
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:lypM2Ag2xOO2NPrUE8Pbq6FXj4dlkCGfdJ6dK1m8wqTY:lypM2AHOO6r6FXj4dlkCGfzTY
                                                                                                                                                                                                                        MD5:0F0C9E1EDDAEE7BB222D26EF9F59951A
                                                                                                                                                                                                                        SHA1:11F609C9B805C356F0BC18A30FFA812BF1DD1902
                                                                                                                                                                                                                        SHA-256:E0C78AA993AF098837267BA6E735B477702467F3F372D63257F04FEE70C0B347
                                                                                                                                                                                                                        SHA-512:60EAA254A94A40530B2BFC19476057E2755CE670380C8D652CC1CD2977095F98E7825CC6E39F7CE337CA6922785A05D94A58A57B114DE23C64D923788F780829
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/other-chunk.ddf042d1.js
                                                                                                                                                                                                                        Preview:/*! For license information please see other-chunk.ddf042d1.js.LICENSE.txt */.(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new||[]).push([[256],{7268:function(){},402:function(t,e,n){"use strict";n.d(e,{p:function(){return r}});var r="q"},3936:function(t,e,n){"use strict";n.d(e,{s:function(){return c}});n(1249);var r=n(3396),i=n(7139),o=n(7261),a=n(402),s=n(2482),l="".concat(a.p,"-dialog"),c=(0,r.aZ)({name:l,components:{QPopup:o.Z},props:{modelValue:Boolean,visible:Boolean,title:String,content:String,dangerouslyUseHTMLString:{type:Boolean,default:!1},dialogClass:String,showConfirmBtn:{type:Boolean,default:!0},confirmBtnText:String,confirmBtnTextColor:String,showCancelBtn:{type:Boolean,default:!0},cancelBtnText:String,cancelBtnTextColor:String,buttons:Array,lockScroll:{type:Boolean,default:!0},beforeClose:Function,callback:Function},emits:["click","close","cancel","confirm","update:modelValue"],setup:function(t,e){var n=(0,r.Fl)((function(){var e,n=(null===(e=t.content)||v

                                                                                                                                                                                                                        Chrome Cache Entry: 313

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):64092
                                                                                                                                                                                                                        Entropy (8bit):7.992531468178547
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:768:w6rLtcso3GkXCmVetR7ZqN1wKLNoYzHVZswwOZdHT1XiNU2K8SkAwUhpkX+U58NW:w6ra72kXCMXfNHsw/ZdHTE68SkTMEeJ4
                                                                                                                                                                                                                        MD5:B3F8BAC78A4FBF8CA55EA0759B0D7ADD
                                                                                                                                                                                                                        SHA1:3BB60C748E6F6D31E2E98D65F2ACCC2CDC27D5FF
                                                                                                                                                                                                                        SHA-256:D105E7F68E5ADC11E3A7CB7C93355FAB28BCFB9AFDEB7FC3B730684633AC9701
                                                                                                                                                                                                                        SHA-512:7E1FC67B286F47931DEAD8170071A6AEDAB531D05F802F189339845A1911280EBFBB6A44E4AF85EDB577A110BB9E68D2260D73E71994A37B85B0F482EA1DE11B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTE.;)4/.9..TS:W]Alt`WaG#..YV>....~:H>2PJBP6=D*..24.!..".....#..... .."".............& .%&....%#....!,....#.......%0.......%%.(+....(*.!(....+$..*.......,:&f8.+3!.'. "..(.NXDOX;$>.hs_(6*YnV...+<2cmX/8,S]=./.....$/%VV@.0!FC&67.+C53+.];.51.Y7.35$....7r^u\...@? .4f5&.S=. 7)6PH<..11.;K@5?4...$6#3?,>7.QQ>=D)WX8l5.bug3..Y_@...DJ)qud...QU3`mNV\I\ePPbCj{g6="..../YMM7^fY...irT"=.-K=`m`t:.YP9%C:Vl`MH-. %K9.iz\<:(hgQ...e?.nl[2C=b}pUve7I6(..|..nzoy5..<}18.TK3H\JYfF_5.FU=a~dCE5~..+MG`W@zxf<WOEO4vwX:<..+LPmY...ScZDPGQgMp.t)5}s.dYB..#0cbF-C,.%>/TQ......(A.q-_GA.q@.F`VGmd|.q,(.<..I;#}1m...D5.i/y... 75p|.x..y..e.|Rzs.|eb..x251P.......<c....i..|.m......s..7`]f...5Pj,K...|...[~.TP....vw.B]....bg.6R..GxXs...kIg.Nr......~l.....~oY...........u.........P$!G(Xc..5#6............tRNS$....``...`._...{.}.....IDATx..Mh#e......i.&...r.,Y. .N......a...!....c..He...`..CRbh6..f.!.[v..E.."......_......X.((.?3..v.l..7..#{.Cg......T..{.^......j.W..|.A..N..[..

                                                                                                                                                                                                                        Chrome Cache Entry: 314

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 311 x 311, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):17747
                                                                                                                                                                                                                        Entropy (8bit):7.963201877508795
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:+kEaThRCFQnjM54cjUXc8o7QwTVGuZSxrwtJMghDtE46+c:5CFsEjUI/YuZSxkM2Dd6+c
                                                                                                                                                                                                                        MD5:38E67B8BA9A7863DAA3E6433D86F629B
                                                                                                                                                                                                                        SHA1:D2D2C240927406F54D76806CAF92E36A229F48B5
                                                                                                                                                                                                                        SHA-256:2404B986239DF15C16E2E3CE72F671370FB145B5491BBB608A1613D8CB7B82B1
                                                                                                                                                                                                                        SHA-512:FA095CD3230A27410A32A7B0C202378126F7DA6935C1DAFEA2BC2E3FE448586F9C10766B32C7FCDFCE19BC8135A7855C0AFFBA7F1A9FE73B122D9BCD66BD9B0A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-10.4f6a1e0d.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...7...7.............PLTE....yz.......hj..1.~".."...........%..)..'...................~ ..............%.....$........$.................W.................$........T........U.......} ..U...........S............~.p........S../................{|..........}~............................wx................yz.......................................................jk.......rs....qq......................gh..........st.mn..Y.tv....bc.uw.....V.....U..S.......lm.....S.pp.....R........W....oo..P.de..P.ij.ef.....O..........^_..Z.....Y..M..................._a....aa..N.\^..\.....I.....K..(........@..C.....:..Z..,..T..]..W..<..2../..G..\..4..E.....7..%..Y.}!..[..K.."..D..'..P.z......+..4..U..G.....R..N..K..0.[\..U..>..B..;..8..K..#.WX..J..T..m.QS.x.IK>.[...d.^0.X..{..r..nW.]v.K.....b...1.HX.I..Bc......FtRNS... ... ^.@...~@0..@..`.o.._0..P! ...oP..~...0..o...m..........O.K..A.IDATx...1..0....$..E.^..t...#..![...@..~.^.f...;.;}...................G....O~W....B|)...m)..%&+z.R.+

                                                                                                                                                                                                                        Chrome Cache Entry: 315

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.99966101034048
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:SHWH+aT8BnAZa+2Hgx9NXMtkXbU2T2falirf67:H+DASAskLU2irrf67
                                                                                                                                                                                                                        MD5:6852A034B21C40ABE6640D6BA3BDC61F
                                                                                                                                                                                                                        SHA1:9DA127E240F7BA9CE1D974D5C51DA971E5D0CF8A
                                                                                                                                                                                                                        SHA-256:12FEE48588E9AEFE9948B2B73F5038F108DBA387945A0AB02C40E57AFEF613AF
                                                                                                                                                                                                                        SHA-512:F2D935CA31C7AEBC645B4AF67735F4CBFD26A16B326177ACCC2994A4DCAFDBB3F355B6E008091CF564502E6EBEE61EDA46C1444CA9DC021153D9DC481D143437
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:3
                                                                                                                                                                                                                        Preview:mEf..C......8G.".i...o...6....~1..0.f...L.........e.c.ZzB.1j.'....s.H./..1WN.......+2v..U/{.QB.h.d.A.|.......D.......l.H.9...k$pD...\..mB?j..L..DF.g.-"...%.......:..oK..{..Z....1.8..h...(...VK;....n.........C..g....}...P.<{.f#dq1/..Jvk.....`....6b1d....;9......UA..u.c.M.......V...z.M~t.../..l.....:..........K)7t[.y...F..........Le.0...h..uX*.lB..740<..6F9...$I.0.0..z....q...F.;8x.x.C7..(..J.^..kVh.uq.Fw.Gg.[.Sn..$..E.ku...=..A.g.!.nAQ...H.......b.H...g.."O.p.......lM....^E...................b'...P,....5.........b.0x./.L]B0.W)U..7...~).D.7.3..&.k.Z.....{F..3;=.]..6)..+U..i...N..a..F.U.u=D@...ajN..ykn.j.k...[...y5#...flu..4Kh...'..n.UG.].C..u.......g..l......Y...H8.57.B.Q.2e....).)....4.. +ds.11dQ."k.V.....$.@V.5....B.$.k.dGO.q...v.....gm..+H.1@.......Gt..b'1..L%...T.7q9s..J..|T..=._j.!..B.sK...R.....`....{D....Y[U..Cs.....j.m.|...?~.Ua...+.J...._.Z..R.....'.|.Z.t.`.,j.....z.8..!...iP.&...y....s./. ..b...k.<.....J.

                                                                                                                                                                                                                        Chrome Cache Entry: 316

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 121 x 121, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):11928
                                                                                                                                                                                                                        Entropy (8bit):7.979219128250882
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:2/jd2qJxm3HMTF7TNctutuR9M6ENgVtddfaf63Eq02Kor8PCacHKHJDSy8dCHhoS:a0qHm3HCTWNRPEwtTafQEkrYCappDNoc
                                                                                                                                                                                                                        MD5:3D023D568DA1BC239AE899B20FC628A8
                                                                                                                                                                                                                        SHA1:5397E59CA33DCC761656B612F3CAE2EF3A50051C
                                                                                                                                                                                                                        SHA-256:DB08AFC5E482A6E2F40C558F064600E84006A9C6945BDAE6E2FF63CC5A464EE3
                                                                                                                                                                                                                        SHA-512:17C1177A9213C5DFDF35F5FDD12A7668FF8E76AEF1FA615EF208AA6F0473ACBA5EBBF3B75AE10D0D04DF78230EDFF7FED046D19F424896118E485F74D6DE8F59
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-logo-4.2763deef.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...y...y.....*$~{....PLTE...19_#';Z\....28d...NR.%-P"&G#,Sh..3>d&-M.!<=Ix..3KQ.<C.H[.:Dq......;E....*+;..*."1,->...%'8)&4..%#%3;5C..!/0B..,-*7A8F1-<,3L %E%,D.$<71?.$5#)?18Q. 8>B_)6VHS|7Jv=N}0?j6.8IRs7>Z3Ab*/G33F-:dPX.=JlAGeMY|4Dm@V.2:W%0NJZ.,;]Q].&-T86KHb."(L7FfCP.Tc.=O......278_F=LFS.?RtCJp...q..@[.n..U`.w..G_.a{.1AtKO.BI.4H}Sf.GMi9<i...&1[IDT:Cs+4b...jy.^m.<S.Sf.>FzEc.6W.]c........er.Ji.% ,g....Xo.\h.==S`..Z{.Yn.Tr.e..Kv..../7nQt.7H.~..O..Mj.N[.[Q_.....6?zTJY.....o.....s..r../0[...^..kz.]d....|...jt...&.......Fn.Ab.s^k......|.......}.._....Gk.w...|..^i.......Q.....^x..x.jk.Z^u...Z....l..d.......@T.8d......fXg......l.......SQi...@y.P..Sw.qt.n......kKZ...`..y|....}huT<L...eu.p}...o..Y[.O..C.....d.....w........P..Ph...........Rz.T..Eo...~yg......7G."-. .=....tRNS.?@>. ..o..>....s..g.\xg...+.IDATh..kLZg.....g.:M.....=.@.9....Vn......a T...Sg...M;...n.......%.s.R.nV...~.....i..>.9..........{....Iz.../l..QE....E1...d..;Z.6.M.

                                                                                                                                                                                                                        Chrome Cache Entry: 317

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 313 x 313, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):10656
                                                                                                                                                                                                                        Entropy (8bit):7.932010847910039
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:dqYYJPT4gghFpEJj2dJQ2wcT1hSqnURRJBvsSUv0p1:k3PT4EJin3wcT1hSqnUbnve0p1
                                                                                                                                                                                                                        MD5:F561E3801404CE76F185066FB255EAD6
                                                                                                                                                                                                                        SHA1:6AD3FA571900696715A1CC1D684E2050793F2BDF
                                                                                                                                                                                                                        SHA-256:EEA0D44FCA098300A7D54F9454C936FCC494DFBD6490F2D3F9CAD56A772C6FD7
                                                                                                                                                                                                                        SHA-512:847229EE9A5E7F7BA478775A2D495F5906DB8E4999851924C66B84572D6EAF4C57F9706E9BBFB7214853651E1F57F4B7588D89FD1397144FFBA5681C1890E290
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...9...9......?......PLTE...........................................................................................................v..vs...........w..w..w..y..wE|......w..wV...xr.........x..w..x........x.....x..w...g.........v..x.....v..x............@{........w..w.........t....<z.m.....p...x...........`.........x...........x..v..........x...n.8z.............o.......w...~.............y..x...............x................r........wv.........x...^...~..h.........................{..............v...z.......i........~.............^...........}..........................v....y.......s.................................o......K.................n...........{...........|.......x..........}.T....l..o..i..{....g./?..."tRNS..`.``..;.E .........pp....D....&-IDATx.....@....Y.f.+L6f..L9.4T......\ga.{.....Wj.5.....W...}..Xd9.x...W..##..B.!..B.!..B.!..B.!..B..7S{bY.....X....d.<{\tE6#.y..}...

                                                                                                                                                                                                                        Chrome Cache Entry: 318

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999702516842735
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:/2st8lHp4hilSrg1v+kxnFpY68QM540NHD08ONc+px:/VMpoilgDkxnFpYTND08wpx
                                                                                                                                                                                                                        MD5:45EC7D0BB2AFE5777546AA6114292406
                                                                                                                                                                                                                        SHA1:7B9E2B3538C8786D8F5B52B7CE2E724FB5368271
                                                                                                                                                                                                                        SHA-256:40BDE28ACB0EAA6CE1654F419AABEE35EAC422AFFD65FB1550346AED209875E8
                                                                                                                                                                                                                        SHA-512:1765844E4512F29F46CB9C4076643E9047DAF3CDBB64253FEECBD8C09ECB38AAF37AB26E2BA1D38C8F32E4A83595D9443A7F041C0724CE5588FD4984A6A13B94
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:5
                                                                                                                                                                                                                        Preview:..a...~.....l.[....8.$q.(.M....<...x\.&..Z..o6.b.i..O.J:.Tb2.}.T...Tz..9c6T.Z..&a...Pe.)...mo9.Zv.......q.!Ay...(..........f.....Q;....].".@QBZ=.<.....Z..tF=..`.._....V....d......*.q.U...B._.h...F..M....1s.....i~..2............P..zk..k.A..m..tTJ..w2u.{.5....WP3.....+.....`,k...1..7n....m..a.f. ..-.....W6t....b.=...Tl.ah;]"m..{N..i...*.......=eL.B.......4.H..X%#.=.@.x...Z.k..Z.>z.#....M}.m.#./.(.i'./.~R.w.......fF...o...a..}......:.0}*.{....NpO...<..F9"....i......T+vH.{[..V.......s.Rj.Gz@.......... ........LQ....@js.{cWK.8......~..*......%..2.S.s8..W\.c)....#.G.x...I.)^/.UG..GQ......7.....>FA......Z...R.......Z....xG.....u..N..'.~'..e.......]-...m.F.....g....!.?K.s[.;*.Hi..L.Zd.PwMN...~:........E..$...iV_.(+..F.F(...$f....}*k%9... .h.W.4t.?...PV..z...,Q.[.>0....nR..G.q.....u8...0J.`..U..P.W...M`.=....=u.aP.rh..Z.u\..K..u.]Q..u5..._=@.L....5..a......!v3.I#.LI5~,..la#.I{....~....=..ZU..."vW......:......... ..Z...E.P.=B.6..t.7.&....

                                                                                                                                                                                                                        Chrome Cache Entry: 319

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):32253
                                                                                                                                                                                                                        Entropy (8bit):7.958742758880246
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:qlZSdg/54N7sPO7M1CdzlwoOqUrk6g/BrvbisG:cgp7sPOwYq36X/BrfG
                                                                                                                                                                                                                        MD5:5100441802FAB75DBD3AD326C8A872C1
                                                                                                                                                                                                                        SHA1:CFE25CD0CF51DC68788F53E51F73B852185997BE
                                                                                                                                                                                                                        SHA-256:4A071501E44D57A20ED004EA8AD1489E76E6E5C2F9DDEC5B38DE731D25B0F9E7
                                                                                                                                                                                                                        SHA-512:946AA06336F4ED1532AB4876FECC3BA72F30E43815ECCBF1A18B72E434C9DE6FD13BD0BA1400572EC8F85D0A1BF0146AAF1FFFE5BBA6712CD8852CB63D9E9BA5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-yd.e89120ca.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE...6p.............=l....b..6p........<i....................:r.;v.9q..........m.....k.....j..Z..(Ge-Oj.KD4Jgy.........hi.]YbNg.................................-d.........................................................<t......<`....{...........I.............>w.r.....Hy....j..t..1i......./Vr...U..k..}..[................WVG`...bb.[[..z......'1Me.....F.(.............{......pl\.............@Y.....z....M...gc..............+..Sj.>bz.ws.QP...\#-.yp.....#A...Q\...D...........T...[Kf................GG...ai...prEm.......3S.dx.l=O...w....et.l-6;Ke...i_..JK...n........|}....Gax......drtSd.sh..is.9A...bL.....r.CG..}..Ax.7..V..l}V4C......9]...OV....y....%F..Sh..E'4.v}....j....u.q.,.~..t.D.....L.f...h-..`...-tRNS....(..-G..h.V..G.k.......y......}.......Jm...z.IDATx...k#G..p....v.&..c......h.Xv.XX.[.$....1Ar.^U.B.R.E......1.\...u..7..;;+....H...;[..?=....^v.i..f.i..f.i..f.i..f.i..f.i

                                                                                                                                                                                                                        Chrome Cache Entry: 320

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32
                                                                                                                                                                                                                        Entropy (8bit):3.702819531114783
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YA/JHaLWAiI+7n:YABHAWAiLn
                                                                                                                                                                                                                        MD5:07AF6F1DDC7312D27CB0B3EC3C6A5F11
                                                                                                                                                                                                                        SHA1:E14461D6C670B627DD5F6ECFDF493BD9B28A39B1
                                                                                                                                                                                                                        SHA-256:851404A868D79418E64C0C164C587EB92B651B44DD5B0DB6544E7E797246ED7F
                                                                                                                                                                                                                        SHA-512:BA3CF0F7367C2CE4D1E44353A72FB6B479926B9142B8A895FC9569EC1EC3FA0EBB844038873E76B90D93BB4FC60F65566A8E21F1CADAFB08B311B6A98822E285
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"error-type": "unsupport-type"}

                                                                                                                                                                                                                        Chrome Cache Entry: 321

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):35304
                                                                                                                                                                                                                        Entropy (8bit):7.9742668972721615
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:Pd24VoXv9aJJwRIzzDxsm/3WK1zKsZv4mOVSQeEdeCp+i++rR3Es:VZoXv9Awy3/xzKsemtS+inEs
                                                                                                                                                                                                                        MD5:D9EB20D6C7B9AF71AD3A9E5515549A0E
                                                                                                                                                                                                                        SHA1:0297B88C948696F5B2FD0F01C8E10E08A99ECFDF
                                                                                                                                                                                                                        SHA-256:55976AB7E3177781BC697F893592DCB27EA70AB35319B29112DC51565DC96DF5
                                                                                                                                                                                                                        SHA-512:6C95C668E400B7788BC30A8254B681FD1874A49A3DE4B2D3630D744772FBE5906970279257E8F4BBD2F66F977819915E76447DBA8C94D989939EA7E05F27BD4A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-xx.0c154e87.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE...D61=52;514/-:2/=54.~q=1,?3-"#$'&&E6,)().$%&.jW...ycKKHQ......qhq...{i4..{q7.]..qhq.TC...~s=...s.}.w|>+ @-!C/#9)!?-%D1&<(.6&.......:,#3(!&..2#..........#..H3'-$....*!!/%%. ""&(4((+02046......%,....+)+H54;235...........49;...,..C11:,,aLMM98I=?..`h_dA68.. K8*..[S>=`Z_..:=@rekgQQ]GG....WCD.......'KIO^SWlWXBCH.4".@--SPV...P..V.....MXJNsoq...cOCF".......s]^......xvy........hgk........K................~........r?...................................zB.x..W.#-.......y......"2C.wK......^]m.ws......pX..}dMD(t`-yh:.asJN1;J..S/1hjz.iBF.......JUf5.....{`7;...XN4..XF!'..M..i.$;.RW....weT):HZ..S..m.EC...w._S...n0..._f.og[?.qf..........wQ..@.cV._E.......{w.on.m.!AY....hf......-6.y..vtwhK.W_.x.k~..I?...R)a......&tRNS..0Lc~......&.M.s.@...b.....e...E.....qIDATx..=..Q...f.1.-....iB $a7...u.A'r.8.....N5..`c..'...[.._.s.;.$Y.7i..u.1..3.s.{.DLLLLLLLL".L.R.d"...L.3 6._H...r&..U..T*.4_...d|

                                                                                                                                                                                                                        Chrome Cache Entry: 322

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 537, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):53918
                                                                                                                                                                                                                        Entropy (8bit):7.967764757896754
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:J0sY0OWIXy1iBm14ZDl453WtXIFchYgIoZkmiHS:nriA4Zu53WtXI8bkVHS
                                                                                                                                                                                                                        MD5:8A85AF6CFFF1363A4E9929184FCF95BA
                                                                                                                                                                                                                        SHA1:AB3AFA199DA9B52067B4EF608AE3392BAB51FD69
                                                                                                                                                                                                                        SHA-256:5A45C326B7F38945F2DA4CE282C29DC36C995EF27AEA10C057F051EB1F54021B
                                                                                                                                                                                                                        SHA-512:63EFFAA3BD0E8EC916A289ED73D520414D4AF5E1E942D54CEAAA4501499060B3D04C51B56F2736251C064CBFAC9A51825041F4FA99934CF64F9A413E1FF7CADE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-5.497658cf.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............%.....PLTE...............nno....................................................}.............{..}...................................................................................................................................{...........................................................{.....................w...................................................................................~........................................................................u...............}.............r....q...............}.................y.................p...g.........w............h.............................|.[...j..}..R....T.U.qL.jB.so.W?..Ky....tRNS....T2....v.n...%...>IDATx...n.@...ibE...AH.^u.&..KT.bW.T..]@y.n`.H..X..#..[.9....3.q.m.6..7..g....q.D..A..A...C...X .=..x0"....}.(.Z.:..)#V...e...N.i....5.....r4.[.R..Vj....

                                                                                                                                                                                                                        Chrome Cache Entry: 323

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 362 x 362, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):13803
                                                                                                                                                                                                                        Entropy (8bit):7.936047500471041
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:XToMW/+wWSgfERy/c2BT7ESs8HaIcHQDsZbW4K:jW+wrg8YBUIaIcHQYRW4K
                                                                                                                                                                                                                        MD5:81D7CB8BD7DABF68B4708E360C1A3AF9
                                                                                                                                                                                                                        SHA1:B37EDE8F179BF294F55D6E8A7F3A6E485D17FCDB
                                                                                                                                                                                                                        SHA-256:32C09443BBAD070BE70434F6677AA6526231809752E1351C7408E2902C5AD858
                                                                                                                                                                                                                        SHA-512:739898A682022545643C9A9320152E0A4E94432FADDAD13E2BD2763A634518494E7450DA39C627F7E0923EAEDE3B7DF185BE7D4658DD15BCEEA7E883CBD97257
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-1.31d4bb78.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...j...j.............PLTE.......................................................................(............................................................................................................................................................................................"................X.........................................................................................e...................r......l.._....`............z......u..q.................._......Y....[tRNS...... .@ .@.@0.._..oO ._.`....p .._O......`/........oO....o@......o..... ...l....3qIDATx..............................].{m...x.fP.>.U....){..p..b.......(..y.C.&..._9'......'..{.p..sn.......90@..z..W....7...e....O...........O.._/nN......8.M.h.y..........G.O...6P.Nq.B..h...O...s...t..c........Xk.~.$Ib..~.....5.P....^.1.&......`x}.. .6*.g+.E....n...6.....Eib2:..y..M....)7`.i.h....(...Ug{...s......c+)mm....V..,.lw......<..4....j'=...5.......u..62.."...4<..

                                                                                                                                                                                                                        Chrome Cache Entry: 324

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (62187), with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):62187
                                                                                                                                                                                                                        Entropy (8bit):5.84513499936295
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:qTJRlK3pktZsuMiaMdy9JXpVu3tLIuVc73Yim6Wvx:q7Ol1sq3y
                                                                                                                                                                                                                        MD5:72CB4733B9AF2F043D244DB24FEDA0D3
                                                                                                                                                                                                                        SHA1:2763DD0578C83BE10354A52C4B799F361F7B829D
                                                                                                                                                                                                                        SHA-256:B91121EED2E4D0DF49CBE36BA89B6AED4FCEB135658AAB983B2CAC6F88825BE9
                                                                                                                                                                                                                        SHA-512:212F00F0314206D4B42C8A9C44B3752781D35AC7A6B73D48512B25BEE3C76CC04A154682D983E67DE906AF32ED25FC865D727F64E5F87FE48FC9D02ED9A811B1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/pc.5c234203.js
                                                                                                                                                                                                                        Preview:!function(){"use strict";var e,n={3334:function(e,n,i){i(6992),i(8674),i(7727);var a,o,t,s=i(5010),c=(i(1539),i(4747),i(3396)),l=i(6623),r=(i(4916),i(5082)),d=(i(5306),i(5322)),u=i(5678);!function(e){e.PGIN="dt_pgin",e.PGOUT="dt_pgout",e.IMP="dt_imp",e.IMPEND="dt_imp_end",e.CLCK="dt_clck"}(o||(o={}));var v=function e(n){a?a.reportEvent(n):setTimeout((function(){e(n)}),500)},m=(i(9653),i(7139)),_=i(4870),g=function(){var e={hour:-999,ignoreDangerousSet:!0,path:"/"};[{name:"uin",domain:"qq.com"},{name:"skey",domain:"qq.com"},{name:"uin",domain:"im.qq.com"},{name:"p_uin",domain:"qq.com"},{name:"p_uin",domain:"im.qq.com"},{name:"p_uin",domain:".im.qq.com"},{name:"p_skey",domain:"im.qq.com"}].forEach((function(n){var i=n.name,a=n.domain;u.cookie.set(i,"",(0,r.Z)({domain:a},e))}))},p=JSON.parse('[{"name":"\u9996\u9875","path":"/","link":"https://im.qq.com/index","pgv":"im.news.homepage","datongReportValue":1},{"name":"\u4e0b\u8f7d","path":"download","link":"#downloadAnchor","pgv":"im.news.do

                                                                                                                                                                                                                        Chrome Cache Entry: 325

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 407 x 934, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):78538
                                                                                                                                                                                                                        Entropy (8bit):7.964424423912686
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:rA1yRNxe26Z8Z/A+rjLPBKzl0xiSvmefztDB9Diq2/Be+VM:qyM26ZH+f+l0xVXfzP9Oq2ZM
                                                                                                                                                                                                                        MD5:C6065B94DEC27A8E1D605F66A8918E4C
                                                                                                                                                                                                                        SHA1:9C1FD60BC378097091280F9B1F3D00AEB84DFB7A
                                                                                                                                                                                                                        SHA-256:12CB698C715DC67F6FF9C487524DE81FBA578F0F31B6BA1B7914945707789018
                                                                                                                                                                                                                        SHA-512:33BAB3EC2D3A38F099DC4397357EFE30A33101D13B564CEC590DCC0BA0A55C0EAC2EC33DE7BD5115C36235A7D2BD9303D08BF96ED7A43E6C756CD334C947F73C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...............(.....PLTE.........[XZc...rq........................<dw...........pgd..........`...je.....eX...[SX5/,..@..jE..-+#............................................................2+,......^..+.-.........}....................................:.....1.......B..U.....$#='>.........{u...TV....&...v5.......tnL..!}........jd1.....c`......IY....^c.....|...p..XU...................k...........qH...o..`..'..#..jdp.h@....JF.np..........Ve87:..........L.....=<.........`..z...u.......S...T..tXM.A=.>KK;K.~y.xK....u..ilR2).|.cf...u.......LI.dy....tgE:.^Wwo..ay....pe...X.qM.zvng...wz=RA.h..n..WSI|j..U.....g.gc...\6.n.|Lk....2....].xT.....X7~....ID1Q_q.......Ju.tc@[Qy...>iW.....%.c.h......{r.o.k/..td.V......7{..%f....Rt.....%tRNS..7..7.[....Y|...|.[........o.u....?...../TIDATx..k.a..s).B...Q.\..I...K..`.K.!:$uP.;d.....@.......o..K...Qp8,"*..@A..f....y...7g.....>.{....r....^|.,.hl";...<........T*..

                                                                                                                                                                                                                        Chrome Cache Entry: 326

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 162 x 162, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):10030
                                                                                                                                                                                                                        Entropy (8bit):7.969577421383059
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:h08XUPI2MP7s4plUGogmWwG8Rjzqk/sC2EPSRdP0CVLeEuF0o4LnHx8v:hDAuP7gKwG8VzJUr8SoqpumnLRa
                                                                                                                                                                                                                        MD5:1B8B3CD8AF61B7F074E1C8373A382ED3
                                                                                                                                                                                                                        SHA1:342B8CB70410BF48042C7CD65BF61BC8F72BF07F
                                                                                                                                                                                                                        SHA-256:C96B0F69D6FF5DF29E5E17A02F0947EA4D2181E98DB8BA2C9E878D5000BD5997
                                                                                                                                                                                                                        SHA-512:3BA3108036616702136875F20453AEE43995C2E936CEE6BFE53DCACFF2C2F223172FF4CB9114AC45A0359CB829464871FAC6181113E2E89B9AE5001BF2664E6C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-4.8c005656.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..%oIDATx..]..]Uy....@..A.#.Z....bkm.}O...9......}.m.....v...jG.T..9.J..[u..GP....Z....<s..<.=.....Z{.s.....g}w..{...~~....6PPPPPPPPPPPPPPPPPPPPPPPPPPPPPP0......u.&.\at..PJ.@..(Dl."..m%.5T......Ce....L.1;((....r).'..........K@*...b....1.,.......A[..@...D.KirI.m...w...S...4.s.P.,.>{..Y..S....#W..1........T..>"..f-....E....csP....H..=...<,{.L.-((Dd..oE...).C..R.mL.M#B....%SME.Y.j.S....=...z....a..K.o".....]C@C.@:W<.j...#.E....$`.X.......i":/vC^.v"..N...N%.#(..S"..:...W...y.....Q9.-D..0.haD.<.uy.;.D.s.qds%.j...H..TLP*f...ep=.....{h...=........cd%".

                                                                                                                                                                                                                        Chrome Cache Entry: 327

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 537, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):64395
                                                                                                                                                                                                                        Entropy (8bit):7.92416127965162
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:H5RsqmiSid4QcHs+FOSdnqLn2a4DxUN87SPpNe4zWkB8Kbu:H5Rs53QcM6OqqLnl87SxB8Kq
                                                                                                                                                                                                                        MD5:8A0723E83C73C374E0533F2D7FD5095F
                                                                                                                                                                                                                        SHA1:C77826D9C0B50011F1348E5F5898536597C8A39D
                                                                                                                                                                                                                        SHA-256:C27E828138D0259A2D08F53A6133272ED0FCC75586F8A471C10B5CB31615EFFE
                                                                                                                                                                                                                        SHA-512:0C19B333A4BBD9DA75432B5C90C29A2BF0099525F735EA8533699BEEE4AC6A91D7CD11ED915E1E7B6BAA175347D045B9729C9EBA8DEB19D03B9E496BDDAC4FCD
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-7.814d1434.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............%.....PLTE...............pppRRR..........................................................................................................................................................................................................................................SR....................................................................................rj......................................................................................................................][..........................l......~{......nk......{s.....z..gb.|............Q.......VM.Z....yq.vpc.u....tRNS...T.8(9..n........(IDATx...K.Ka..p.....=...H&..6...Yt..D.....@...N.YX..6..!.X....C.|..O..^.w.<....._..s....$.H$..D".H$...f.%./..FTP..hN.t...v..u.c..}......Nq....uW

                                                                                                                                                                                                                        Chrome Cache Entry: 328

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):62227
                                                                                                                                                                                                                        Entropy (8bit):7.985539475072989
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:mhm4eCgiAhaEqHlzLnx5X6Hz/byL3nS+eA/UMZ+kIdoup5YcyxEdgn6qPoDa:mh3jNRLDS+++e9IQp5cEdCQm
                                                                                                                                                                                                                        MD5:2C24916FCB318129CC24AF2A9ACA8D3D
                                                                                                                                                                                                                        SHA1:F7814B79D0EDF290A36B9C3BB12EFE5E972191B1
                                                                                                                                                                                                                        SHA-256:3375D3627D1022D14AED431ACC3495F376AA40F2C71A2FEB0AD1B5524615666B
                                                                                                                                                                                                                        SHA-512:C7967C2BCDC955D524DCE80FBB9A1D547694B5A6085B8DB5D297EC3410DB97DA37C300ED284F73FC45127FD8079FCAF515A02D540C086A599A72F3682070C6A6
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-5.fe6684a7.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTE...epw....#%......(.1MV[AIM29=... $&..........................................(.0....%(#*,.!$&+-.. .."!')."$*/3+15........ ',/.!"9@D-4829=/6;$)*.#';CF6>B<EI...?GL (,!%$4<@$,0...P[`DMRBKQISYKU['/3GQW078MW]AINR]cEOUU`f...#'&NY_(*(...\ir.44..... ...Wbj!!.....z_mvYen6<<q}.OWY,-+my.$...~t..apz/1/alqx..dt}|........KSW^gm..qju|......V[[;><597...HQS...m..i........d=B@`L>.....vBGE.._x..fw.'%"s..U_a......o..[dh552n..j{.+!.FLKmqp}.......u....X1' ...82'.........bed@81...gki...QTSvywT>5iNC\C9.....7*#]`^..zTK:.....MNN.........oSH......=IPM91@/(vXKHA0......HC=G4*...................`SI....pa|.........w...|]QziI...aTMKD'29.~ewn`....i[.........m.wVb\Rj]C.xj.~WXYSTRH...........p.....cmcX.pO.th.......q=P^...2AM*9C..{J]j+=/..z...D &......Z&-..Pj~...{2=.L].h.5p.a....tRNS0.OO........A.....IDATx...k+e..z....!P[1...%.S2.8.\$...H<C...L80......8...F.....Z7n.`)B.)..!.{........%Z...o..i{...y......s........p......S...,F.?W./....]........A.......

                                                                                                                                                                                                                        Chrome Cache Entry: 329

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (65462), with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):70935
                                                                                                                                                                                                                        Entropy (8bit):5.430529487250691
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:hMbVPfhLTXrJk2RbKaUgEKCDY3P3bgAkn8:hMRf5bi2NJhy8
                                                                                                                                                                                                                        MD5:11524DF85EBD860F62B9FCF12E871306
                                                                                                                                                                                                                        SHA1:00726F7883F50D46E8448C8672A8E925DEF26A20
                                                                                                                                                                                                                        SHA-256:DDB778C06C7567906A7A2A8F60132EF81EB97C93BC939A83DC5B273485A4476F
                                                                                                                                                                                                                        SHA-512:67344BF5F821BFC5D0DD47045E323879763F833473A6C09AD1BCF8E4C25A9A76176B3C1ACE8BFFDA1E2462E3D3BB2ACD035A2ABE977696A5B5F7581E559A5368
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/library/latest/qqapi/qqapi.wk.js
                                                                                                                                                                                                                        Preview:!function(a,b,c){var d=b(this[a]=this[a]||{});"function"==typeof define&&(define.amd||define.cmd)?define(d):"object"==typeof module&&(module.exports=d)}("mqq",function(a,b){"use strict";function c(a,b,c){var d;for(d in b)(b.hasOwnProperty(d)&&!(d in a)||c)&&(a[d]=b[d]);return a}function d(a,b){var c,d,e,f;for(a=String(a).split("."),b=String(b).split("."),c=0,f=Math.max(a.length,b.length);c<f;c++){if(d=isFinite(a[c])&&Number(a[c])||0,e=isFinite(b[c])&&Number(b[c])||0,d<e)return-1;if(d>e)return 1}return 0}function e(b){var c=window.MQQfirebug;if(a.debuging&&c&&c.log&&"pbReport"!==b.method)try{c.log(b)}catch(a){}}function f(b,c,d,e,f){if(b&&c&&d){var g,h,i,j,k=b+"://"+c+"/"+d;if(e=e||[],!f||!Q[f]&&!window[f])for(f=null,h=0,i=e.length;h<i;h++)if(g=e[h],a.isObject(g)&&(g=g.callbackName||g.callback),g&&(Q[g]||window[g])){f=g;break}f&&(R[f]={from:"reportAPI",ns:c,method:d,uri:k,startTime:Date.now()},(j=String(f).match(/__MQQ_CALLBACK_(\d+)/))&&(R[j[1]]=R[f])),C.send(k,V)}}function g(a){var b=

                                                                                                                                                                                                                        Chrome Cache Entry: 330

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):50879
                                                                                                                                                                                                                        Entropy (8bit):7.967083991413486
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:oR7CA1cJ1DCqnNBIrdBIYEMBLtUwpl5N+DHhMAgrL4XWQ6iHYoi2ex5d:oAbTOqN6v5EQfl5iHyrLGpHwF
                                                                                                                                                                                                                        MD5:8A759A3A1692424032E47211CB421A5C
                                                                                                                                                                                                                        SHA1:85D3835506AEBBC06731C140E211BF287DF67E7E
                                                                                                                                                                                                                        SHA-256:77E97533A708391B5ED096E28BA09837B4203FF78FE08BCB02943E89CC5960C2
                                                                                                                                                                                                                        SHA-512:75AEAC44D2F3125C263DA6A51C47224C09498800AE0DEAC536C4C18750255FC7F4DC0CC58708C0FF39CEA2BA2EE4E10AE6EFF30727C1C5FFDA9322C250F3D82F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE...............nnn.........................................................................................................................................................................................................................................................................................................................................................................................................Y............................vn...e...z.Q............l.........r.........e.P.I.....y.._....b.P.....Z.....................z.L.....k...M...~f.K....O.J..K..Y......w...s.W......y...............rW.ZxS....r............ts.i{.........x......x.#.....tRNS....T2..n..t......-.t...YIDATx..r.0..&.....r.m..........i...VOz.>bI..@...^.Z-.$.[6./.>...A.R.T*.J...>T...L.R.'. "O....@~..o..E.#K.:q9v@..v....no=V..t%..._...qv.U'* .

                                                                                                                                                                                                                        Chrome Cache Entry: 331

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 121 x 121, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):11928
                                                                                                                                                                                                                        Entropy (8bit):7.979219128250882
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:2/jd2qJxm3HMTF7TNctutuR9M6ENgVtddfaf63Eq02Kor8PCacHKHJDSy8dCHhoS:a0qHm3HCTWNRPEwtTafQEkrYCappDNoc
                                                                                                                                                                                                                        MD5:3D023D568DA1BC239AE899B20FC628A8
                                                                                                                                                                                                                        SHA1:5397E59CA33DCC761656B612F3CAE2EF3A50051C
                                                                                                                                                                                                                        SHA-256:DB08AFC5E482A6E2F40C558F064600E84006A9C6945BDAE6E2FF63CC5A464EE3
                                                                                                                                                                                                                        SHA-512:17C1177A9213C5DFDF35F5FDD12A7668FF8E76AEF1FA615EF208AA6F0473ACBA5EBBF3B75AE10D0D04DF78230EDFF7FED046D19F424896118E485F74D6DE8F59
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...y...y.....*$~{....PLTE...19_#';Z\....28d...NR.%-P"&G#,Sh..3>d&-M.!<=Ix..3KQ.<C.H[.:Dq......;E....*+;..*."1,->...%'8)&4..%#%3;5C..!/0B..,-*7A8F1-<,3L %E%,D.$<71?.$5#)?18Q. 8>B_)6VHS|7Jv=N}0?j6.8IRs7>Z3Ab*/G33F-:dPX.=JlAGeMY|4Dm@V.2:W%0NJZ.,;]Q].&-T86KHb."(L7FfCP.Tc.=O......278_F=LFS.?RtCJp...q..@[.n..U`.w..G_.a{.1AtKO.BI.4H}Sf.GMi9<i...&1[IDT:Cs+4b...jy.^m.<S.Sf.>FzEc.6W.]c........er.Ji.% ,g....Xo.\h.==S`..Z{.Yn.Tr.e..Kv..../7nQt.7H.~..O..Mj.N[.[Q_.....6?zTJY.....o.....s..r../0[...^..kz.]d....|...jt...&.......Fn.Ab.s^k......|.......}.._....Gk.w...|..^i.......Q.....^x..x.jk.Z^u...Z....l..d.......@T.8d......fXg......l.......SQi...@y.P..Sw.qt.n......kKZ...`..y|....}huT<L...eu.p}...o..Y[.O..C.....d.....w........P..Ph...........Rz.T..Eo...~yg......7G."-. .=....tRNS.?@>. ..o..>....s..g.\xg...+.IDATh..kLZg.....g.:M.....=.@.9....Vn......a T...Sg...M;...n.......%.s.R.nV...~.....i..>.9..........{....Iz.../l..QE....E1...d..;Z.6.M.

                                                                                                                                                                                                                        Chrome Cache Entry: 332

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 183 x 183, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):8642
                                                                                                                                                                                                                        Entropy (8bit):7.952672161123514
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:OrERR6bZLvG4vapsqAXnvOOq3I1kTxXS9q3eBJV:MERR6bxfip/AXnvDl1kFXS9quBv
                                                                                                                                                                                                                        MD5:2084BBD39F76B48EE1F28B841151E2FA
                                                                                                                                                                                                                        SHA1:F669FD2C8219FF8A9D1035CA9B89524AF3FB55AC
                                                                                                                                                                                                                        SHA-256:ECD9602F5FE036A031A7FAC1C9D862B3873F9EA20A7D8E93234BBDCE7835CFAA
                                                                                                                                                                                                                        SHA-512:1A9DE8A43A438D08FB9B907DA8985B14C83D7A9AD9BBA606E10B6641ED65C349D34A99E4CF11E3506ED33B68EE5AC0428B8A83FBEE7D5B1EF2D8EA3B84909309
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-13.f040bb44.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............g.?.....PLTE....m.o.v.t.p.x.w.n..}.u.x.|..~.r.u....x...v.v.y...{.x.t.....}.{.z.{.u..}....v.......t.u.k.s....v.v..|.z.w....t.y.v..t.|......}..}.m.t.s.r.h..|.q.k.w.n.l.u.x.k.h.j.f.{.p.o.n.z.u.y.o.i.p.q....v.l....w....f....j....p.............n.......{.r..}.......z.q.u..........................~.r.y.t.x.q...z.t....~.l.x.p........r.....m.....{..}.|...........x....e...............................t............x..........o.z.x.....9tRNS...... ....@0o.`?...............^@...o....^...P....O.PQ......(IDATx...k.p..........."..S..$-.M....i...R....... ..A...>..............y...Zk...Zk....s.......-Z......'{7w.T.....m'.F.V.j..N..I.Zt...\S...~.,.V}.f.Q.^..N..\|}.w..w^...y>..,.<=..c{b....t.-.._...l.y.a.Y.;....9..E....=..V.n...?.F...O.,r..h.LM....t..z.m.......u..&..3@..fj..4M....0`..y.}l.........k.)....^...zf.....#-....^..0.$.Z.=.r.o.

                                                                                                                                                                                                                        Chrome Cache Entry: 333

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999545735665038
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:5zXEtu3/GGuWjLScbxuImWAL9vzxwG+wtCBr+f0nLJ:5zUtuv7uY3EImV9vVtsCcLJ
                                                                                                                                                                                                                        MD5:F3D39AD8A2D3BB65C824D0521D7129A2
                                                                                                                                                                                                                        SHA1:9D63743B4FE5F792F71F2A5FD6A1BB44620DEB9D
                                                                                                                                                                                                                        SHA-256:2C8BCA5B51A5BBE36A244FE8C348619F24456BB77BF2D7B823C834098FA7FC8B
                                                                                                                                                                                                                        SHA-512:29D0B7889573EEEB3C940F5354DB3A51D750148D1B16B1B67AD5F5086953D84C8A443456DFED1923CC87809EC86EF4E3820BBD60C9E15BEE196A2B45E62A4C59
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:9
                                                                                                                                                                                                                        Preview:` ........6..]........3....-C.).T..*.._....~.;....C1........}.....t/.Rp].j.]..bx4..T...|t4.....t..}.;.......Q..@..}.[%.i.$.q....Y..1.....V...G.6.k...~.{j...y,.... ..%J..."..{..=wv(.i..!.o.T.j,D3..i..i ...rD.........R............?......h.w*|Z....Q1X.k[...:e...H.Z.X:...Cr...@.M...}...3=..4..b..Wo....Na...|....oO.Z..b..0 .y._X...|xp-.7#...2..>.....s..$...hSr..d....;8V.Wf.Mk5..n.../W[.......S.?...K.c)Z...!..^...q.k...1.&..........wW.+....".3.h.&..xC.......M...e....pK.....qQl....p...~....e.....H....++M].Lg.H.[.a.....d.G.._ .&i..<.C^.?.K..W~...Q5..a.5.]...@.y....<]...!O...s.b...+.1.D..n3.2.T.)..w..--...K.?."(.|..7........"ocY|Vwss.LYWT..t.A.6.P.L}CY........TE.I,.p~.>Y.{!.'jD.asBq....!E.Gi........".._.P...a..C&.~...>..n..-`D .H.m..B.4.....g.]~...=..tA0..5.w.f..b.,7...e0.3.~..&.:T.......Q.%.0.W\.eM.5<.\....).n9..gy..s....~2d2.l../._.SclH..I.../.../5e..f1.*..>b.Q..o.~.........6.........N#...)>..'.5...Ak.y.s..A.|...H-....uk.4...4...p

                                                                                                                                                                                                                        Chrome Cache Entry: 334

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):51873
                                                                                                                                                                                                                        Entropy (8bit):7.968557639453807
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:afHKI/Bmgg78vFEHKylfkh78l6I4rYZiPNuy4mSQ:afTygvKHzlfJ0R6wNumP
                                                                                                                                                                                                                        MD5:238BD5795EFD5FD2EE4E924284380331
                                                                                                                                                                                                                        SHA1:296610E9718C251E598D7DCFD678731062CB462A
                                                                                                                                                                                                                        SHA-256:7CEBE60110934A5D549FFFB715EEFF864148A060CEE43D9C4F8E4E6432CF75F1
                                                                                                                                                                                                                        SHA-512:12DB23012CE0E817BA2BBA70E2F237229638CF2E763C9284DFE2D950E29321C0AF9ED32F3AE52736D6A94FFAC99E254BFE528A7B5C60A887CA820093CE459AD1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-3.13d69f7b.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............zzz...QQQ........................................................Rx.......EY.?W.Nw.Ty.He`Mid...Wy.LfaDb^.......@_[.........[z....Rmh...Qje........>\X[(3..L....D........>Ib^........H...........D_[Wpj....Y?E.........P...;S.8XU....Q^......b}.aCI.........=YV..............Lu..............R..B........s.......S-4............\.......q.\PQ?02]g.fMO...nVSv][....i.......[_sn...`4;.{.......feM=B..<..{............u.....................3SP......~|..j..]...B<...|..rp....~.qq..V\.b[`D"(njiug......rH@........mh.......{.lqyx.....H@].......P......J........UG[.....cW.BFz@M....{.....l....{O....................kR........w.....~N....mA........{.....TYu}..s.....|k.`HMnw.......y.O..GD.S..K......tRNS.....8S).n...q.........P...;IDATx...r.@.Dc..ecW..J.]...{.Ug.:.7./.FK.L.....D8.. .o.zzgV...r.\......*....+<..~..g.7...T8..._.2..Eyu.^.....[.Z,....%D..7.]..w[..X.Ti.],...v..r

                                                                                                                                                                                                                        Chrome Cache Entry: 335

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):49
                                                                                                                                                                                                                        Entropy (8bit):4.57349453781615
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:vA6eihKyWMSz:Y6e8WMSz
                                                                                                                                                                                                                        MD5:694953902603885864ECC3388D5C2BFB
                                                                                                                                                                                                                        SHA1:183D31BF7F93C6ECF488F24C32992720F525085E
                                                                                                                                                                                                                        SHA-256:D20D84B7545FBDE8CA7E28980FB446300A4C22D0E762A0061B66AF0B0790140E
                                                                                                                                                                                                                        SHA-512:26EB1EBB1E46A0660B46C3574FF9484306E25726431D372A57C85E94086912E184CA7992C417D80DA800FEA5B0FFA68539E215C3ED2B6C39402AC994F6BBECF3
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://v.qq.com/cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1
                                                                                                                                                                                                                        Preview:offline_log1({"data":[],"code":200,"version":-1})

                                                                                                                                                                                                                        Chrome Cache Entry: 336

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 192 x 192, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):8656
                                                                                                                                                                                                                        Entropy (8bit):7.92130568188592
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:ttiyvyaJZmXxqcioeYjWxzXZYl8u5b3Xz0BuRt6YdFrXyPceZtZa:tt+moh6YazpYl8u57zr/dFrXyJDZa
                                                                                                                                                                                                                        MD5:3D7CAD41880113413785CEB9C6F43B13
                                                                                                                                                                                                                        SHA1:EE01723D87F3FAE441A9B2D9F85603D2FEE1EC05
                                                                                                                                                                                                                        SHA-256:1C3C44EEC0F0D1D19FBDDBA0917A23A9EDE4E4D6D53B039D616BFF46A6709581
                                                                                                                                                                                                                        SHA-512:10B6041AD99B457CFA99D67CC4074E52FBA5E26EFABF7BB45BDF2A12D724854D4EA184354A1ED0CC7A23E10802C83CD5DB4CE50FA1B5910CA20BA6D3C9B25731
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-28.cf48975b.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............e..5....PLTE...E..C...~a.qA..C......|.mB..C~.C|.C~..{.sA...O}.A~..v.~B~.D..C..O{.B..N..B..E......qM...B~.G|...B...D|....C...C}....~.v..B~.B......C}.B}.C|..C..B}.@|..B......C..B..Bz.@}......oJ..lJA{..lI.~.~....x.Kn...vX.}[.oL.hG.qRM{.fj..mI.h.nK.....n.FU...qP\j..rPF_.ol...]^.Zl..gVj..nlo.v.mk..m.p..u.......}........P.....a....._..W..N..^.....]..L..S..V..[..Z..J..U........H.........................K...........P.........................................{..........wG..............I...............................~F.....I..........|.....v^...`y....[..]...i..k.d.{.k.~]D..\..[w.dv.iv..xT....pU..\..y.z..qpv...q.|c]..yx.z.Po..vT...~.o]n...vqm......f.....zWy...w...M....G2...wtRNS........)...tI...L..!4...).......R..... ..>.n>...5...c.~k...W...[.^......wf...~...B4.........hXU......RNI.j...P..[....IDATx....k.P..p...b..:....S....^..0.......'D.%..0...m.:..

                                                                                                                                                                                                                        Chrome Cache Entry: 337

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 688 x 934, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):94725
                                                                                                                                                                                                                        Entropy (8bit):7.9541927351780926
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:qR2+4tfZ8/+N1VYRiY26fwtwdnljQatc0xvwPYld3/JEqMpDg3CiThcY/:62JtfZ8i8EJ67IMc0xvBld3/uqMpU3C6
                                                                                                                                                                                                                        MD5:95A95007010FA30BA35C88F23C05F5BB
                                                                                                                                                                                                                        SHA1:AAFA96CCDEA967AC0B01BC6AE05386ADBF7C6CA7
                                                                                                                                                                                                                        SHA-256:9053033D37404F80449CF72C06F0FF9DC7ABF1CC7678749E0D645306EADA664C
                                                                                                                                                                                                                        SHA-512:4E6EE304A378F8898DF811B6FA5611ADC22ACB10C7D9F3F96F001B0165A2E4E6E98B02DFF4FDE9CAE4D878F9493389D6883E2B7C665AF020AADE71C7E7D923EB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/girl.031060e3.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............$bV.....PLTE......^`....V\}...FJl...........................P8Dag....CBa......VUwej...................<>cN...42P........................................................................................~...............................WVx............jj."Dj..................x.....qp.......77X?>a.......ed.^]~PNq.....z|..............4..................V..vw.//N...W........xq....&&E................pj...*KHg.........SX......~x.Q.....IO|...................C..'Oy5...t...BGp.3Y!.9......../\.q...........E..]b.hau......nx....]..9i...............J..hp.`.......T....._k...A........|..>..Fw..4{.....l......px.`Xj...U.'4..{l.zti.....la(..Q..ZT<..n*/.....:<.IG.kd......e......q.i.....ZT...sv....n{...~^d.cb.;>.7R7......$tRNS..';JgktL...d|......................n.IDATx..=r.1...qck$Wn.q.E.^...]\0...7.yr..Ke..V...!..o0....;..x~9.....o....|~zzz|x8L&..]....Y...%........iZ;./xx:...wS.RJ-Rk.k....

                                                                                                                                                                                                                        Chrome Cache Entry: 338

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 288 x 288, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):20188
                                                                                                                                                                                                                        Entropy (8bit):7.96819634126776
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:IToO30LgfBM/XFvwdIOnPI828bN8iXF8GRlCjhjUX056yZaxdd:Ij30MZMF0nPYiFi1UX0IyZs
                                                                                                                                                                                                                        MD5:8E76F959C9AECA3A6E98925F144534C7
                                                                                                                                                                                                                        SHA1:32AFA8E3D4AE23A247F4C4050A78DAD8CD94EAF3
                                                                                                                                                                                                                        SHA-256:BE75A2541B9C61B869386FAD474A462EEBD8B735771B5F79B768BC09D9DE8897
                                                                                                                                                                                                                        SHA-512:A62295B6307C15486E5BC88389E14B51B7AAE52503C74C652AC6B2E7B3CD4299908BAFDC2E1D08DA5CFBA1DC3C290FD840A8796A4AD401E4942A0D2B54F339D1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR... ... .....#]^.....PLTE..........................................................................................................................................n.@..................r.>...........@..?......x.?...z.=v.={.@....C..@..F..C..E...t.=^.7w.Dq.A...t.C...m.?...{.F...........J}.H.......N.........k.=..P.......L....R..T..".............K.............6........F........i.<...Y.*.....1.....Qi.:...a.7c.4.......?e.;..w..Z....Q..4...c.5........]..(.....u..hd.9..-.........p.2..+..(..............g..C............;....-.............V.....h.:^./S.$.....F~.9..$...........|.0.........B..1..*.....'...c.8i.3~..........T............v..e..6................\.!.....cc.".....!.....sr.......h..P..%................sr.8...............................*i....z.. ......-tRNS...........N".)..V..wn.^@.e/.4G;8..........g..KaIDATx....p....R.\Z(........;.. ...I..c.P...BDM..>V"..w0q..w....1...Ll.......M...I..sN...g.O<.$....O#L...?...=.0V...W....5.

                                                                                                                                                                                                                        Chrome Cache Entry: 339

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 814 x 1555, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):103063
                                                                                                                                                                                                                        Entropy (8bit):7.978507916796797
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:ItSF0R3ulBWhFvTMnS2OWuYfROEH9+U70kyQ4q:It4O3ubghTMnSouYfzH9VL
                                                                                                                                                                                                                        MD5:E36F69BFAEE8E4FF2CF071430B20D60A
                                                                                                                                                                                                                        SHA1:A568FBF8DD6AF84F794FF8C2C563D9299D196029
                                                                                                                                                                                                                        SHA-256:C6EAC38B55F2A38D1A081EADEBD3BEF2B5DF2A57C0C058BF03F6DB7E496997BC
                                                                                                                                                                                                                        SHA-512:CDB4865B872273AA88D1AF36CA76F60FDAC8BF1BB7BC081F77517AD7D3DF1B142C8FEF0358C45E0BE0BAC9B0452238AAADFACFEE1DB685D24A4E258715F3BC2F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/page-3.f961bc34.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR............."..M....PLTE....C..>|.=u.?..=.................................................................................................a9MMN....................................................................................................................].......................................................o..............................................................mln......]]a...>=>...............dej%%%..........................................VVY...{z{....................pqx...x.............667........GGI.....................H.................~..sv.p......x1.........x}...............j......................r.....................N....................s......uU.................jE..............b^..`.......c>....B.g.J...s....N...iE.wU0.v.I......tRNS......JmS0l.....w........+m....4IDATx...............................sA. ..(u.K...u[ .C........N.EQ.EQ.EQ.EQ.EQ.}.tjy_z.G......Z.......T....o.?zD..(.k.:...`.J..H_..U.\2.3zZK....9S.K

                                                                                                                                                                                                                        Chrome Cache Entry: 340

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 663 x 1237, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):73028
                                                                                                                                                                                                                        Entropy (8bit):7.977889333364363
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:urT1EhPQCfcTCHKzzh8zsdqWnRRizKWu0+uOYW7fHmr35Egyqavi:g1EhZ3m2SqWnzizKW76fHvvi
                                                                                                                                                                                                                        MD5:88B8AA084221F79DA657FB97BD7758EF
                                                                                                                                                                                                                        SHA1:4EACB6530EBEED12AB7F76958994F0F7B08AC6EB
                                                                                                                                                                                                                        SHA-256:306B64A2751FB08944FB822DA042062175033D218C675011DAAE22293DE9ED95
                                                                                                                                                                                                                        SHA-512:3BC9B1C9E6A0E8671E9F598B09925158E1859FBCE1CB1545EA8440AE30249D19A3259932A3DC99DDF0C5EA8758D80B7AB27BEF464E58E4075A2432539015F66E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/page-2.5d02382f.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.....................PLTE....................................................................................................6....003............#$&.........669.....**-.......................==@.......................UUXjln..FGJNNQ.............[]_......qrt...bdf...BBD..........xy~>..........................u....................'...........8...........{L._.R:.................s.....H+)o:......i...4..w..X'......n...O............hS\@;w...o....L..;..V#....RRw...................||:=_.....R.....r...AJkzW[.k<.....9.n....v;?.{r02Q.P.._o...NS..`d...v..`,.gj....kJ..C.ic....3"............o#(..].z@...^...]....zW@....GS.68.......k..|...v&h.....h...........ma{%(B.t..L....Z..L..[b.}..i......:o...=..sX.h.@.......2.....g.Do{....Ow....q.g..".....tRNS....Ihf.+....R....R<.......IDATx...A.. ..P..F+.../.?F.Yt.(....n...&.....................'M'..1...0}.Z.#.7e....)m\oO9..{...TqlC~.k ....}.l.%o.(.q.9.4e...F.*..b.M...`.dJe7.J.l..$.....F_...|

                                                                                                                                                                                                                        Chrome Cache Entry: 341

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 863 x 1584, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1168126
                                                                                                                                                                                                                        Entropy (8bit):7.991501408732424
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:n6hPogblOenlw5jYtfzU2bTUKm4u0RJgjVL4fGqnhOWR8ybDcliMfs:n6hPo2ECS5ufzU2XUjd0TkV/E0YTbDkk
                                                                                                                                                                                                                        MD5:717967BDB03DEE08D45E00C98E1C7835
                                                                                                                                                                                                                        SHA1:997A961C2BCE7A02BCDAF5917B1A331563F19C7F
                                                                                                                                                                                                                        SHA-256:71EBB3BED948A2CF3113C87B8E67592CF0A65A5C6BF8509AA4885837FFAF53EC
                                                                                                                                                                                                                        SHA-512:A3C0DC87699C51412677560A9FAE7EBDA422497257F53872327B32E73B05B1411CAB9A32E72FCCD010DBBE0BCAB0DF39B64F00A507A42C648861B1FBBE654FBC
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR..._...0........A....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6...?IDATx....e.&..:.0.S.$....+.'......C.PwQ.p....^...,....}.Z.B..a.`..... ...LT{.2. B....'.z..... .D...***.r...Q=D...G...]_.../...o..+.Y.O...O.t........qm;.o.K.....{e.9M....}..t.......3....5ux..m.f.......^...s...|.Y......Y.Ke=..w0...R......=.......\..>..t....uX.;......hd.....V.6.2.9...<....uK......y...x..eV....r=&.+...#yH...|a...~.l.<.G.f2.#]8..\....2]._.1...c=.v}...g.B....z..g........./.......Y..s>../9...s..t..}...z.l...^D[/.L{o...cKIQ.{.....V...n.@....2f..4.^6{u.DwV..(..i]/. 9.}..u..i.^...-3....A%_...{4g|.H.<...................-..?

                                                                                                                                                                                                                        Chrome Cache Entry: 342

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):57652
                                                                                                                                                                                                                        Entropy (8bit):7.964391188227326
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:KKhziuz0MtJIeahVKz4q+XhBXKstHTdPTvfdj:9uTMt+PhVKU/RB6stHTRT9j
                                                                                                                                                                                                                        MD5:797ABB2FC14C31278DA40FB9A653799B
                                                                                                                                                                                                                        SHA1:CCF73636603A3151084F28A7F69166B467CA1E0D
                                                                                                                                                                                                                        SHA-256:8CB70E95C6A6914716EDAA23CB99CFC9A52F76860A76636197FDD570103D2463
                                                                                                                                                                                                                        SHA-512:9C0F1AC70FF6E0145AC1C58A0828CDCE0B4189C5BC9CE222EE985D4483CB57F2BBC06C52B8E854DA5F8B2F7BD4339365147847AEF6FA9EBCA673FBC8B0DC7A0A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............nnn............................................................r...........o..............u.........................................O.{B.w.......s............F.{..........t;.v...'.w..xW.z..u..........I.w....ye.....y4.u......}j'.s0.z.XU..............y......._...........;.{....T...........'.}...L...]........_.y.....y.............H.o.......j.x0.....S.ri..x.w........0.l...$.k..n.............r.nj.[...........}..;.m=.....z....]~\........lg.h....Q............{.............^........{.]....7....^.........{h...ge].....w......g.G......F.......G&.........t............h.............d....{.K.f..u.......X......tq=..T...[X..q.........Z..........e.~...Q.+............u.....x.:....}...})0.......tRNS.....2R...wo..s..$....IDATx...n.0.E. ..8A(..d..+...A.Q-. _.M.^{.?...\._..T.G...(FZt..K..~ .. .. ._f......3..7i.G...!....b...3..Z......}.>o.....y...w..o.`....b....a.....

                                                                                                                                                                                                                        Chrome Cache Entry: 343

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):53795
                                                                                                                                                                                                                        Entropy (8bit):7.974223305065804
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:WCCly8m2oGlDoCk89ALyWWN6/d2Ru3t1c:WLly8m7CbmyWZgRkt1c
                                                                                                                                                                                                                        MD5:E45A512CAF1BFECF4C9BB018BF791B58
                                                                                                                                                                                                                        SHA1:7D56230FF5E552C828CEFCB4D1ECF8BDF0062548
                                                                                                                                                                                                                        SHA-256:4DC833994645A107E10E6C346D5C5E72E792E16080BB5831559B1F83A32F0C92
                                                                                                                                                                                                                        SHA-512:DE95613C44D4AF54106BBA642639744D5BD5D25107478F5E540103391DC8F7589F050DB706D9F915AE67F937D06FE89846BB63E0FFF2C2F6BFE5F2D2DDEAFC65
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-12.a1354ef0.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE...............yyyRRR..........................................................lQFhNCD.*nSI...rTI......kOC[F;eLA...XC8dJ>..................iPF...uXN...pRFqVN...G0,]I?mTNhL@>/-......8+(B20aH<........F53N95V?4......aHDA,';-+...x\U...U96Y=:...J30eMHXD@...XHGNAB..N# .f_|aZP51R>9...qZTsUS^B?QDG.le.tX...un......lOL[LL.qj........gRMH<?.....}....zt...5&$..x.....<($..............................|`.........?6;^QS..........L.)..........E!.............kd.....(...|x.ut.tq........^sa^.eR...SIUc@8............|ki."....J.qW.....r_Xa.....}.YG.n[...l.....................z...........kv=$.....lWt./D.".bu...y5U.B6....|!.A].T#.h.....UX.i0...us....Z..?.T:.U{.>...^.......?>....~\......JC.......~...z....Uy....j].....)..{..h.&..8R|.~.;...-....tRNS....7)T...t..qqcFW......IDATx..=..0....`........j...r.4.....+.O..e.].EY......>6.......L...a..a...jx.O...6.&.U@..d.\_..8O0.c'.%3..R..<jH..]L..'....h.].T.!4.z6!.....*F..

                                                                                                                                                                                                                        Chrome Cache Entry: 344

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 627 x 1356, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):73157
                                                                                                                                                                                                                        Entropy (8bit):7.982897369993432
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ZVdrqf5fw1w5hPYHZYVBwJB+eok/PQk3P3dsDhWFTuV2ohO:dMSWhPYkwJ0NoQk/3dahGus+O
                                                                                                                                                                                                                        MD5:3D2EC3CAD68BA80F42BD7FCFAD6628DB
                                                                                                                                                                                                                        SHA1:46404455CECBAE1AD6DC512B516A1E3F2395F023
                                                                                                                                                                                                                        SHA-256:443957598B75DAAD3A309B891A9C0A53DEFCE21D4B0C8AC9AB42D6E03009EC51
                                                                                                                                                                                                                        SHA-512:37BD42C05BF8DD32904B0262760A176A6CF524235EA4ABAF2078F2719C3E81A0B468006BB9097061D3B4637F97FC18EDECEEA8B5028176BD704DDAFF962FECE8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...s...L.....c.......PLTE........................................................................................y..........\........................ ....................LLL......==>.....'......i...........J...........zz}...............................f................................N............U..........................]]_...^^t........ZZ\.................bc{.cX.lkm....XWov.....S...............,0...........R..d...........NJ_........P...............TPfV..21EFCV.........x...WL,..>;N............y.................~...................v..:..........vvw....nc.................Z..........!....tm...........KB.......{x %:jm........yj...u{.....w5............]Ye>>...........QQ.x..jg............@h...nmN.2...iZT......C....Y.....tRNS........f....mIDATx..Aj+G..C .72.Y..2.....A..,l|..M@........|..[..^......|.W...Ii.]3........g..b..hs}..~.^.t..n.2\...f.d.S'k..R....q2YN.6.ou..$...M~.......:g.....1.8b..M..u.

                                                                                                                                                                                                                        Chrome Cache Entry: 345

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 407 x 934, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):78538
                                                                                                                                                                                                                        Entropy (8bit):7.964424423912686
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:rA1yRNxe26Z8Z/A+rjLPBKzl0xiSvmefztDB9Diq2/Be+VM:qyM26ZH+f+l0xVXfzP9Oq2ZM
                                                                                                                                                                                                                        MD5:C6065B94DEC27A8E1D605F66A8918E4C
                                                                                                                                                                                                                        SHA1:9C1FD60BC378097091280F9B1F3D00AEB84DFB7A
                                                                                                                                                                                                                        SHA-256:12CB698C715DC67F6FF9C487524DE81FBA578F0F31B6BA1B7914945707789018
                                                                                                                                                                                                                        SHA-512:33BAB3EC2D3A38F099DC4397357EFE30A33101D13B564CEC590DCC0BA0A55C0EAC2EC33DE7BD5115C36235A7D2BD9303D08BF96ED7A43E6C756CD334C947F73C
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/boy.c5ae9f89.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...............(.....PLTE.........[XZc...rq........................<dw...........pgd..........`...je.....eX...[SX5/,..@..jE..-+#............................................................2+,......^..+.-.........}....................................:.....1.......B..U.....$#='>.........{u...TV....&...v5.......tnL..!}........jd1.....c`......IY....^c.....|...p..XU...................k...........qH...o..`..'..#..jdp.h@....JF.np..........Ve87:..........L.....=<.........`..z...u.......S...T..tXM.A=.>KK;K.~y.xK....u..ilR2).|.cf...u.......LI.dy....tgE:.^Wwo..ay....pe...X.qM.zvng...wz=RA.h..n..WSI|j..U.....g.gc...\6.n.|Lk....2....].xT.....X7~....ID1Q_q.......Ju.tc@[Qy...>iW.....%.c.h......{r.o.k/..td.V......7{..%f....Rt.....%tRNS..7..7.[....Y|...|.[........o.u....?...../TIDATx..k.a..s).B...Q.\..I...K..`.K.!:$uP.;d.....@.......o..K...Qp8,"*..@A..f....y...7g.....>.{....r....^|.,.hl";...<........T*..

                                                                                                                                                                                                                        Chrome Cache Entry: 346

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 376 x 376, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):40507
                                                                                                                                                                                                                        Entropy (8bit):7.961167183634244
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:cunsBJA+Zn8kDVhXUFF/rNRrqgWoAVo1Sedo1czCXW5X6ugWxr8pQLvfimQMK7N:cjBJJZn88VpUXxRqgWocQSedo1ICG56p
                                                                                                                                                                                                                        MD5:DC7EAE4CB33CFD503A7392EAA24337CA
                                                                                                                                                                                                                        SHA1:6D23C2E24E655F16025003BE66EF31FAE0EDF45F
                                                                                                                                                                                                                        SHA-256:1F9114E36F9EF6B3F7B8CE4CD507BDD4AF2DA47178CE5F32402DCD63723ADF85
                                                                                                                                                                                                                        SHA-512:A92D5E4A4173BD2B86BD6258ABB01FB263C6AE125E1DA4644EEFB3522EEC0651F3779B2692845CCE0958E80DC0BC08AD167ECBE4AF11CA7DDDAF5D542BCC788A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/role-me.8d49096f.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...x...x.....iC......PLTE.....RUI,*.Z]l......."D.NSh9:......px.}..bi.~..ju.48.@E....Be...KM.......Ve...~..9......llw.:?R...QIy......zv\AI...l.........NRI...`...q{..............D..B.....=............................{..w..k.....s......................m.....e..l..|..q..r..`.....~a........................xX................njPxqR..vtb..x.....idF.....}......_cX.p...x]]B*.#........hmc..{{m.....{.......b....)..........o.......i.........."...Y...x.........HM7....7....|......d.X........`......O.".....*.|V....~........C..&$....._.Z[....".27/.-...M[X........s...Y....ki........../.cu[a........X.&......XG|-9.=........{q...OM.K8Gw:.BK....0..3 .....mo......{h.C.|.....}j.._.....D....o.=....j..Ve...cw..b3.ui~...(......I.F....;...?....Ce...;tRNS....%0...N.H..C..r..c.....J.g.}.{.......}...........x...w.h....IDATx..?L.Q..y.......^.q...p.AD.J..I..i..`;4.....$.c0.4..)c..c.M...4L..K.N...{w..o...,..[>|......$E...?..

                                                                                                                                                                                                                        Chrome Cache Entry: 347

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:RIFF (little-endian) data, Web/P image, VP8 encoding, 240x240, Scaling: [none]x[none], YUV color, decoders should clamp
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):8284
                                                                                                                                                                                                                        Entropy (8bit):7.9667361622903705
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:L0/AXI7lh64XDjijM8KneHpd4/CHinKtmdpzCYNK7Al8LjeOEJgP:w/AX6hQY8wek/gFmTbN0Ala
                                                                                                                                                                                                                        MD5:CDB1E86CC16217ED2B935C9D48C80E1A
                                                                                                                                                                                                                        SHA1:3141205463DBCD6381FF8740A78C6BA17579579E
                                                                                                                                                                                                                        SHA-256:3789D4C3978532637CBC1DEDD3336F2FE77536269787D84AB4B9F9A9CD9C2429
                                                                                                                                                                                                                        SHA-512:BAC7EBAA594BF5E1469F1E4547B6E25DF465429A48FA77EB338D6298DE1666AF0BB4030D1327F68D994AAC1BE66498A3575FF31C831A8BDF6A089EC7894E54DB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qzonestyle.gtimg.cn/qzone/qzact/act/external/tiqq/logo.png
                                                                                                                                                                                                                        Preview:RIFFT ..WEBPVP8 H ...s...*....>...A...1]..a,m...!....e5.......-...?v.h...+.O]=...._.o.~..-.............W.......?i}B.2...G.G...../...... ....z`...Y.a...k.7.'...........>.......W...>..~E......Q..........X...o.G......9...S....,.X...s........r.;.../..Y...........m......?.....?..=........._.<K>....W...'..........A...W.?....f=..S._.?...?............w....(>...m......=r.wLjzI..i9z.$.Bd...=..}z.[..n8......k......F{l.h...C.v...<...b..I[.p.W..c^.j.\@\.R)m..._.6.|$...>La*..7..../.N....b...."../V..CI....NU......k.Q....ZKf.K.H.].107T....=vr\X..<.p.B.........C/.B.2..Dvj&3...X...~;@b.........!...u.m.....2....c.\."G....M+...HW{..`bK.sAj...MN....z0$...*w..[1..l2..:.8O.g.h.;.?...N......../..]Dd;...!=.v.&.(...B...gc.BO.....kN#BDkCnY...e._.yw.B..&.I...sIP..X..<..~.t....d.Xz...b]..@Om.....Ii....N.fDs..5.#....'C@a9....:M...%.9'..7...........b.../...G......Eb.qC.$o..Q..1..fU...at..HM..B'|.4.9N6......&Q`Xs.v.Tr.5...9.Nk.z.`h..MPo...........3.h...b....jDz.H... ..q..c`.'..P..8}

                                                                                                                                                                                                                        Chrome Cache Entry: 348

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):32
                                                                                                                                                                                                                        Entropy (8bit):3.702819531114783
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:YA/JHaLWAiI+7n:YABHAWAiLn
                                                                                                                                                                                                                        MD5:07AF6F1DDC7312D27CB0B3EC3C6A5F11
                                                                                                                                                                                                                        SHA1:E14461D6C670B627DD5F6ECFDF493BD9B28A39B1
                                                                                                                                                                                                                        SHA-256:851404A868D79418E64C0C164C587EB92B651B44DD5B0DB6544E7E797246ED7F
                                                                                                                                                                                                                        SHA-512:BA3CF0F7367C2CE4D1E44353A72FB6B479926B9142B8A895FC9569EC1EC3FA0EBB844038873E76B90D93BB4FC60F65566A8E21F1CADAFB08B311B6A98822E285
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:{"error-type": "unsupport-type"}

                                                                                                                                                                                                                        Chrome Cache Entry: 349

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (64998)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):68901
                                                                                                                                                                                                                        Entropy (8bit):5.356724459097988
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:PH2q4D5xJTQQMiLKHdEeW0W68sHIiMnasWVByzZ0lcrzrXcl:uTH1KmeIi5/dCU
                                                                                                                                                                                                                        MD5:501B8EB6120E4C66ACCA2B604CB91261
                                                                                                                                                                                                                        SHA1:E2FC65B261ADD77CAA7A60E5AE31C6D54820BAA0
                                                                                                                                                                                                                        SHA-256:D8DCB49319BD61CCD67610C592B1212BF50921FE2081F97BE84D3FA3DFF52DBF
                                                                                                                                                                                                                        SHA-512:25400C855971AD2881784C7FCC9DA1B653E7705239F1143373C3E6F7159C544E342E4722688FE0AE785BD94BACB41D288C6AC6A08CCEE18119F94A98DDACAA12
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://cdn-go.cn/aegis/aegis-sdk/latest/aegis.min.js
                                                                                                                                                                                                                        Preview:/**. * ==========================================================================. * @tencent/aegis-web-sdk@1.43.6 (c) 2024 TencentCloud Real User Monitoring.. * Author pumpkincai.. * Last Release Time Thu Jan 18 2024 12:16:00 GMT+0800 (GMT+08:00).. * Released under the MIT License.. * Thanks for supporting RUM & Aegis!. * ==========================================================================. **/.!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Aegis=t()}(this,function(){"use strict";var q,j;function _(e){this.name="__st"+(1e9*Math.random()>>>0)+q+"__",null!=e&&e.forEach(this.add,this),q+=1}Array.prototype.find||Object.defineProperty(Array.prototype,"find",{configurable:!0,writable:!0,value:function(e){if(null===this)throw new TypeError('"this" is null or not defined');var t=Object(this),n=t.length>>>0;if("function"!=typeof e)throw new TypeEr

                                                                                                                                                                                                                        Chrome Cache Entry: 350

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):51873
                                                                                                                                                                                                                        Entropy (8bit):7.968557639453807
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:afHKI/Bmgg78vFEHKylfkh78l6I4rYZiPNuy4mSQ:afTygvKHzlfJ0R6wNumP
                                                                                                                                                                                                                        MD5:238BD5795EFD5FD2EE4E924284380331
                                                                                                                                                                                                                        SHA1:296610E9718C251E598D7DCFD678731062CB462A
                                                                                                                                                                                                                        SHA-256:7CEBE60110934A5D549FFFB715EEFF864148A060CEE43D9C4F8E4E6432CF75F1
                                                                                                                                                                                                                        SHA-512:12DB23012CE0E817BA2BBA70E2F237229638CF2E763C9284DFE2D950E29321C0AF9ED32F3AE52736D6A94FFAC99E254BFE528A7B5C60A887CA820093CE459AD1
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............zzz...QQQ........................................................Rx.......EY.?W.Nw.Ty.He`Mid...Wy.LfaDb^.......@_[.........[z....Rmh...Qje........>\X[(3..L....D........>Ib^........H...........D_[Wpj....Y?E.........P...;S.8XU....Q^......b}.aCI.........=YV..............Lu..............R..B........s.......S-4............\.......q.\PQ?02]g.fMO...nVSv][....i.......[_sn...`4;.{.......feM=B..<..{............u.....................3SP......~|..j..]...B<...|..rp....~.qq..V\.b[`D"(njiug......rH@........mh.......{.lqyx.....H@].......P......J........UG[.....cW.BFz@M....{.....l....{O....................kR........w.....~N....mA........{.....TYu}..s.....|k.`HMnw.......y.O..GD.S..K......tRNS.....8S).n...q.........P...;IDATx...r.@.Dc..ecW..J.]...{.Ug.:.7./.FK.L.....D8.. .o.zzgV...r.\......*....+<..~..g.7...T8..._.2..Eyu.^.....[.Z,....%D..7.]..w[..X.Ti.],...v..r

                                                                                                                                                                                                                        Chrome Cache Entry: 351

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999487646341073
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:/YaY6esF58J+gkAcJk0fsEpWpLCvkYJ55GvXb95AAf:Ar6esQvLkELCvkYJnGjPAAf
                                                                                                                                                                                                                        MD5:2508D1B9FA9FCF2A4DCD6859B40EBC63
                                                                                                                                                                                                                        SHA1:3E6114EB46E711BECE167468C183D6B08F85FD73
                                                                                                                                                                                                                        SHA-256:FB945324C58EB1EFEC44733844BB796F34A3D1E4F4DA03D7BA7541397310F51F
                                                                                                                                                                                                                        SHA-512:D35942A1C8F6597B3E4710E662F9BACC42D74F0E0201A58525409D217BDA414155508044A64534DD06889B0D674F476362838C710DE453E09EE5EF3424D2A4A7
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:13
                                                                                                                                                                                                                        Preview:P#.y#.0g+.....J..t..q.f....z{.&.U.....H.8&r..Bl.O<.f.6.qx}.......W.d-.saG....4..O.2......Q.2X.]....M....A!m .K...|...v.MU..../.$F...u.@.....4. @.....8..dw.$g.]......uT......U6..Y.Z....\..:....r...._.+.M......@.=2...q.d...j]....z(......)9q...........*e&..&..u.d.3f~......1E&U(..k&.!.u ..7.$...lW..-..86S.zPLU\...zw......p..l.O..V)~..p...<.t...&...-.{..h..J.I.....n._B+.O.(.%.?z.f.].h..w...`.G.......K..{..,%d...X.*..f.w.J&.v. ...c.?.j.[..S.}...a..6<....;)r.x..L....3.l..9...Z.........h.....`...-.fX..r.G..uh...?.}../N6..3.#...7.>5.o...m;.............Jd(>.....KR..u./{..T......J.....-......y.....b.....&S...+`>.m..@..........C...kI.....=f...J3.!.......`....!.@.......v....Y.....!v..0..{..C..LK.i...hL.b$..I,x.....".0.....B.&..>n.$....[.y.Sw<=.S.|...X....a...*.I..Y.C.!....G. .......)8./..5r........E..>.KA..>.<.h.Dr.YZ..OQe.w...H.bS.)./..8.@..L.!QS..H#..VVXvP.5.&..^.@.%P..K5...m.N.c .W.n..%W..yf.^s.....\.(..4..2.L.#.N-b........*...v..u.K

                                                                                                                                                                                                                        Chrome Cache Entry: 352

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999706247486256
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:9JDKhCn2xSbZ9UmyaZkSBTSL9ZCBwMUKn7XB/nPwjOrq9v9LWkhe:HDKRQjZhTShq5V7dOgOLWkhe
                                                                                                                                                                                                                        MD5:3C53E76AE85503DA6914D27F5F8D24E2
                                                                                                                                                                                                                        SHA1:26B17D9CB66D85237084737523225DE9A58DC6CF
                                                                                                                                                                                                                        SHA-256:0A157933008AAD3605ACB42FD6D241365C6D907990EB32FAFD81E8789886B654
                                                                                                                                                                                                                        SHA-512:1D57985CF666017F8D2D4EDA71DCFCE2F0948411DF5F49216AA9AF97A1B48CC611D42A1D91014D46F3F1109F88EB70FB2D0E78E79BB5499FCA21D795EC1595BB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:e
                                                                                                                                                                                                                        Preview:..Y.rI.T...d...F.p...<.+.j.J...N.=.T..k...M.R........\.....7^.L.#..~.'._t..t....a[..|!...!..M.6u..~.N..RH..~b.o.....M..J.2...?gY.1li..53[.8...&...#..u...,.s.rY.m...].5...uKA.&.:.......3..v...[.a..n.O.q...h."..#.H*...J.?3..,*..Yn.~#.dj..Ra@fxh......M.#...5...H..../..t.....S..w.#...S5,.=..Dw.g4....gYw..S....7.....Lx|.'r....?.@J.#) .....%... ..Q../l.?..... `....>..U'kA..(.6.z....E..C...s...A.Dj .X,..euT.38..kc../.$.....3..X.oasOh1....m..J.)..%.s....X.+......^......F......[...Q..n..Pc0..1M...1.a.'..U+>.....m.H5]....@].c}......KQ...Q}y.G....T...0..7.....4L..w5A.&..........H< .bl*.....^..I.S.l.EVd../...+.N...^..@\;A..D ..(..G.a<.E...DK.._...g>...y6.L^.h.\......2......./.2..e..w.....9..%G...8....r...t.....;...+.......;..j.7.;.|.....;1....R.3..89v}hMJ.l...c..>f.:o.a...>F......j../.e.~F.t..B.j.N......&..2V.qb.x...o.iF....t..h7...eI..4......Af...[{.{......}.%...*.......\.DW.SZ.....V...a.58.m..0.....<.Y.+...Ig....F.U;

                                                                                                                                                                                                                        Chrome Cache Entry: 353

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 82 x 900, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):4121
                                                                                                                                                                                                                        Entropy (8bit):7.859900132218484
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:OZ2KKHDX6KfKSJNgLoot/tCUcWnL+aRGLJDD:8Kj9CegjJtC5WnqiGZ
                                                                                                                                                                                                                        MD5:A13B4636ED3593819041FC602DF9ED5C
                                                                                                                                                                                                                        SHA1:2433529C29FAFDAFA32FCA89B813C9E4BFF69F57
                                                                                                                                                                                                                        SHA-256:F35E49E254355130D7042EE1434FAD1DB7D6304264E5F31412CCFFAFCCAD6BE3
                                                                                                                                                                                                                        SHA-512:6D13C10CA6A4EBC8A8E611BF987DFA0E0BE305BDBE1C083F84069D2B69DEFAFECF6242AD9A29945759326490329047ED126827ADE703804AF912AEF461BD9851
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...R..........}.....]PLTE.....RT.i.c.7..j...e.7..}...f..f.7......e.7.....e..e.8.....7...f.~.....8...f..f....8...f............tRNS...!+/BKLXefg.......................NIDATx..]kw.8.ENB(0.K.c....&...!Yv.=..~.s..I..ea;..B.P(...B.P(.........(.......|.*...B...*KxE+..|...6.....AKY..~.. .w.)H...F.H.0J..4.s....B.P(...]+...AN.Q....8...J...`.Q.SB.9....3.}......../.ZP.A.B..!t.|.,\...^#.....OlE3..W;+.U..../..F..bK.......~.....n......:.e..c).wk......B..J...Xb......e......4............8.#.~..z..P.8e..i..V..T(..l4_^!w...;..B6..=......2..4...0e....e.....dQ.F<.7.......&...~....RTB.I(g6.O.b..{..;..|O.Z.*.O.b..AjR..X.3P..$...Bf..1.^.r..2...|...%...l....(...........<.......Pf.m....*.b.....#a...J..d.c..m(....l.:.E2...P}...wn.....%$..9.Y.)$Ug...."..v.cHd....0snSJd8....I=.b.N...jqE....-.f.Q..\:~..n:e....j.......7.)Mv(Q..F.2"..o1.A:%WB.P.~{%kz(..l..C....l&..t(...]&.9.#S_......bR....H...A..Df...c.......;..........L....p.,.W,.....c.,>.u"g...8,.)..t(MO.

                                                                                                                                                                                                                        Chrome Cache Entry: 354

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999601458747834
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:/3Yq7at1reoIhmNVrWJW++K2xALGGD0XZsBCAALyUxnutqBqF2cmbh:/3dat1rermN8TKAL9D0XZYCjmUxmqPci
                                                                                                                                                                                                                        MD5:3E55B168217E4593872825FA3676D8D4
                                                                                                                                                                                                                        SHA1:5BA25897FCD4431361DCBBBB11355ECD46F83243
                                                                                                                                                                                                                        SHA-256:4E962284F78D330C49DCA987845BD1A9F1F4494696B5ABED05F3D42D6C4E6BB9
                                                                                                                                                                                                                        SHA-512:B91EBC2B490D48445F1DBA0E848D89E17FC9A306622899F8844F5EA9E3C625DC221B3730D7731DA85BC759F92E17B0CBDBBC512FA913E9AFF6E759DDE7BCD43F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:c
                                                                                                                                                                                                                        Preview:zA(.D.. >7`h$Z.^..k3......e.P......&.......mV.%...e..%.....4.$..v%B.9..h....!.Ut..o...j.R....,%...+,My..B....tQ(a...&....1..3.6...$.I...A.e..-5..X..1...0..h..[.].T...F.l.I...5..Xb^..~..k.;..R.N.......(...f......H%............&.DG.........2.o....G0.>.7......&.....Y...Z...l...7.....Z.....>..g+?..J..d..^.].....j.P../.+.%.k......9..7..E..O\Hz.....<1....YUu.;.\<.Q4V.d^-....K..(.0.....v..S.No#,.e$..%.t..7..N.Z..K0.q:'........X...Mb.M^.c....H!...;7^...<...+./..y.<X.|!........[..N.I.M..JQ.S._`2>.Ln.]3..|#JCE...^lg.(i.+.L....."...G...\.}.n...$....Tq..-....W.e.+.^....uS$<[-...h.U..<M....b&q..:>.").M..p~A..]=..Q(.....n....."D.!=...i.......$.#....f..f \8..et...[..$..1.Wi1.F..-..U...&6.#]D..\d..6=`....j....../GA.z.2../..^.^K...<..[%t].t((...;.....i.m...-D.|...,.A..z./.$f-S....#.#..../.....q....Q....,..z.Sd......=..Xp..W.3H.y.......uV........e.N...\..t....Z.@..`.a....}Q.|..VI._&.q.,....".....T./W..`Z%]...K..X.G9....5Lj .....vU.E..t2R..............O...fe..

                                                                                                                                                                                                                        Chrome Cache Entry: 355

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 121 x 121, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):8572
                                                                                                                                                                                                                        Entropy (8bit):7.961319566836723
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:5tLPUKXcqURgyabfPPh17y7zef/UUQ/62yphvwKNayVVrkkXqeX+w:nIKqRgpb3Ph17y7z/P/ypmKNa4ZkkXqM
                                                                                                                                                                                                                        MD5:7941843909C59494F533B7D9A78E36F7
                                                                                                                                                                                                                        SHA1:A325976F99A1EE4EAE8070E8BD6619B5B7961076
                                                                                                                                                                                                                        SHA-256:C91EF947A92830BBC926507D00486B5A45122F87796FE5E3D2849E77FBDBAA09
                                                                                                                                                                                                                        SHA-512:BFBD0EAE0CFFC5F5F656E976BD1E376C633E720903DF20DEA1D25767053E8AB3CE30C60A04F86C2667DF454F907CCC2FD9DC9C4059D0E9F37544347F731F8723
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-logo-11.b87d994b.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...y...y.....*$~{....PLTE......alow........`opHSYGQV@IOKUWHRV...MX]DOTFOU............GQV........................qzxHRX.........y................................ZegLW]S]_.........Xce.........T_bFQS......]hjOZ]......VacP[`...itvITV...............GRXJTZ^ilx.....oz|mwz..!...~...........cmo`kn......r~.......KVY...juz...............u.......$frtalsr}.doru..CMP......R]b~...........z..wsr.........""&..!...|.....zvuDGJrnoDNU......&%)|xxNWZCIRKLP......mx~.|}dnu6:?..%.........p{.gqxpkk.25.........{.....x..upp&)-...+*/......kgh:=G=<=..".........ORU..........}{nrv!&*LHI97:...~zz>?C16:546...\`dFBC/.1......inr?CG."'.........z..c__......QV`.........13>...x|~ehl!. ty|vtx--7(.1. +........gcd............VUV......|..TPP"&/......lkmW[c...qpt]Z[.......................tv.......\`n........z....&tRNS.@@@$@..v. B@...z._.....e..0........p.....IDATh..]hRa....E.M.].:..:...h0.n0i..n..5..j...P...,..O.9.fD..3.&...6[l..+.5.$.....R.._.9?...y..uU....4........f#...$.......64h..bTck.V.I.s

                                                                                                                                                                                                                        Chrome Cache Entry: 356

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3050)
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):9409
                                                                                                                                                                                                                        Entropy (8bit):3.8627449454505975
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:KvkADp0wXlhMnEXb74PtkADp0wXlhMnEXb74PPkADp0wXlhMnEXb74Pe:mrbXlX741rbXlX74nrbXlX74W
                                                                                                                                                                                                                        MD5:AF8675A61A81E9941A3CB303E4FD987D
                                                                                                                                                                                                                        SHA1:6E72CDF2677356CA4D7AB8B99E544042F43D6D7F
                                                                                                                                                                                                                        SHA-256:65A5FE2D566AF66945F50B6B3A428B01932C9F585EF251D2594100CE786F87B6
                                                                                                                                                                                                                        SHA-512:638221A4F5D6D930C01D9F71025CD06E7EA1D33ADC1667A5BD80F6CD37564E350D2F2F23E1B53E6CE264250112B4C2D4FB5F3A906DBB12CA6825E1F40C764C75
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/qq9.03144aa7.svg
                                                                                                                                                                                                                        Preview: <svg width="971" height="292" xmlns="http://www.w3.org/2000/svg">. <path. clip-rule="evenodd". d="M105.756 264.757C130.013 280.641 158.54 289.132 187.73 289.157H351.498V249.96H288.875C301.838 238.074 312.526 223.967 320.389 208.298C330.308 188.53 335.468 166.803 335.47 144.782C335.476 116.227 326.826 88.3107 310.616 64.5635C294.405 40.8163 271.361 22.304 244.397 11.367C217.433 0.429948 187.759 -2.44079 159.128 3.11769C130.496 8.67617 104.192 22.4143 83.5408 42.5953C62.8894 62.7763 48.818 88.494 43.1056 116.497C37.3931 144.501 40.2961 173.532 51.4475 199.922C62.5989 226.311 81.498 248.874 105.756 264.757ZM187.878 249.96H187.861C166.589 249.964 145.793 243.798 128.104 232.239C110.416 220.681 96.628 204.251 88.4855 185.027C80.343 165.802 78.2113 144.648 82.36 124.238C86.5088 103.828 96.7515 85.0808 111.793 70.3665C126.834 55.6521 145.998 45.632 166.861 41.5735C187.725 37.5149 209.349 39.6003 229.001 47.5658C248.652 55.5313 265.448 69.0191 277.263 86.3233C289.077 103.626 295.38 123

                                                                                                                                                                                                                        Chrome Cache Entry: 357

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 288 x 288, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):18401
                                                                                                                                                                                                                        Entropy (8bit):7.960134833929269
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ZufF1T9WbHXHy29g5WD4JOM2GIwhzaJyoQOhumKdkR2w9v9jYhRr7:kx9WzS2WkidwwxuQ2q+m7
                                                                                                                                                                                                                        MD5:5BF2F25D9DD6FFA0ABE78303A7376A3C
                                                                                                                                                                                                                        SHA1:B0EBA0DA234C54435967C75C9DBFF35B2F058135
                                                                                                                                                                                                                        SHA-256:A6EE012B26448225E4B34EF4797AAA2D9955042679FEDF2D9910B198F38838A2
                                                                                                                                                                                                                        SHA-512:086910A2BE67EFE15B7019FBB23E4B165E3E446E9A9A44DA98EB78C3866EBDEA5AD8FF81A039347DB87387E26BE51B694C1DB7ECAEE22D197E40A6CD6799D1C5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR... ... .....#]^.....PLTE.................b..........................................%...L.........................O..........D..].P.A.P.......O...M.=.t2.jF..............................Q..W..d.....].....K..o..j%.]........uJy...D.....I..|..........................J18..C..Q..C.....B.....B....B.B..M...........d..D.71.b.A..B......4.O.E..W.._..I....t..[...A.l9.g..V..o....;....K.....p..I.q~....K.<....W.............t.......}..gk.....L{..RO}.Q.w.O.7R....N.....................x....w..=.....d.....B...~..\.~u...Y_..V.......pZ..j..K......a..m..s..g.........^.......................c............c..C...[....s.IlRA............B.....Z.Q.P...W..........g.9r.d..:....qI......f.......O....U.....{...|........~...{....5tRNS..........` .(../.>F$....vOo7O.Vi..-.....j.kJ..{.......DaIDATx....@.@.(Q|..'...m..N.;.(...I.."~._].KK....M.=.m..p.Q......n.[..j.\...z<..z..}.t.3X-.n.k.7..6.i8.=].oo.dgeO'

                                                                                                                                                                                                                        Chrome Cache Entry: 358

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):64092
                                                                                                                                                                                                                        Entropy (8bit):7.992531468178547
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:768:w6rLtcso3GkXCmVetR7ZqN1wKLNoYzHVZswwOZdHT1XiNU2K8SkAwUhpkX+U58NW:w6ra72kXCMXfNHsw/ZdHTE68SkTMEeJ4
                                                                                                                                                                                                                        MD5:B3F8BAC78A4FBF8CA55EA0759B0D7ADD
                                                                                                                                                                                                                        SHA1:3BB60C748E6F6D31E2E98D65F2ACCC2CDC27D5FF
                                                                                                                                                                                                                        SHA-256:D105E7F68E5ADC11E3A7CB7C93355FAB28BCFB9AFDEB7FC3B730684633AC9701
                                                                                                                                                                                                                        SHA-512:7E1FC67B286F47931DEAD8170071A6AEDAB531D05F802F189339845A1911280EBFBB6A44E4AF85EDB577A110BB9E68D2260D73E71994A37B85B0F482EA1DE11B
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-11.dabd0e54.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTE.;)4/.9..TS:W]Alt`WaG#..YV>....~:H>2PJBP6=D*..24.!..".....#..... .."".............& .%&....%#....!,....#.......%0.......%%.(+....(*.!(....+$..*.......,:&f8.+3!.'. "..(.NXDOX;$>.hs_(6*YnV...+<2cmX/8,S]=./.....$/%VV@.0!FC&67.+C53+.];.51.Y7.35$....7r^u\...@? .4f5&.S=. 7)6PH<..11.;K@5?4...$6#3?,>7.QQ>=D)WX8l5.bug3..Y_@...DJ)qud...QU3`mNV\I\ePPbCj{g6="..../YMM7^fY...irT"=.-K=`m`t:.YP9%C:Vl`MH-. %K9.iz\<:(hgQ...e?.nl[2C=b}pUve7I6(..|..nzoy5..<}18.TK3H\JYfF_5.FU=a~dCE5~..+MG`W@zxf<WOEO4vwX:<..+LPmY...ScZDPGQgMp.t)5}s.dYB..#0cbF-C,.%>/TQ......(A.q-_GA.q@.F`VGmd|.q,(.<..I;#}1m...D5.i/y... 75p|.x..y..e.|Rzs.|eb..x251P.......<c....i..|.m......s..7`]f...5Pj,K...|...[~.TP....vw.B]....bg.6R..GxXs...kIg.Nr......~l.....~oY...........u.........P$!G(Xc..5#6............tRNS$....``...`._...{.}.....IDATx..Mh#e......i.&...r.,Y. .N......a...!....c..He...`..CRbh6..f.!.[v..E.."......_......X.((.?3..v.l..7..#{.Cg......T..{.^......j.W..|.A..N..[..

                                                                                                                                                                                                                        Chrome Cache Entry: 359

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 192 x 192, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8656
                                                                                                                                                                                                                        Entropy (8bit):7.92130568188592
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:ttiyvyaJZmXxqcioeYjWxzXZYl8u5b3Xz0BuRt6YdFrXyPceZtZa:tt+moh6YazpYl8u57zr/dFrXyJDZa
                                                                                                                                                                                                                        MD5:3D7CAD41880113413785CEB9C6F43B13
                                                                                                                                                                                                                        SHA1:EE01723D87F3FAE441A9B2D9F85603D2FEE1EC05
                                                                                                                                                                                                                        SHA-256:1C3C44EEC0F0D1D19FBDDBA0917A23A9EDE4E4D6D53B039D616BFF46A6709581
                                                                                                                                                                                                                        SHA-512:10B6041AD99B457CFA99D67CC4074E52FBA5E26EFABF7BB45BDF2A12D724854D4EA184354A1ED0CC7A23E10802C83CD5DB4CE50FA1B5910CA20BA6D3C9B25731
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............e..5....PLTE...E..C...~a.qA..C......|.mB..C~.C|.C~..{.sA...O}.A~..v.~B~.D..C..O{.B..N..B..E......qM...B~.G|...B...D|....C...C}....~.v..B~.B......C}.B}.C|..C..B}.@|..B......C..B..Bz.@}......oJ..lJA{..lI.~.~....x.Kn...vX.}[.oL.hG.qRM{.fj..mI.h.nK.....n.FU...qP\j..rPF_.ol...]^.Zl..gVj..nlo.v.mk..m.p..u.......}........P.....a....._..W..N..^.....]..L..S..V..[..Z..J..U........H.........................K...........P.........................................{..........wG..............I...............................~F.....I..........|.....v^...`y....[..]...i..k.d.{.k.~]D..\..[w.dv.iv..xT....pU..\..y.z..qpv...q.|c]..yx.z.Po..vT...~.o]n...vqm......f.....zWy...w...M....G2...wtRNS........)...tI...L..!4...).......R..... ..>.n>...5...c.~k...W...[.^......wf...~...B4.........hXU......RNI.j...P..[....IDATx....k.P..p...b..:....S....^..0.......'D.%..0...m.:..

                                                                                                                                                                                                                        Chrome Cache Entry: 360

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 201 x 200, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9918
                                                                                                                                                                                                                        Entropy (8bit):7.962775403040729
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:yDjwcupsSrn2B+S3PaZRVJce/Mb6FvQ9zVP5hHM1jAQ:A6Fm+rZ2kwumpP5hHM1EQ
                                                                                                                                                                                                                        MD5:F69698E47D99D8CEBC84D7CD529904F1
                                                                                                                                                                                                                        SHA1:74BFC9525829B58B49C67B4262229EA589F33994
                                                                                                                                                                                                                        SHA-256:8420A3DDF47F8EFCBDCC0A483B2CB8C949E02EB99930AB1F15755485C0EDE91C
                                                                                                                                                                                                                        SHA-512:34333AA0961E858B50EBFC67EAC10EFCA1347901F5524D85D05BDD97B2E6BB822FF9D7367A0BB8AC6BE1FB0B105B44D3218EED90293AB285362BA4D48E4236FE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............B......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..$.IDATx..}{.].y.o.rE..ER.......*E.."Jmz..]..l.M[...4V.0J6Ec.-*.J..HE.-R.E#. ....y.fb...rb...zX$.(sE....Er.Lf.=..o....s.......s..{.7....9................"z..u..=`..sTS.)s.`.'.RS...E.r\m...9.L...1:.....ty..D..).H..6....v...5...Q..}..(;..uD......z.o..........X....@.{x.S..d..S...*....A&..r.$....4.Rs.A....|.Ga....UD.t.U....<..zr.[...*"I...r.}.@s.....l.VDt..$]...........xR.5.. ...H...1..X.P.v.?.....O...#b..I..0..n9.....~.._..'....|....!/Us...K.H.%D.i..n.$H...`...../=i.O..U.a..3....$Y"...i.m.h. ..............Y...h.w..$K...S.m.$CM...'k*X......!.d.`U.H

                                                                                                                                                                                                                        Chrome Cache Entry: 361

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):25393
                                                                                                                                                                                                                        Entropy (8bit):7.975344734008277
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ms8YWEWWhxpiYIUvVNubHSTtMxmY1m8r3cVdnjjbeqRRI73POG8opzphDLupurpz:4op/H0H1x5micrvRRI7oaDLupkSk
                                                                                                                                                                                                                        MD5:83E8B2F0F282E271EB9216F227EA0D54
                                                                                                                                                                                                                        SHA1:5590E817B200BF2E27503E6C0F629F3722108E93
                                                                                                                                                                                                                        SHA-256:9B1D79EA17F15878654FA4AF07696CA1D02E61C398196F26729F7ED785A080DC
                                                                                                                                                                                                                        SHA-512:E796455CD041114B10BEE215224BEA29EBF673DDE5609DAAFDF74449A67F2CB9CA0085EBA26514A6851923C19677736A8FFD8FD7FA3A54DAD365E3E9B258C618
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:............ ..c.......PNG........IHDR.............\r.f..b.IDATx..Io.....;..w.II.T.l.}.^..f.]..l.......0<0P....#..B..=*....p...w..R*.T.....mDl.V.8.).J.<$...O......._.#G..9r..#G..9r..#G..9r..#G..9r..#G..9r..#G..9r..#G..9r.Xl....9>.u..M}d..s{..l2.'...}...Z..../..0.......R....p.._c...Ev.c...[.....If...4.X.[.........P..@.X.....C%..A.V..9V...g.z....C..t..A.. ~....>h9....n....tE..]........T.b..2[.T....q..`._...6.7+.}..8.o..c...".FH#.?+.YdM......n..T..J^DV.*.@..&..o..u.x...........`.....N.Y...!1....d..q..9.....f.!B[..&../#+.J.X.....W....~.G.....E...D.......V3....c}>$..p.l...r..k...\..>X.5.........z..<.6.B(...].OF.NF..ge?."..c?..C/..|$ @H.j.....w.a...:.....I.........>.._G..U...n........]..r.D.`[_A.!.:..c.1...Y..mb..H.B.f.&...A..A*.....M_%u.5..)........?B.......m...v..#.8r..5#....6.g..7._.O."X..+..........i....0..U......5...n..3B.$....9.\..._B.....>......D.....e<...E.<...S..#..h...|."...,.b..n..#j....[....C..1...... ..,..;K....!..!..9x..5..A.Y.E..+..

                                                                                                                                                                                                                        Chrome Cache Entry: 362

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 121 x 121, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):10520
                                                                                                                                                                                                                        Entropy (8bit):7.97949289515813
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:IXYAmWhoq9Ff8KcQyKwOuV+litV+z/27VBtIV3menRaG7xRsfjxaB:IXSYrf8PNx+oUj27VExmenBxR3
                                                                                                                                                                                                                        MD5:596E73982012010E6A3972C0E0D848C1
                                                                                                                                                                                                                        SHA1:BC655FC79E3781E7C68C46C1645B198E2797FFF8
                                                                                                                                                                                                                        SHA-256:13EB64C2097B21543E4B0632D529E695853A90BEB7FD8DD2429A3522F1DA8F61
                                                                                                                                                                                                                        SHA-512:689E9B6B0DC67AC978B940525B803769C9EF70DC4691E3B110DBD98D5874C4E2EE33170F5C85DCAA716B9A3214869575B6D99E9854036FCEBD578F537FEE5CAF
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-logo-1.c1c08300.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR...y...y.....*$~{....PLTE.... .Q*....P5.P.\F..r.q7.B..z.%..bJ...X.C..../.P.7..`<...r=.iAG..?..O.....1..+..i5......Y..../..8..^0.e..q<.E!.R)...:......'...A."...,..w..5...X.....o...|O.V-.M$.J"{>..{J.tE......g;.......^9......y...#~._7.f6.J.N%....~....T.W..M....`.H\.~O.Rh.......tE.>.......yE....`..S|8.........}.j.BX.>...B..q.o.G$.Z+.dt.........]+.Z.`8.T(.p....`.K.s4yI...{..o.[n.nG.|B.(.........Ff:..i..fz..d.T.4=.Q9.n/Y2........y..d.fN.O/.4........x.f.n_.jE.m9.(...p?r+....Ui.B3.Wj..Y.xY.~X.k(.@..J.....:.X-L..;....og7IuO3.%&.......{..k.R.S.u...}n%5c#.....V$/............j.@MtG"./.....|......i.&[....Gp..e.`3....1..(....,3.p.\...JW}0>....9..=... ..s..`..5t.7."....j.!.|..UZ...r..l{.DC......dK.>H....t]]K:\..-"CYW..^..L.........tRNS.@.@B.....:...z.......S.G..%.IDATh..}L.e..gu...L.1AC.`.M..l{..4....NO..Ml..Bx..m$}.Rm.y....)..v......:JP.N.eN......f.........I?..=.....]......].a...s..ae)....&:;.3..x

                                                                                                                                                                                                                        Chrome Cache Entry: 363

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 615 x 346, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):24909
                                                                                                                                                                                                                        Entropy (8bit):7.905624713859312
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:uxBkI6ipAh3IEkI591T1pj4/Yu4iS2M5yumjZZe1XmGYHt7Pla:8BkI6iUT31hSBSrsuOZZKXmnU
                                                                                                                                                                                                                        MD5:D99F5228D03D33BF82EA3829DF19433F
                                                                                                                                                                                                                        SHA1:85168A4474C057B743BBA0B1790F6F8964494AF3
                                                                                                                                                                                                                        SHA-256:552A1C45AB3EBA97C44BD109956E365111A7D39F8F6CCE17573C14F1F6A753F9
                                                                                                                                                                                                                        SHA-512:5870EB3DACF81A377B5F76DB831D9537D0D145B14649281905BB0189BCEBB095A2CCC75E0442A812C304551073F6BC4210912A6B83ECB01ED609E316700D3A12
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...g...Z.....[.......pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6.._.IDATx....\U..i...%@(.@H..I..........R.Q..P.#...T..D. .........?.'.0...3{g.......aw.......+'......fB.!.....o6.?...M.!..Bt7..M.!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $..B.!....B.!D..8.B.!.H..gB.!...B.L.!.."AH..!..B$..3!..B..!q&..B.. $.

                                                                                                                                                                                                                        Chrome Cache Entry: 364

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 287 x 287, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):11943
                                                                                                                                                                                                                        Entropy (8bit):7.921713463674599
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:4t5RVBMRoRG5ectnEGZUXMrE97R2DV1qBWMO/a1K8JMVkQd6gfL0SuruPFQGCraZ:4jRfctnfCEK7R+0IMAuK8J4kQdFfL0Sx
                                                                                                                                                                                                                        MD5:11C7371BF2336B5292AEDF41CAF163D7
                                                                                                                                                                                                                        SHA1:9778B47F333A85B086A9A698241670CBB984A50B
                                                                                                                                                                                                                        SHA-256:42259CEA0D1FC6BB23FB76D840A68E856B255C01AC3E6A12DB4DEB889F973AA3
                                                                                                                                                                                                                        SHA-512:4A48ADE9DF5B2B5C0A43C57877318FF3AB3B145E299BBFAA032372D62C2B3D3F2F7D91088A96FB18D5284C20739A1C6F4F10E38D529659B96FDE88D91410A59E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-7.17756db7.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............O.2.....PLTE.......O..c..U....X..T..Y..`........X..X......+....Z...'.................*.....Q..?.2e..O..L..O.......5`.....!..R....4a.....R..6.6`..I..7..R.....S..$.....[..?.....T.....O........<.......7`..3....7`..2.5`....5a..........<......f..........................$.....)..-.....1.....:.....B.....=..O..I..E........@..K.....!..8.....3....8..5...6.;..>..0.....-..)..2a....A...s.....v.$.....E...............k.3...n.....S..z..9..g..a.'...]..Y........R.....O.!...E..&..!....5a.....=..4..+.-b........A..U........}.}.../.....F.....H..........(c....$d........d..1.*d.z...L.................K..C..f..e.......2..:......f.N..6..7..n..`...f.).......C..x....P..Yo..f.dz..j.....P...i..)...Cz.4x..L.tt.{h.ec..n..`.jR.W..No.yY.wB..;..:.z...g..I....h...y..g5...$t..!.LN....<2.....V....GtRNS........ ...'. .@10..a.... @ .`.p._.N...oP .....o)..`..C..o......W...+.IDATx.....@@....@r%AMB..1..n...o...^........FU.y.i....mK?..q..|I)...]..o...N.P..y.a....q.!..11fb..0...L

                                                                                                                                                                                                                        Chrome Cache Entry: 365

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 1272 x 967, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):200887
                                                                                                                                                                                                                        Entropy (8bit):7.978433783839488
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:xvm/YA+XXWKJqC4E33iTG/RVDoqjKuH02eF2:o/WXWTEHiTG/RVDFjKu9e8
                                                                                                                                                                                                                        MD5:EDBAB82D8BA30C28D104494FC12827F7
                                                                                                                                                                                                                        SHA1:2BAA1832A50962487FA6A974ED034367E0A655A3
                                                                                                                                                                                                                        SHA-256:73B55664C9A77FD8495A153D5801CAE0791708E2506345E792A776E81685936F
                                                                                                                                                                                                                        SHA-512:643419F0D12469272EB4EAB76A539127F7FEB63F5D75B2D04E3D624885AE7A3701559E8CAA7A0CD0CC835D6E9BB4E8F0C252A52BC3E444344D77B0C88F842E38
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR................^....PLTE..........................z..........[.......~.................FGG....................................................................................~~....... !$.....A@A97=222...................QQQ........omo..A..........#Lvuw```........+*)...*9j............(+;......$/]..............III...........[l.........4......ffiXX[.....c....%,Qw..x..8..Rd....r.....BT.Me....~..at...........pv.s..L].Nn.5I....o..Vz.g.....il.=LtV..{..5;Q}..=Fbs...l}.Vt.e..JSh?Y.ADRHNZS]r\e}N..........1Dt......\........,>>f.......B_.`..bv.l....yZ\...-x...O..:.....'Q..b...%]...........}sQ..C....ngNR......dXi....lg}........mi......:.Byh.VAG.-.....^C....a4!.......G...7c...@B...I(M..wE.p..u.......`m2z.N;.O' ....m.c......-..F..OO.......k....M....tRNS....................h..8........QIDATx...1.. ..@...N.%.@....................................L.8..g...Y:z....V...y.n...(.Z.&._~.....gFK..0.%...2.nOw:.E%.X.IC.)*..BTm..D,.:.u..LR.\..

                                                                                                                                                                                                                        Chrome Cache Entry: 366

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 208 x 208, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):8337
                                                                                                                                                                                                                        Entropy (8bit):7.922684154713854
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:5ADPa0oXZ6jkudR2KsmA+FHbzfqCTrvvaY+E9tcPxsr2VMn:52azpUj2Km+KCTrvvaPE9tESn
                                                                                                                                                                                                                        MD5:FBE6B924EAB40D73B0E3F142E6601562
                                                                                                                                                                                                                        SHA1:1582C7A664D5A0CB42A8C767C21617C4482AF40C
                                                                                                                                                                                                                        SHA-256:FCBBC36CE022D677E4BFC53A6E1CB0CCF287154A4727D77F5F27EF4C6A820A9D
                                                                                                                                                                                                                        SHA-512:2BA1C9AD6FC30C5A844119B6FC682D9FB94A240F095F480D8706DB35453B84E73FC5E0B3B5B788F7F6A29E3FE6775882BB04F6E4A0C7CEE283AEF6B4792B6F25
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/ornament-9.39b61a69.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............Az.F....PLTE....R..Q..K.u......)........%z....,..4..*......z.......-...}..........".........y.......5w..........(..&..0........&.............7.....i.................i....-..!}.............................................\........./..4..)..9.."..*..6.....:.C......%.D.............s....4.....:..1...........$....."...........'.................2..-........................x.....l....#......w.._...C.e.......-...........=...u................,.........x...........|.....~.......... ...o.....v.....z.........................................G........M..|.......*...o.....U..N..h.....j.....X.....z..q..S..a...........p..b..[........Z....:.H.y!.N...Pi.......c.6..JC....*....6..N....=........{889....Z....211..,....4.(..W.4.i ...?AE,,,.{........<...]cmt..LOU...kq}.;.....KtRNS.......3':.N..P....d.F o.vb..W..~..m.....!......e...B....z...............IDATx...1..0..qHc..7...p.Hi.2R.=...di.(9.{.)r....a.....yK .m....'&.O..(...B.P(...B.P(....]".....ISk.

                                                                                                                                                                                                                        Chrome Cache Entry: 367

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 113 x 111, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):15596
                                                                                                                                                                                                                        Entropy (8bit):7.9763092156654105
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:VmgxeuEZVy3nfBsKu4dgFIvUaMUUaLEI1uUKG:VjoVyJAmgW8IEWunG
                                                                                                                                                                                                                        MD5:405EFA58AADC182793EE0EFEC2D849C7
                                                                                                                                                                                                                        SHA1:B4EC2780644B2C5498FADC39126CE2FB5306DE89
                                                                                                                                                                                                                        SHA-256:91264AEC36D0386073531F5D5F4A135FFB4AC2BEC2FE45E2DFD0A495A0B08DBC
                                                                                                                                                                                                                        SHA-512:102A3C3218A80994700EFBACEDAFB7F636CFAC6E5035AFD5DA3B16CA8DC16BE8A0F30805F8D001D4ECB34B2C24EDFC14F23CBF2F0F5C8AC34CA35D056D18E5EA
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...q...o....../;....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..;-IDATx..}..]Uy..p.;..n..@..$(..AQ..E.Z).....>K..}}m.......hm.___...S.*$*P@...0.&!sr.........^g..f..?Y......}.^.........u....&..V.\8...W,..i.....{[oo.K7.t....$...v.../... ...R....e...<..o.sxx..x............}_J9 ..\.p/.0\.@~w.5..F...."..8..R).M../.8.s..$F..J./..-n'.ND....;.....AC....<A"....x```|.......a.y......`..#..x.$F.=..$@...B...o...Dd..#......L.".x$J.kI....t+..wx... ....kH..k.....B0.$b.b5l..K/...~....".....l..Kf..".c:.E*.I...4r~.~..q.....]..H..H&...u......I.#..l<. "..D0Z.<.z...].....k.g~......,JI.RC.Ll.M..n..D..WmkT..C=.....JvI...g..9..

                                                                                                                                                                                                                        Chrome Cache Entry: 368

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 438 x 247, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):47110
                                                                                                                                                                                                                        Entropy (8bit):7.976803512948249
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:9L/Dm1LC5bpkhvjZFXEHBWDiR6QvYUs1TC+vLyq7TeZLWYTEeNbZcib/jppeR8GB:dmRC5bpkhVFX/2k1TAcyTzJdXpAJ0jKz
                                                                                                                                                                                                                        MD5:2AB8F5C5A6C57CE00974E904430044B7
                                                                                                                                                                                                                        SHA1:DE1C4F98727E300F9F491CAAFD9435C8EEFB8B35
                                                                                                                                                                                                                        SHA-256:4B320A69C7597D83F9F331A715BF923613181AF8AC32D014EC40E28B0C6880E0
                                                                                                                                                                                                                        SHA-512:35C0488B00B9E25681B446EDF82F9F8AB648C230CA44053BFEEC2E8E26B33C9C2063F713A1459710E3537664E91E9D737296074230010FE7496F5B5DD4E4939F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/guild-6.1dc4108f.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............F..?....PLTEM=.\R^4,5pr..B..<......9..).P....$J.......9V.@[...'....rU=).x...E..Z4U..h....z^H/.~Vd....H.....pN........G5%%....lS4.vY.i.Ja.......z_....^..s.tQC?.........}.....&O.VHd^Ul~g.uZAxeL`[W.p.F<5zU..kQ.............RJO.}....h}..o..tD:D..wqgkf^_Q.nH9N.~jZo]s......{o..id`..h..l..K8....h.[C..F)....4~.......of.........8)".[..s`.p.8..`I@sUYcVG..p........../IZ.V1.sB/.kQwl.....+e.S.........]..lg<%.|\..W.|.OT....v...'".......^IUj...l...{GQR}..A..Scv...m.............&...eMS....Xa.%2[.....no..{..`m....4.5...u..J@V...}..{.....yJ..O8...lm.Xc.K.3.z...pL...8.............O...f..i:vn._89....~u>H............._l/..x..xI.c...4Dp.......S[B1......E..}R!...,.d%..s.I..............2.%./.Y#ap..u*.V...3b......e....7B.w..za.]..eb.Q.Fv.@.......tRNS@...'.......IDATx..kllS.....f..H......GN..WB<.....kB..!..A#..Q..-.IP...1M...f.j.Ns..L...(.D.A................K....O.}ZZZZ.Bg..Q.N.D.=..D....P."..^..#Vo~.J..L.wFY.D.......(.~..

                                                                                                                                                                                                                        Chrome Cache Entry: 369

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 536, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):57652
                                                                                                                                                                                                                        Entropy (8bit):7.964391188227326
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:KKhziuz0MtJIeahVKz4q+XhBXKstHTdPTvfdj:9uTMt+PhVKU/RB6stHTRT9j
                                                                                                                                                                                                                        MD5:797ABB2FC14C31278DA40FB9A653799B
                                                                                                                                                                                                                        SHA1:CCF73636603A3151084F28A7F69166B467CA1E0D
                                                                                                                                                                                                                        SHA-256:8CB70E95C6A6914716EDAA23CB99CFC9A52F76860A76636197FDD570103D2463
                                                                                                                                                                                                                        SHA-512:9C0F1AC70FF6E0145AC1C58A0828CDCE0B4189C5BC9CE222EE985D4483CB57F2BBC06C52B8E854DA5F8B2F7BD4339365147847AEF6FA9EBCA673FBC8B0DC7A0A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-2.47e8b6d6.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR................u....PLTE..............nnn............................................................r...........o..............u.........................................O.{B.w.......s............F.{..........t;.v...'.w..xW.z..u..........I.w....ye.....y4.u......}j'.s0.z.XU..............y......._...........;.{....T...........'.}...L...]........_.y.....y.............H.o.......j.x0.....S.ri..x.w........0.l...$.k..n.............r.nj.[...........}..;.m=.....z....]~\........lg.h....Q............{.............^........{.]....7....^.........{h...ge].....w......g.G......F.......G&.........t............h.............d....{.K.f..u.......X......tq=..T...[X..q.........Z..........e.~...Q.+............u.....x.:....}...})0.......tRNS.....2R...wo..s..$....IDATx...n.0.E. ..8A(..d..+...A.Q-. _.M.^{.?...\._..T.G...(FZt..K..~ .. .. ._f......3..7i.G...!....b...3..Z......}.>o.....y...w..o.`....b....a.....

                                                                                                                                                                                                                        Chrome Cache Entry: 370

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999734396099774
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:lsOvIdXGMZvkoZp9FTmbRC4dKaiYKOoQAnzZSZBoKzFM/y1jCxsgFVe:uOvId2ckc9FT2C48UKOoFnzZSoKzFU8R
                                                                                                                                                                                                                        MD5:36E83FA7DFB4AFF0A45A2F26A5146B55
                                                                                                                                                                                                                        SHA1:4261F192A801EACEB9F9FBFF4A539B8A98507349
                                                                                                                                                                                                                        SHA-256:0A69ECFC7FE4D4A89A06FCB4C5D706FCD7A98269CF7C307177131CF5B7C5F759
                                                                                                                                                                                                                        SHA-512:463A9647BFADAA9A3B0B991CFAE7B6441159830564DEDADEC328DE328FD5DD1381FDC0774136F6E6EB560B80E80A30B3478B1EE6D88BA4E6CCEE3515EB020070
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:2
                                                                                                                                                                                                                        Preview:......].qG..wh...~..X..fh,...\..IF..%....^U..|...|.....(.........T.m....(=+.#g....H....D..m.:t*......oX.Dl..^A.x)<Z...3.k.e.M..s....q.X .#....I..m%..q..GHn...Q....jl.U.E^...g+<v.;..M8`D....:@.q.fz.|.....q...&../.*...)..!..WZ....f..v..v..Q......?....d...t..3.....Q.H|..=..".ux.,...hV.b..l.... ...w"..h.......QG..$Z..?...O.A........~2....xE..C..&}.$..g..a!.ySr<..5I....B/"......m4.}.^..~.B:Q.sgPH....W<_Gg.....mQ.L.a..5..........V..u.E.Xc.).jL.&F.4..OE9T..".I..kZ...S..M..n..j|........o.......K#4...Prdd.J.....4.......o.y4..P.~.;...-!.....W..j.+.I..e.-..+..%XC.X.N..c...A..g...w=...Y.:..O.......P..R.6..n.....&.......%....W.=..i..\..v..b.h`.f....h..ke..6.m..7.*..$..%.xdb...(.C...z}9x.*S....8.b..F.9.~..@z;e;=..d..7C..^A......IN...l....B....jT.I..#[?.u..].R.z...{au...]z...0....C...0..;:.......y...]..M.bt..#7E'......_T.6..f)c'..Z.....5]6?Eb.Q[...T.0.~.v.*CY6..p.FTx......#......Y..*vB....^^..!.h-.yK.q.WVl-....g.M.....>.cDF....=.YK.*}..............2...q9UV

                                                                                                                                                                                                                        Chrome Cache Entry: 371

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 716 x 110, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):9809
                                                                                                                                                                                                                        Entropy (8bit):7.954559967359701
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:XRrl09geCFh4JwyxrwThpjMARIE9ZNIXF/Qe/jrj:B0C/TbhpjLRxWdR/jrj
                                                                                                                                                                                                                        MD5:5AF07979C5CDF3FB896B467640D3ABA0
                                                                                                                                                                                                                        SHA1:64EB66EFBBC890C5D8AC6FC43325624AC73E576A
                                                                                                                                                                                                                        SHA-256:0F1692A7F73D039DCB6703ED915D094E5C6E88EB1E01770AD1927C0B5F21CE52
                                                                                                                                                                                                                        SHA-512:DCDC5E65035AE596508800DFA53D256EC2C087694B2F5E9258C61BB40DE741039B062359E7C1952A38FC31C61F608CC01F80F1CDDBB26AE3B1FB6168B63F86C5
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/brand-text.561ce6a3.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR.......n.....3.E.....pHYs...%...%.IR$....eiCCPDisplay P3..x.u..K.P..O.R.:....2.C...vqh+.E0T..S.~.m|$)Rq.W)..X.Yp..Tpqp.D...:).hx.T."....8.s.\..P.+..(.L....{...S.f...,.........O.YM.v..O\....v..S..]......A.......m...%.1h).......;..d...X..j..I,.;.|...e......W....Q.a.&..PQ.......?.-rW`P...,.DI......a.2q.A.s.~....mm...mp./..B.8......x....n.L5TG...r...0....(.a..!w{...{..c....v..#......+...!.6..$.IDATx.._r.....x....`D.*..V...`...X.a....YA..F...v...b.7.....{>..k.m.i.l.....C"..N...w~.@.,......?....?...a0...?.>.B"s..C.c.}.....c...p8.x...w}|===..........':n.......8=..^.-ONN...w.....c}.x...+.S..8.5<}....Y..'=..G.]\\..ey&.. .....>m.#..._....NT....ITt,a.e..........C=.&..~..r._.l.@G.....w.....e.....8.w.w...^...4.or}..!..g<....K.8...z........z.09.L..5.W.g.i}..`z2Qb0MH5....d......<.d.L..f~3..fuo>.=zs{._>.`y.....K^...^8.z5.........I2@....,p.....O s...| ..3I.'+~6...b...f'i.$O..97l;9I.....t...Gz...J..<6......N.Q.1..N.V$...'d.3I4..H.......L.U.B.

                                                                                                                                                                                                                        Chrome Cache Entry: 372

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):1048576
                                                                                                                                                                                                                        Entropy (8bit):7.999828186902826
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:24576:dvxJLvcxZx7gPsab4SVsWLCMy/CNQ5d/QazZ/Ypfwk+hP3RTiEi:d3LvuAbvVshxT//QazlY2JhVi
                                                                                                                                                                                                                        MD5:AE433125012A26AFE467EAA637304DA9
                                                                                                                                                                                                                        SHA1:FA332FDCF56308FF93ACFA50E4B245F2C65CF297
                                                                                                                                                                                                                        SHA-256:0506D44EB8890E0A78692DACD3BE1710C04153182119E6D2CEB20CEE6A53524B
                                                                                                                                                                                                                        SHA-512:BB2946DCE39CC498804B29A5306DE8279A4FA1792114EC110BCB62C99DFB61DAD3F0DF0D2871C867244ED5FA83BF1B696BE8B54CAC1390CB76C9564A60A268FB
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:11
                                                                                                                                                                                                                        Preview:M!m&.~..Z..^.@Dk)Q..y..~.^.).P..@4;...Z... .........z.f.|.vcy*<.Nw..'....~=g.].......WX..pg..#. .m/..fkh.?^.3.R..G-...|o.d.),..a.."..<.?....( O.....}.a,.X.HV.tNrK.^y)..K$.\M..0A..mu..."K....V.>...b.6...t.....cO..t.....f.......;.YI.>tp..J..7.....!11o.kYQ../..($.|.Og'.S...>._4n....l.S..H.5..L.sT..;2.....-..c2.)L&z.../..V....}a.4X.C.....:i..`..""...m......[TZ..._.D..<e.G.)%^g+U.d.(...#.."}2_..]T3K...).l....b.'.#"r.y.".1.....dI!.q..20...q.o....u.......>.7.2"."..#!.3....`...e.e.#.......j..T.[..*..aq..\...g.K...q...K........K.PO.1.eM.......A.Y.f...1..My^.,y....%..t..........C..,..`\2t.E.sv..1..C..<........lS.4.......V..;r8 ..-YD.@...'XQ....B.DS4Vc.......>t...RY.#....#.a....f.".........]..X_....?E_P.H)iT.b.."^xGy.Z.b..N..5].9....|.....R.2X..WW....9.[..R....["..V=..e.."...aM.1.....|..n...>. t...1...W...E..NB.!...G....p....}...|.....5..y3YY.2.P..c..y...].]...2...=_..U......Il...V.GZ...wXh....9..^..V...W..k... .Sl..l...'..=...Rg...>..V.o..d...

                                                                                                                                                                                                                        Chrome Cache Entry: 373

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:OpenPGP Public Key
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):936386
                                                                                                                                                                                                                        Entropy (8bit):7.944224969502524
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24576:2l6QcjVh9UQsjuZTCnsKWt5zcidQLsj/Hhil:W6QQxsj7WttdOsj/Hho
                                                                                                                                                                                                                        MD5:B9A90252ABBDFBFD9369C2B2BD2BB27B
                                                                                                                                                                                                                        SHA1:D27B1C624ECEAFC943264BA15631E952823C93B3
                                                                                                                                                                                                                        SHA-256:28324A20CC92E3EDAA4A0059824D9BF6353EAF8376961145391D439186CF96DE
                                                                                                                                                                                                                        SHA-512:3F6785F8F0D3075030C7558D7C1D88D0B75C9C3433DF1BDCBA92EA5B55C48B16E3107161EF27239C0014F174554FDB55B4B8A703613006280F45B0C69B991D3E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://static-res.qq.com/web/im.qq.com/qq9-introduction.mp4:2f7012f3bf7788:16
                                                                                                                                                                                                                        Preview:....a.3...C|.U...V^...!1.....6...X.E..i..N....HmH|....b..EZN.....I.....8.&..".m..Bh..^z..............6=.$..~..X/..M..7.....B.]..6..W.+....QX9j...{...*.R;..?5p.Y..@.B......4.....C.x.O....:k..x.........,*zR.y......3.......^Yf.O...I.q.-.[q..*..8!-........s.S...E..[.1..WzS..s..*...h.j t..e..u....t-...k7..;+q.....|...C.|.Zo .T<NDH.gi........,.SN..*Ucv....)8.^.sc....]..6.'8+t~>.m..^._l\|*D...^in.s....T..]X.ll..?...eO1.5zy.-..'.r...P...<..O....t...b.-...o......&<.$.U...Q..c...f..;......~.9R.$........I.....&.,.jDs./.qB.y..8...2s..uQq.............k.1.rI@J..L.a.cfN?..l...F..*...}.L...J...).@>...........I^.%..[...G.M...=^H{.L:B..XQ%Vs..dF..0..I^......V...C.B.l.z......4R.d.H..U....(...YJ/=g...;.....?.a}=E.z...%..;]<..K........O/..=.i.....u\.....2YOy....w.o...}..5.........+..}...G..\...])...w....>H*.K.%.....s..PV...\..q~s8.U...Y..s.3K..5..:..., .x....S.gAl..c/..N....Ri.g..\.....m.),......3.p..Y....Y..E.jZ'.{6.v~=.)........2O...x.lYQf\.....OY.p../.

                                                                                                                                                                                                                        Chrome Cache Entry: 374

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 1570 x 1235, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):199208
                                                                                                                                                                                                                        Entropy (8bit):7.949718808846237
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3072:4CthhIhWl9r9cvgKicJH4ptsidifbavD1WZSycptum71/RkZxTQVSzaMbiaU:zthPRBk2TEf2L1Hyutjixc6aMY
                                                                                                                                                                                                                        MD5:98E298488EA8B5C55A4A16734393D65E
                                                                                                                                                                                                                        SHA1:9024EA8F496CD2AD0EA1555A0EFA908F02BEA544
                                                                                                                                                                                                                        SHA-256:5510987BB85305D341050282B4093B29BDB440A1DE11C976D52A2EDB668617F9
                                                                                                                                                                                                                        SHA-512:07CFAEB80F404E4281B1AECCC90A648F282D9381636A61E80C689F3CF8173381402FB1D926E4E94BC917B6833F3462539E8C9D47D7BB05D5E5877907FC239F18
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR..."................PLTE...........)...........................................................................................................................................................................................................................................................................................................................................................................................................................................................74-...)%....JC4.....vOLH....n....ygwpa.........ogY...YY[...[UFihkf_Q?>@...vvy-..........~....................X..............{....................?%.....zF...y.......wo..q.......`....\[q#......L.w~uD=.......V..I$X.......db..>Fg.q\......v....xx..k.W...."[.q........U...E....1..*...."tRNS................_.ierya.......1..a......IDATx............................................f........._.AUUUUUUUUUUUUUU.=8$......../L..........1c...(.n.>..B..J.,....kK...o.0 J.f...

                                                                                                                                                                                                                        Chrome Cache Entry: 375

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:MS Windows icon resource - 1 icon, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):25393
                                                                                                                                                                                                                        Entropy (8bit):7.975344734008277
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:ms8YWEWWhxpiYIUvVNubHSTtMxmY1m8r3cVdnjjbeqRRI73POG8opzphDLupurpz:4op/H0H1x5micrvRRI7oaDLupkSk
                                                                                                                                                                                                                        MD5:83E8B2F0F282E271EB9216F227EA0D54
                                                                                                                                                                                                                        SHA1:5590E817B200BF2E27503E6C0F629F3722108E93
                                                                                                                                                                                                                        SHA-256:9B1D79EA17F15878654FA4AF07696CA1D02E61C398196F26729F7ED785A080DC
                                                                                                                                                                                                                        SHA-512:E796455CD041114B10BEE215224BEA29EBF673DDE5609DAAFDF74449A67F2CB9CA0085EBA26514A6851923C19677736A8FFD8FD7FA3A54DAD365E3E9B258C618
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn//im.qq.com_new/7bce6d6d/asset/favicon.ico
                                                                                                                                                                                                                        Preview:............ ..c.......PNG........IHDR.............\r.f..b.IDATx..Io.....;..w.II.T.l.}.^..f.]..l.......0<0P....#..B..=*....p...w..R*.T.....mDl.V.8.).J.<$...O......._.#G..9r..#G..9r..#G..9r..#G..9r..#G..9r..#G..9r..#G..9r.Xl....9>.u..M}d..s{..l2.'...}...Z..../..0.......R....p.._c...Ev.c...[.....If...4.X.[.........P..@.X.....C%..A.V..9V...g.z....C..t..A.. ~....>h9....n....tE..]........T.b..2[.T....q..`._...6.7+.}..8.o..c...".FH#.?+.YdM......n..T..J^DV.*.@..&..o..u.x...........`.....N.Y...!1....d..q..9.....f.!B[..&../#+.J.X.....W....~.G.....E...D.......V3....c}>$..p.l...r..k...\..>X.5.........z..<.6.B(...].OF.NF..ge?."..c?..C/..|$ @H.j.....w.a...:.....I.........>.._G..U...n........]..r.D.`[_A.!.:..c.1...Y..mb..H.B.f.&...A..A*.....M_%u.5..)........?B.......m...v..#.8r..5#....6.g..7._.O."X..+..........i....0..U......5...n..3B.$....9.\..._B.....>......D.....e<...E.<...S..#..h...|."...,.b..n..#j....[....C..1...... ..,..;K....!..!..9x..5..A.Y.E..+..

                                                                                                                                                                                                                        Chrome Cache Entry: 376

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 121 x 121, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):9080
                                                                                                                                                                                                                        Entropy (8bit):7.97339212610903
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:saDQLp60sEUE14XW4ExN7SMZ3G5naQaf6r2j9L6/JdrBPJ35x:stz4G4ExwS3G5nK6r2xcdrBPJJx
                                                                                                                                                                                                                        MD5:CCDBDFB8D84B291EDB24946BE9957719
                                                                                                                                                                                                                        SHA1:27DB831377AAFFA4FA6FF912BFD23F28B5D068D1
                                                                                                                                                                                                                        SHA-256:F75DBB19DB6774F7246351423A6ED594271D5A5BED4436DB59407B2A2A7DFA5F
                                                                                                                                                                                                                        SHA-512:3C58717534262F153C943FDE25C26AB6727919CFBCE0DD76BDCD3173303D8A9015E53072A53EC49B6568F6C74EBD0DE7EE385235C55041D744A1D7DF5C30E9C8
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR...y...y.....*$~{....PLTE.............TD........Z.....{.................S.. ................lK +1..S.... &.........rM..z....lJ1>F..$..............!.~S....%+.......#*_kr....b.....S.....#.....~............-8@..t.oK...|..Udm..!.....b..X.ZH..............!.........@NV..$.........>KS......Xgp&07....:B0<E...-8@. 'Q`iUcmCPYVeo.........2?H-6=.............)0Sbk...Yhr...[is...ES\9FN*28!,3......N\f*5>P^g......LZd4AJHV_...]kul{.)3;........JWa#.5....&-fu..$+.")...bqz<IQ6CL......^mw...LYbds};GP......HT\...r..&1:hw.o~..fH......v..jx...........x.................anw....lI.......EOU.pJ...............MD...|........_G........M.XE......xP....g.vJ..|.~T..a..Y.....s..n..[..W.....f..`.....w.....i...ku{....S.........[Am:0.nG\D7.E6......P<:0-S,'.......e.V{p[.zP.dD.D6.}.r..j..Z.{KaD.....HtRNS.1..76....3..4....7....V..:&.........~of`T@76....w<+......w......=.aA.....IDATh...O*W..M........}.%i.i.>..}.C_<..d....(.Z...h.......0.D....r.H.&....7...!.......f.%..|k....}F..K/...[.

                                                                                                                                                                                                                        Chrome Cache Entry: 377

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 467 x 537, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):81200
                                                                                                                                                                                                                        Entropy (8bit):7.967787281945485
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:ymecUzyL/bOg1mo75pToXnb4Iaks5WEQrOL2OP9oUgTs46o4:ymecUzGSg0oIIJQmP9ATs469
                                                                                                                                                                                                                        MD5:09E326456A0BE10523FF5DE020282745
                                                                                                                                                                                                                        SHA1:58CA5B81684C13BCCE4CF9FCCE40F5DF7993EF64
                                                                                                                                                                                                                        SHA-256:11B17AB71623BAD8C73AC2D714F09A517DA83A57C47D7AD1CA191814D17C8FE1
                                                                                                                                                                                                                        SHA-512:CB4F28659B515D6C7DF3596CE4E5AAB518B24F9445DAC89A9381515955D6764DF6B52DE4D5DB53BFD63AF947EC2547CDABB50E8BA85BAC08517B973A235F16EE
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/room-6.7bfb07b7.png
                                                                                                                                                                                                                        Preview:.PNG........IHDR..............%.....PLTE..............z{{..........................n.g8..rh...s7o...h9.d7.j>....o>.m?.rD.p3.r@...J...y:.j;P.....L.m=b....w...x6.m2....d6.l9.|<.xI.......uC.w>.|A.W....pDP~.....`5..QI{...>.z..uK..]5...s.Y.t4._Qp.u6.T-v..Dz..{R...~.....a.}O.........F..........d.i.m..i....:....y4..{=KE`.sL.}H..X^B7.[1.P.kZ..r...X.^....eZy..b..`.b<.v...r.q-{...L.hTq.T....|...II..}Doo.D,...^.|.kEL{u..kl8*s.zT3+h......|Y...S.z{..@v..A.F87.W3.........p`{.7%.[W.t......>+.M.........B.<:j.p..WLg...[.j..r2_..|.ma.yJ9....w.b?..pBbd..3Pyc.VIc..Sg^.FG.d-..|....Z....1.y....7($~j....m."..w..fnz^..Mt.:..|..r............zj..p......d.}...M.rM.....b...kh~]Ud[F.....k.^D.......ra......N.tf.V.....Y.m<`.)...PRt....=o...qh......u...7...tb....f+w{....tRNS....U9.w..o...@../..9.IDATx...j"g....nI.....Z!a"..l.0B.h...Q.("1......x.......W.3o.x'..>...d&....MR.g......|..o....................Z...T..Z..|.4...@2...O^......:T...O.&

                                                                                                                                                                                                                        Chrome Cache Entry: 378

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:PNG image data, 183 x 183, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8642
                                                                                                                                                                                                                        Entropy (8bit):7.952672161123514
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:OrERR6bZLvG4vapsqAXnvOOq3I1kTxXS9q3eBJV:MERR6bxfip/AXnvDl1kFXS9quBv
                                                                                                                                                                                                                        MD5:2084BBD39F76B48EE1F28B841151E2FA
                                                                                                                                                                                                                        SHA1:F669FD2C8219FF8A9D1035CA9B89524AF3FB55AC
                                                                                                                                                                                                                        SHA-256:ECD9602F5FE036A031A7FAC1C9D862B3873F9EA20A7D8E93234BBDCE7835CFAA
                                                                                                                                                                                                                        SHA-512:1A9DE8A43A438D08FB9B907DA8985B14C83D7A9AD9BBA606E10B6641ED65C349D34A99E4CF11E3506ED33B68EE5AC0428B8A83FBEE7D5B1EF2D8EA3B84909309
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview:.PNG........IHDR.............g.?.....PLTE....m.o.v.t.p.x.w.n..}.u.x.|..~.r.u....x...v.v.y...{.x.t.....}.{.z.{.u..}....v.......t.u.k.s....v.v..|.z.w....t.y.v..t.|......}..}.m.t.s.r.h..|.q.k.w.n.l.u.x.k.h.j.f.{.p.o.n.z.u.y.o.i.p.q....v.l....w....f....j....p.............n.......{.r..}.......z.q.u..........................~.r.y.t.x.q...z.t....~.l.x.p........r.....m.....{..}.|...........x....e...............................t............x..........o.z.x.....9tRNS...... ....@0o.`?...............^@...o....^...P....O.PQ......(IDATx...k.p..........."..S..$-.M....i...R....... ..A...>..............y...Zk...Zk....s.......-Z......'{7w.T.....m'.F.V.j..N..I.Zt...\S...~.,.V}.f.Q.^..N..\|}.w..w^...y>..,.<=..c{b....t.-.._...l.y.a.Y.;....9..E....=..V.n...?.F...O.,r..h.LM....t..z.m.......u..&..3@..fj..4M....0`..y.}l.........k.)....^...zf.....#-....^..0.$.Z.=.r.o.

                                                                                                                                                                                                                        Chrome Cache Entry: 379

                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                        Category:downloaded
                                                                                                                                                                                                                        Size (bytes):89643
                                                                                                                                                                                                                        Entropy (8bit):6.030337767772358
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:768:IrYEHb2SrYEHXpmxvQKyKOVrZo3iWUFqMOe2eaU/V4OUr4py+Vjfrt8:ZEHbUEHXwoKyK+Zo3PVMOeSCVi8pj9R8
                                                                                                                                                                                                                        MD5:9B140CBB73BEDE16E621430F63A402A5
                                                                                                                                                                                                                        SHA1:2283465C1526432666810701F3348AC2B2973E27
                                                                                                                                                                                                                        SHA-256:3D88D8DDE9DB5F8E688B90856A5186E901C30AA82D6D7202805F1B7BC0C0E1B8
                                                                                                                                                                                                                        SHA-512:78325BCB7350ECE22A92A2621637B249E294CD848FFFB4D6C7390803635FAC9E21B99D8828DABE2F5F5E2754236D6608C10DEE3DC6D3E74568A8F2C149FB6083
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        URL:https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/mobile.c220a045.css
                                                                                                                                                                                                                        Preview:.header{position:relative;height:.76rem;z-index:1000;border-bottom:.01rem solid rgba(0,0,0,.1)}.header__logo{margin:.2rem auto;width:.675rem;height:.36rem;background-size:100% auto;background-repeat:no-repeat;background-position:50%;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIcAAABICAYAAADcWeZrAAAACXBIWXMAAAsTAAALEwEAmpwYAAABZWlDQ1BEaXNwbGF5IFAzAAB4nHWQvUvDUBTFT6tS0DqIDh0cMolD1NIKdnFoKxRFMFQFq1OafgltfCQpUnETVyn4H1jBWXCwiFRwcXAQRAcR3Zw6KbhoeN6XVNoi3sfl/Ticc7lcwBtQGSv2AijplpFMxKS11Lrke4OHnlOqZrKooiwK/v276/PR9d5PiFlNu3YQ2U9cl84ul3aeAlN//V3Vn8maGv3f1EGNGRbgkYmVbYsJ3iUeMWgp4qrgvMvHgtMunzuelWSc+JZY0gpqhrhJLKc79HwHl4plrbWD2N6f1VeXxRzqUcxhEyYYilBRgQQF4X/8044/ji1yV2BQLo8CLMpESRETssTz0KFhEjJxCEHqkLhz634PrfvJbW3vFZhtcM4v2tpCAzidoZPV29p4BBgaAG7qTDVUR+qh9uZywPsJMJgChu8os2HmwiF3e38M6Hvh/GMM8B0CdpXzryPO7RqFn4Er/QfBIQM2AAAKMUlEQVR4Ae2cT2wcVx3Hv7vrjY3T2lukFqQkzcuhIaUBb4QUVKkiU4mKS6lcEGouyFMQUg6Nkt4qleK1OCGB7NALqCBv4VjRTRHiyG6CWgQc7CLDgctO6l5wJbymKf67+/p+uzvb2Zk3//+snb6P9NPab2be

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Entropy (8bit):7.747077195660834
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                        File name:SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        File size:475'136 bytes
                                                                                                                                                                                                                        MD5:095cb2ef9c61816f0f00562532b04e54
                                                                                                                                                                                                                        SHA1:e111d19f0e798ac0fcf06ef6047bc1139a44c045
                                                                                                                                                                                                                        SHA256:79ca78f685ac8f3b6ca6d8edbbfd0227a171ebd7b461d1ab993b240c45b759a3
                                                                                                                                                                                                                        SHA512:7213fd6dce6e4c2bcf63365fb5a2f0dbc3fe8691c019fe97b7239b95013d023ad04f96a7e88206ee993ef2ac4bf1907ba0be9eac71a3ed4f119de6eb88f30e27
                                                                                                                                                                                                                        SSDEEP:6144:y3ZjaO4wqsrSTxB4lilPycdeYe8QBcHOwbC/ynhyn4sV0OAHnzqCawX6IWmsHL:2DlLrS0lOcFcE/yYVApaJmsHL
                                                                                                                                                                                                                        TLSH:1FA42373B6568CAACC4507B44867360DBDB0B79C0C2BAB3D99147A2E797FB009D2C752
                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........I.L.'.L.'.L.'.7.+.O.'...).g.'...4.a.'.L.&.&.'...4.U.'.z.-...'.z.,.?.'...,...'.L.'.'.'...!.M.'.RichL.'.................PE..L..

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:0f03939b133345c7

                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Entrypoint:0x566725
                                                                                                                                                                                                                        Entrypoint Section:.vmp1
                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                        DLL Characteristics:
                                                                                                                                                                                                                        Time Stamp:0x51BE8D26 [Mon Jun 17 04:14:30 2013 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                        Import Hash:96b7cbed03b40abd591879b047572968

                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        push 021523BCh
                                                                                                                                                                                                                        call 00007F68593EF214h
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        dec ecx
                                                                                                                                                                                                                        outsb
                                                                                                                                                                                                                        jbe 00007F68593DE2D3h
                                                                                                                                                                                                                        insb
                                                                                                                                                                                                                        imul esp, dword ptr [ecx+74h], 63655265h
                                                                                                                                                                                                                        je 00007F68593DE272h
                                                                                                                                                                                                                        mov esi, dword ptr [esp+40h]
                                                                                                                                                                                                                        mov byte ptr [esp+04h], 0000007Dh
                                                                                                                                                                                                                        mov word ptr [esp], cx
                                                                                                                                                                                                                        push 2AA269EDh
                                                                                                                                                                                                                        lea esp, dword ptr [esp+48h]
                                                                                                                                                                                                                        jmp 00007F68593DD84Eh
                                                                                                                                                                                                                        repne scasb
                                                                                                                                                                                                                        push esi
                                                                                                                                                                                                                        mov word ptr [esp+04h], 441Fh
                                                                                                                                                                                                                        mov word ptr [esp+08h], bp
                                                                                                                                                                                                                        lea esp, dword ptr [esp+0Ch]
                                                                                                                                                                                                                        jne 00007F68593DE18Eh
                                                                                                                                                                                                                        lea ecx, dword ptr [edi+3C7653D1h]
                                                                                                                                                                                                                        mov ecx, edi
                                                                                                                                                                                                                        pushad
                                                                                                                                                                                                                        push 1346F000h
                                                                                                                                                                                                                        lea esp, dword ptr [esp+24h]
                                                                                                                                                                                                                        jmp 00007F68593DFA02h
                                                                                                                                                                                                                        bt sp, bx
                                                                                                                                                                                                                        push 0B531FF6h
                                                                                                                                                                                                                        bt sp, 0003h
                                                                                                                                                                                                                        test dh, ah
                                                                                                                                                                                                                        sub al, 30h
                                                                                                                                                                                                                        test cl, FFFFFFEEh
                                                                                                                                                                                                                        cmp al, 09h
                                                                                                                                                                                                                        mov byte ptr [esp], dh
                                                                                                                                                                                                                        push CEE01D1Eh
                                                                                                                                                                                                                        pushfd
                                                                                                                                                                                                                        push 3FD5E28Bh
                                                                                                                                                                                                                        lea esp, dword ptr [esp+10h]
                                                                                                                                                                                                                        ja 00007F68593E2CE0h
                                                                                                                                                                                                                        pushfd
                                                                                                                                                                                                                        imul edx, edx, 0000000Ah
                                                                                                                                                                                                                        bt sp, bp
                                                                                                                                                                                                                        add edx, eax
                                                                                                                                                                                                                        push 862371C2h
                                                                                                                                                                                                                        lea esp, dword ptr [esp+08h]
                                                                                                                                                                                                                        jmp 00007F68593DF76Dh
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        inc ebx
                                                                                                                                                                                                                        jc 00007F68593DE2D7h
                                                                                                                                                                                                                        popad
                                                                                                                                                                                                                        je 00007F68593DE2D7h
                                                                                                                                                                                                                        push edx
                                                                                                                                                                                                                        outsd
                                                                                                                                                                                                                        jne 00007F68593DE2E0h
                                                                                                                                                                                                                        push edx
                                                                                                                                                                                                                        arpl word ptr [edx+edx*2+67h], si
                                                                                                                                                                                                                        outsb
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax+eax+00h], al

                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                        • [ C ] VS98 (6.0) SP6 build 8804
                                                                                                                                                                                                                        • [C++] VS98 (6.0) SP6 build 8804
                                                                                                                                                                                                                        • [C++] VS98 (6.0) build 8168
                                                                                                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x15df680xc50.vmp1
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x165fc30x168.vmp1
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xfe0000x9070.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x1790000x8c.reloc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x164d1b0x20.vmp1
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x15ee9c0x7d4.vmp1
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x10000xa4ed70x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rdata0xa60000x198b80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .data0xc00000x3d0680x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .rsrc0xfe0000x90700x6000abd17a75dcf2ec6934522c09f9150255False0.3837483723958333data4.084785112794822IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .vmp00x1080000x40340x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .tls0x10d0000x180x1000620f0b67a91f7f74151bc5be745b7110False0.00634765625data0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .vmp10x10e0000x6aebb0x6b00081fd9dabfb11e36bee1d95a61f5f0cccFalse0.9779018509053738data7.923481993036869IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                        .reloc0x1790000x8c0x1000d929c1c6b248188903eadeaf00ed4ae0False0.03564453125GLS_BINARY_LSB_FIRST0.2533682132266879IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                        TEXTINCLUDE0x1034980xbdataChineseChina1.0
                                                                                                                                                                                                                        TEXTINCLUDE0x1034a40x16dataChineseChina0.5
                                                                                                                                                                                                                        TEXTINCLUDE0x1034bc0x151dataChineseChina0.03857566765578635
                                                                                                                                                                                                                        RT_CURSOR0x1036100x134dataChineseChina0.04220779220779221
                                                                                                                                                                                                                        RT_CURSOR0x1037440x134dataChineseChina0.04220779220779221
                                                                                                                                                                                                                        RT_CURSOR0x1038780x134dataChineseChina0.04220779220779221
                                                                                                                                                                                                                        RT_CURSOR0x1039ac0xb4dataChineseChina0.06666666666666667
                                                                                                                                                                                                                        RT_BITMAP0x103a600x16cdataChineseChina0.03571428571428571
                                                                                                                                                                                                                        RT_BITMAP0x103bcc0x248dataChineseChina0.025684931506849314
                                                                                                                                                                                                                        RT_BITMAP0x103e140x144dataChineseChina0.040123456790123455
                                                                                                                                                                                                                        RT_BITMAP0x103f580x158dataChineseChina0.07142857142857142
                                                                                                                                                                                                                        RT_BITMAP0x1040b00x158emptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x1042080x158emptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x1043600x158emptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x1044b80x158emptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x1046100x158emptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x1047680x158emptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x1048c00x158emptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x104a180x5e4emptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x104ffc0xb8emptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x1050b40x16cemptyChineseChina0
                                                                                                                                                                                                                        RT_BITMAP0x1052200x144emptyChineseChina0
                                                                                                                                                                                                                        RT_ICON0xfebac0x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640ChineseChina0.26344086021505375
                                                                                                                                                                                                                        RT_ICON0xfee940x128Device independent bitmap graphic, 16 x 32 x 4, image size 192ChineseChina0.41216216216216217
                                                                                                                                                                                                                        RT_ICON0xfefbc0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.4602031176192726
                                                                                                                                                                                                                        RT_MENU0x1053640xcemptyChineseChina0
                                                                                                                                                                                                                        RT_MENU0x1053700x284emptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x1055f40x98emptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x10568c0x17aemptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x1058080xfaemptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x1059040xeaemptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x1059f00x8aeemptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x1062a00xb2emptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x1063540xccemptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x1064200xb2emptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x1064d40xe2emptyChineseChina0
                                                                                                                                                                                                                        RT_DIALOG0x1065b80x18cemptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x1067440x50emptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x1067940x2cemptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x1067c00x78emptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x1068380x1c4emptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x1069fc0x12aemptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x106b280x146emptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x106c700x40emptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x106cb00x64emptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x106d140x1d8emptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x106eec0x114emptyChineseChina0
                                                                                                                                                                                                                        RT_STRING0x1070000x24emptyChineseChina0
                                                                                                                                                                                                                        RT_GROUP_CURSOR0x1070240x14emptyChineseChina0
                                                                                                                                                                                                                        RT_GROUP_CURSOR0x1070380x14emptyChineseChina0
                                                                                                                                                                                                                        RT_GROUP_CURSOR0x10704c0x22emptyChineseChina0
                                                                                                                                                                                                                        RT_GROUP_ICON0x1031e40x14data1.25
                                                                                                                                                                                                                        RT_GROUP_ICON0x1031f80x14dataChineseChina1.2
                                                                                                                                                                                                                        RT_GROUP_ICON0x10320c0x14dataChineseChina1.25
                                                                                                                                                                                                                        RT_VERSION0x1032200x278dataChineseChina0.4873417721518987

                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        RASAPI32.dllRasHangUpA, RasGetConnectStatusA
                                                                                                                                                                                                                        KERNEL32.dllGetModuleHandleA, GetVolumeInformationA, SetCurrentDirectoryA, GetFileAttributesA, FindClose, FindFirstFileA, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, GetCurrentProcess, DuplicateHandle, lstrcpynA, IsBadCodePtr, IsBadReadPtr, CompareStringW, CompareStringA, SetUnhandledExceptionFilter, GetStringTypeW, GetStringTypeA, IsBadWritePtr, VirtualAlloc, LCMapStringW, LCMapStringA, SetEnvironmentVariableA, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetFileType, SetStdHandle, GetACP, HeapSize, SetLastError, GetTimeZoneInformation, FileTimeToSystemTime, CreateSemaphoreA, ResumeThread, ReleaseSemaphore, EnterCriticalSection, LeaveCriticalSection, GetProfileStringA, WriteFile, ReadFile, GetLastError, WaitForMultipleObjects, CreateFileA, SetEvent, FindResourceA, LoadResource, LockResource, GetModuleFileNameA, GetCurrentThreadId, ExitProcess, GlobalSize, GlobalFree, DeleteCriticalSection, InitializeCriticalSection, lstrcatA, WinExec, lstrcpyA, FindNextFileA, GlobalReAlloc, HeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetUserDefaultLCID, GetFullPathNameA, FreeLibrary, LoadLibraryA, lstrlenA, lstrlenW, GetVersionExA, WritePrivateProfileStringA, CreateThread, CreateEventA, Sleep, GlobalAlloc, GlobalLock, GetProcAddress, TerminateProcess, GetLocalTime, GetSystemTime, RaiseException, RtlUnwind, GetStartupInfoA, GetOEMCP, GetCPInfo, GetProcessVersion, SetErrorMode, GlobalFlags, GetCurrentThread, GetFileTime, GetFileSize, TlsGetValue, LocalReAlloc, TlsSetValue, TlsFree, GlobalHandle, TlsAlloc, MulDiv, GetCommandLineA, GetTickCount, CreateProcessA, WaitForSingleObject, CloseHandle, FileTimeToLocalFileTime, FormatMessageA, LocalAlloc, lstrcmpA, GetVersion, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpiA, GetThreadLocale, LocalFree, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, GlobalUnlock, InterlockedIncrement
                                                                                                                                                                                                                        USER32.dllSetClipboardData, EmptyClipboard, GetSystemMetrics, GetCursorPos, MessageBoxA, MessageBeep, SetWindowPos, SendMessageA, DestroyCursor, SetParent, IsWindow, PostMessageA, GetTopWindow, GetParent, GetFocus, GetClientRect, InvalidateRect, ValidateRect, UpdateWindow, OpenClipboard, GetClipboardData, CloseClipboard, EqualRect, GetWindowRect, SetForegroundWindow, DestroyMenu, IsChild, ReleaseDC, IsRectEmpty, wsprintfA, GetDC, SetCursor, LoadCursorA, SetCursorPos, SetActiveWindow, GetSysColor, SetWindowLongA, GetWindowLongA, RedrawWindow, EnableWindow, IsWindowVisible, OffsetRect, PtInRect, DestroyIcon, IntersectRect, SetRect, InflateRect, SetScrollPos, SetScrollRange, GetScrollRange, SetCapture, GetCapture, ReleaseCapture, SetTimer, KillTimer, WinHelpA, LoadBitmapA, CopyRect, ChildWindowFromPointEx, ScreenToClient, GetMessagePos, SetWindowRgn, DestroyAcceleratorTable, GetWindow, GetActiveWindow, SetFocus, IsIconic, WaitForInputIdle, FillRect, SetPropA, PeekMessageA, SetMenu, GetMenu, DefWindowProcA, GetClassInfoA, DeleteMenu, GetSystemMenu, PostThreadMessageA, GetNextDlgGroupItem, GetSysColorBrush, LoadStringA, MapDialogRect, SetWindowContextHelpId, CharNextA, GetDesktopWindow, GetClassNameA, GetMenuCheckMarkDimensions, GetMenuState, SetMenuItemBitmaps, CheckMenuItem, MoveWindow, SetWindowTextA, SystemParametersInfoA, TranslateMessage, LoadIconA, DrawFrameControl, DrawEdge, DrawFocusRect, WindowFromPoint, GetMessageA, DispatchMessageA, SetRectEmpty, RegisterClipboardFormatA, CreateIconFromResourceEx, CreateIconFromResource, DrawIconEx, CreatePopupMenu, AppendMenuA, ModifyMenuA, CreateMenu, CreateAcceleratorTableA, GetDlgCtrlID, GetSubMenu, EnableMenuItem, ClientToScreen, EnumDisplaySettingsA, LoadImageA, ShowWindow, IsWindowEnabled, TranslateAcceleratorA, GetKeyState, CopyAcceleratorTableA, PostQuitMessage, IsZoomed, GetWindowTextA, GetWindowTextLengthA, CharUpperA, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, GetDlgItem, DestroyWindow, CreateDialogIndirectParamA, EndDialog, GetNextDlgTabItem, GetWindowPlacement, RegisterWindowMessageA, GetForegroundWindow, GetLastActivePopup, GetMessageTime, RemovePropA, CallWindowProcA, GetPropA, UnhookWindowsHookEx, UnregisterClassA, GetClassLongA, CallNextHookEx, SetWindowsHookExA, CreateWindowExA, GetMenuItemID, GetMenuItemCount, RegisterClassA, GetScrollPos, AdjustWindowRectEx, MapWindowPoints, SendDlgItemMessageA, ScrollWindowEx, IsDialogMessageA
                                                                                                                                                                                                                        GDI32.dllSetWindowOrgEx, SetBkColor, CreateRectRgnIndirect, SetStretchBltMode, GetClipRgn, CreatePolygonRgn, SelectClipRgn, DeleteObject, CreateDIBitmap, GetSystemPaletteEntries, CreatePalette, StretchBlt, SelectPalette, RealizePalette, GetDIBits, GetWindowExtEx, GetViewportOrgEx, GetWindowOrgEx, BeginPath, EndPath, PathToRegion, CreateEllipticRgn, CreateRoundRectRgn, GetTextColor, GetBkMode, GetBkColor, GetROP2, GetStretchBltMode, GetPolyFillMode, CreateCompatibleBitmap, CreateDCA, CreateBitmap, SelectObject, CreatePen, PatBlt, FillRgn, CreateRectRgn, CombineRgn, CreateSolidBrush, CreateFontIndirectA, GetStockObject, GetObjectA, EndPage, EndDoc, DeleteDC, StartDocA, StartPage, BitBlt, CreateCompatibleDC, Ellipse, Rectangle, LPtoDP, DPtoLP, GetCurrentObject, RoundRect, GetTextExtentPoint32A, GetDeviceCaps, SaveDC, RestoreDC, SetBkMode, SetPolyFillMode, SetROP2, SetTextColor, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, ExcludeClipRect, MoveToEx, LineTo, GetMapMode, GetTextMetricsA, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, GetViewportExtEx, ExtSelectClipRgn
                                                                                                                                                                                                                        WINMM.dllmidiStreamRestart, waveOutUnprepareHeader, waveOutPrepareHeader, waveOutWrite, waveOutPause, waveOutReset, waveOutClose, waveOutGetNumDevs, waveOutOpen, midiOutUnprepareHeader, midiStreamOpen, midiStreamProperty, midiOutPrepareHeader, midiStreamOut, midiStreamStop, midiOutReset, midiStreamClose
                                                                                                                                                                                                                        WINSPOOL.DRVOpenPrinterA, DocumentPropertiesA, ClosePrinter
                                                                                                                                                                                                                        ADVAPI32.dllRegCreateKeyExA, RegCloseKey, RegQueryValueA, RegSetValueExA, RegOpenKeyExA
                                                                                                                                                                                                                        SHELL32.dllShellExecuteA, Shell_NotifyIconA
                                                                                                                                                                                                                        ole32.dllCreateILockBytesOnHGlobal, CoFreeUnusedLibraries, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CoCreateInstance, OleRun, StgCreateDocfileOnILockBytes, CoTaskMemFree, CoTaskMemAlloc, CLSIDFromProgID, CLSIDFromString, OleUninitialize, OleInitialize, StgOpenStorageOnILockBytes, CoGetClassObject
                                                                                                                                                                                                                        OLEAUT32.dllSafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetElement, VariantCopyInd, VariantInit, SysAllocString, SafeArrayCreate, RegisterTypeLib, LHashValOfNameSys, LoadTypeLib, OleCreateFontIndirect, UnRegisterTypeLib, SysFreeString, SafeArrayGetLBound, SafeArrayGetUBound, VariantChangeType, VariantClear, VariantCopy, SafeArrayGetElemsize, SysAllocStringByteLen, VariantTimeToSystemTime, SysAllocStringLen, SysStringLen, SafeArrayGetDim
                                                                                                                                                                                                                        COMCTL32.dllImageList_GetImageCount, ImageList_Destroy, ImageList_SetBkColor, ImageList_Read, ImageList_Duplicate
                                                                                                                                                                                                                        oledlg.dll
                                                                                                                                                                                                                        WS2_32.dllinet_ntoa, recvfrom, ioctlsocket, WSAStartup, getpeername, accept, WSACleanup, select, send, closesocket, WSAAsyncSelect, recv
                                                                                                                                                                                                                        WININET.dllInternetCanonicalizeUrlA, InternetOpenA, InternetCloseHandle, InternetSetOptionA, InternetConnectA, InternetReadFile, HttpQueryInfoA, HttpSendRequestA, HttpOpenRequestA, InternetCrackUrlA
                                                                                                                                                                                                                        comdlg32.dllGetOpenFileNameA, ChooseColorA, GetFileTitleA, GetSaveFileNameA
                                                                                                                                                                                                                        KERNEL32.dllLoadLibraryA, VirtualProtect, GetModuleFileNameA, ExitProcess
                                                                                                                                                                                                                        USER32.dllMessageBoxA

                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                        ChineseChina

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Feb 16, 2024 08:51:04.482359886 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                        Feb 16, 2024 08:51:04.856805086 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                        Feb 16, 2024 08:51:05.278723001 CET49671443192.168.2.7204.79.197.203
                                                                                                                                                                                                                        Feb 16, 2024 08:51:05.606806040 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                        Feb 16, 2024 08:51:07.106823921 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                        Feb 16, 2024 08:51:07.778669119 CET49675443192.168.2.7104.98.116.138
                                                                                                                                                                                                                        Feb 16, 2024 08:51:07.778687954 CET49674443192.168.2.7104.98.116.138
                                                                                                                                                                                                                        Feb 16, 2024 08:51:07.966552019 CET49672443192.168.2.7104.98.116.138
                                                                                                                                                                                                                        Feb 16, 2024 08:51:10.091135979 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.491822958 CET4969980192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.803627014 CET8049699129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.803894043 CET4969980192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.804208994 CET4969980192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:12.115967989 CET8049699129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:12.116010904 CET8049699129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:12.116072893 CET4969980192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:12.120769978 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:12.120804071 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:12.120870113 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:12.136816025 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:12.136840105 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.092760086 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.092854023 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.175334930 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.175363064 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.176357985 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.176430941 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.181718111 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.221904993 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.504782915 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.504811049 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.504867077 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.504899979 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.504918098 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.504935026 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.504964113 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.508451939 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813028097 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813095093 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813182116 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813224077 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813232899 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813266993 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813271046 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813299894 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813302994 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813313007 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813333988 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813357115 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813359976 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813369989 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813389063 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813393116 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813414097 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813441038 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813513994 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813549995 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813553095 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.813582897 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.814105034 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.814146042 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.814155102 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.814161062 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.814192057 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:13.814208984 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.122837067 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.122948885 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.122980118 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123027086 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123080015 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123127937 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123174906 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123222113 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123389959 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123466015 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123682022 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123728991 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123922110 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.123976946 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.124115944 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.124162912 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.124380112 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.124430895 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.124627113 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.124684095 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.124908924 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.124964952 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.125195026 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.125250101 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.125422001 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.125474930 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.430851936 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.430932045 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.430990934 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431039095 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431096077 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431154966 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431158066 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431170940 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431191921 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431209087 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431217909 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431246996 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431252956 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431279898 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431792021 CET49700443192.168.2.7129.226.103.162
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.431813002 CET44349700129.226.103.162192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.888087988 CET49671443192.168.2.7204.79.197.203
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.277555943 CET49701443192.168.2.7180.95.234.204
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.277582884 CET44349701180.95.234.204192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.277651072 CET49701443192.168.2.7180.95.234.204
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.278199911 CET49701443192.168.2.7180.95.234.204
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.278208971 CET44349701180.95.234.204192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.044270992 CET49677443192.168.2.720.50.201.200
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.141071081 CET44349701180.95.234.204192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.141202927 CET49701443192.168.2.7180.95.234.204
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.147456884 CET49701443192.168.2.7180.95.234.204
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.147471905 CET44349701180.95.234.204192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.147866011 CET44349701180.95.234.204192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.147924900 CET49701443192.168.2.7180.95.234.204
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.148411036 CET49701443192.168.2.7180.95.234.204
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.189902067 CET44349701180.95.234.204192.168.2.7
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.979454994 CET44349701180.95.234.204192.168.2.7

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.095623970 CET192.168.2.71.1.1.10x31eaStandard query (0)ui.ptlogin2.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.096868038 CET192.168.2.71.1.1.10x750fStandard query (0)count.2881.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.448169947 CET192.168.2.71.1.1.10xc4bStandard query (0)qq-web-legacy.cdn-go.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:14.451199055 CET192.168.2.71.1.1.10xe884Standard query (0)imgcache.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.450627089 CET192.168.2.71.1.1.10xc4bStandard query (0)qq-web-legacy.cdn-go.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:16.450906992 CET192.168.2.71.1.1.10xc4bStandard query (0)qq-web-legacy.cdn-go.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.266496897 CET192.168.2.71.1.1.10x2fa1Standard query (0)localhost.sec.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.271205902 CET192.168.2.71.1.1.10x5bd2Standard query (0)localhost.ptlogin2.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.303719044 CET192.168.2.71.1.1.10x9736Standard query (0)report.qqweb.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.483845949 CET192.168.2.71.1.1.10x9580Standard query (0)ssl.captcha.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.519360065 CET192.168.2.71.1.1.10x7245Standard query (0)ssl.ptlogin2.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.197313070 CET192.168.2.71.1.1.10xff7aStandard query (0)txz.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.197313070 CET192.168.2.71.1.1.10x8944Standard query (0)txz.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.223644018 CET192.168.2.71.1.1.10xb6eeStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.223993063 CET192.168.2.71.1.1.10xcb74Standard query (0)clients2.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.224546909 CET192.168.2.71.1.1.10x73dbStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.224980116 CET192.168.2.71.1.1.10x1ac8Standard query (0)accounts.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.661050081 CET192.168.2.71.1.1.10xc694Standard query (0)captcha.gtimg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:31.416212082 CET192.168.2.71.1.1.10xfd06Standard query (0)txz.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:31.416212082 CET192.168.2.71.1.1.10x625cStandard query (0)txz.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:31.912949085 CET192.168.2.71.1.1.10x7eb7Standard query (0)t.captcha.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:33.294924974 CET192.168.2.71.1.1.10x7038Standard query (0)im.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:33.295243025 CET192.168.2.71.1.1.10x55ceStandard query (0)im.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:34.560985088 CET192.168.2.71.1.1.10x9cb3Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:34.561275005 CET192.168.2.71.1.1.10x278aStandard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:34.922301054 CET192.168.2.71.1.1.10x826aStandard query (0)qq-web.cdn-go.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:34.922766924 CET192.168.2.71.1.1.10xb38fStandard query (0)qq-web.cdn-go.cn65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:34.928181887 CET192.168.2.71.1.1.10xf326Standard query (0)cdn-go.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:34.928802013 CET192.168.2.71.1.1.10xe6b6Standard query (0)cdn-go.cn65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:37.541081905 CET192.168.2.71.1.1.10x18e0Standard query (0)aegis.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:37.541311979 CET192.168.2.71.1.1.10x8a1dStandard query (0)aegis.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.393719912 CET192.168.2.71.1.1.10x364fStandard query (0)v.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.393908978 CET192.168.2.71.1.1.10x8830Standard query (0)v.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.397324085 CET192.168.2.71.1.1.10x51a8Standard query (0)beacon.cdn.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.397763014 CET192.168.2.71.1.1.10xd3e6Standard query (0)beacon.cdn.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.604737043 CET192.168.2.71.1.1.10x1c76Standard query (0)vm.gtimg.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.605070114 CET192.168.2.71.1.1.10x994Standard query (0)vm.gtimg.cn65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.103861094 CET192.168.2.71.1.1.10x63b2Standard query (0)cdn-go.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.104223967 CET192.168.2.71.1.1.10xc257Standard query (0)cdn-go.cn65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.316148996 CET192.168.2.71.1.1.10x4c19Standard query (0)otheve.beacon.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.316595078 CET192.168.2.71.1.1.10x9066Standard query (0)otheve.beacon.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:40.109414101 CET192.168.2.71.1.1.10x7509Standard query (0)im.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:40.110097885 CET192.168.2.71.1.1.10xe986Standard query (0)im.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.216911077 CET192.168.2.71.1.1.10x1a12Standard query (0)static-res.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.217252970 CET192.168.2.71.1.1.10xa935Standard query (0)static-res.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.726620913 CET192.168.2.71.1.1.10xf87eStandard query (0)aegis.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.726959944 CET192.168.2.71.1.1.10xe8aStandard query (0)aegis.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.181173086 CET192.168.2.71.1.1.10xd30dStandard query (0)qq-web.cdn-go.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.181452036 CET192.168.2.71.1.1.10x8285Standard query (0)qq-web.cdn-go.cn65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.713759899 CET192.168.2.71.1.1.10xb1aaStandard query (0)static-res.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.713947058 CET192.168.2.71.1.1.10x7ef4Standard query (0)static-res.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.878310919 CET192.168.2.71.1.1.10xd0fcStandard query (0)t.captcha.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.816330910 CET192.168.2.71.1.1.10x155fStandard query (0)otheve.beacon.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.816606045 CET192.168.2.71.1.1.10xcf04Standard query (0)otheve.beacon.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.665870905 CET192.168.2.71.1.1.10x577eStandard query (0)vm.gtimg.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.666073084 CET192.168.2.71.1.1.10xa9c3Standard query (0)vm.gtimg.cn65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:02.925127983 CET192.168.2.71.1.1.10x3776Standard query (0)h.trace.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:02.927557945 CET192.168.2.71.1.1.10x3348Standard query (0)h.trace.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:02.928697109 CET192.168.2.71.1.1.10x4ea5Standard query (0)t.captcha.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:04.303879023 CET192.168.2.71.1.1.10xcaf0Standard query (0)h.trace.qq.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:04.304091930 CET192.168.2.71.1.1.10x4a2bStandard query (0)h.trace.qq.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:14.736228943 CET192.168.2.71.1.1.10xb858Standard query (0)qzonestyle.gtimg.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:14.736460924 CET192.168.2.71.1.1.10xc678Standard query (0)qzonestyle.gtimg.cn65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:18.414344072 CET192.168.2.71.1.1.10x92d1Standard query (0)qzonestyle.gtimg.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:18.414556980 CET192.168.2.71.1.1.10xae33Standard query (0)qzonestyle.gtimg.cn65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.434726954 CET192.168.2.71.1.1.10x131dStandard query (0)qzonestyle.gtimg.cnA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:53:03.258500099 CET192.168.2.71.1.1.10xd202Standard query (0)clients1.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:53:03.258815050 CET192.168.2.71.1.1.10xf2ebStandard query (0)clients1.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:53:34.671001911 CET192.168.2.71.1.1.10x9d7cStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:53:34.671324968 CET192.168.2.71.1.1.10xabe2Standard query (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.224560976 CET1.1.1.1192.168.2.70x750fName error (3)count.2881.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.474410057 CET1.1.1.1192.168.2.70x31eaNo error (0)ui.ptlogin2.qq.comins-ojz90ij2.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.474410057 CET1.1.1.1192.168.2.70x31eaNo error (0)ins-ojz90ij2.ias.tencent-cloud.net129.226.103.162A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.474410057 CET1.1.1.1192.168.2.70x31eaNo error (0)ins-ojz90ij2.ias.tencent-cloud.net129.226.107.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.comluna-imgcache.qq.com.tcdn.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)luna-imgcache.qq.com.tcdn.qq.comimgcache.qq.com.sched.legopic1.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com180.95.234.204A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com123.12.235.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com58.144.195.239A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com211.97.81.60A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com180.95.234.226A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com211.97.81.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com58.144.195.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com58.144.195.218A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com180.95.234.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com61.54.91.204A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com58.144.195.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com180.95.234.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com115.56.90.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com180.95.234.213A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:15.275789022 CET1.1.1.1192.168.2.70xe884No error (0)imgcache.qq.com.sched.legopic1.tdnsv6.com119.188.123.252A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288295984 CET1.1.1.1192.168.2.70xc4bNo error (0)qq-web-legacy.cdn-go.cnany.cdn-go.cn.cloud.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288295984 CET1.1.1.1192.168.2.70xc4bNo error (0)any.cdn-go.cn.cloud.tc.qq.comany.cdn-go.cn.mid.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288295984 CET1.1.1.1192.168.2.70xc4bNo error (0)any.cdn-go.cn.mid.tdnsv6.comany.cdn-go.cn.sched.legopic2-dk.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288295984 CET1.1.1.1192.168.2.70xc4bNo error (0)any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com203.205.136.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288320065 CET1.1.1.1192.168.2.70xc4bNo error (0)qq-web-legacy.cdn-go.cnany.cdn-go.cn.cloud.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288320065 CET1.1.1.1192.168.2.70xc4bNo error (0)any.cdn-go.cn.cloud.tc.qq.comany.cdn-go.cn.mid.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288320065 CET1.1.1.1192.168.2.70xc4bNo error (0)any.cdn-go.cn.mid.tdnsv6.comany.cdn-go.cn.sched.legopic2-dk.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288320065 CET1.1.1.1192.168.2.70xc4bNo error (0)any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com203.205.136.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288331032 CET1.1.1.1192.168.2.70xc4bNo error (0)qq-web-legacy.cdn-go.cnany.cdn-go.cn.cloud.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288331032 CET1.1.1.1192.168.2.70xc4bNo error (0)any.cdn-go.cn.cloud.tc.qq.comany.cdn-go.cn.mid.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288331032 CET1.1.1.1192.168.2.70xc4bNo error (0)any.cdn-go.cn.mid.tdnsv6.comany.cdn-go.cn.sched.legopic2-dk.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:17.288331032 CET1.1.1.1192.168.2.70xc4bNo error (0)any.cdn-go.cn.sched.legopic2-dk.tdnsv6.com203.205.136.80A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.604484081 CET1.1.1.1192.168.2.70x5bd2No error (0)localhost.ptlogin2.qq.com127.0.0.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.685970068 CET1.1.1.1192.168.2.70x9736No error (0)report.qqweb.qq.comins-yf1um8dh.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.685970068 CET1.1.1.1192.168.2.70x9736No error (0)ins-yf1um8dh.ias.tencent-cloud.net43.135.106.65A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.685970068 CET1.1.1.1192.168.2.70x9736No error (0)ins-yf1um8dh.ias.tencent-cloud.net43.135.106.77A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.823693037 CET1.1.1.1192.168.2.70x9580No error (0)ssl.captcha.qq.com157.255.220.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.828877926 CET1.1.1.1192.168.2.70x2fa1No error (0)localhost.sec.qq.com0.0.0.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.922822952 CET1.1.1.1192.168.2.70x7245No error (0)ssl.ptlogin2.qq.comins-ck07kq9h.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.922822952 CET1.1.1.1192.168.2.70x7245No error (0)ins-ck07kq9h.ias.tencent-cloud.net129.226.107.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:26.922822952 CET1.1.1.1192.168.2.70x7245No error (0)ins-ck07kq9h.ias.tencent-cloud.net129.226.103.162A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.311904907 CET1.1.1.1192.168.2.70xcb74No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.311978102 CET1.1.1.1192.168.2.70xb6eeNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.311978102 CET1.1.1.1192.168.2.70xb6eeNo error (0)clients.l.google.com142.251.32.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.312197924 CET1.1.1.1192.168.2.70x73dbNo error (0)accounts.google.com142.250.31.84A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.799335957 CET1.1.1.1192.168.2.70xff7aNo error (0)txz.qq.comins-swbr0hdo.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.799335957 CET1.1.1.1192.168.2.70xff7aNo error (0)ins-swbr0hdo.ias.tencent-cloud.net129.226.107.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.799335957 CET1.1.1.1192.168.2.70xff7aNo error (0)ins-swbr0hdo.ias.tencent-cloud.net129.226.103.162A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.905790091 CET1.1.1.1192.168.2.70xc694No error (0)captcha.gtimg.comcaptcha.gtimg.com.cdn.dnsv1.com.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.905790091 CET1.1.1.1192.168.2.70xc694No error (0)captcha.gtimg.com.cdn.dnsv1.com.cngsylhj3x.ovslegodl.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:30.905790091 CET1.1.1.1192.168.2.70xc694No error (0)gsylhj3x.ovslegodl.sched.ovscdns.com43.152.136.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:31.979415894 CET1.1.1.1192.168.2.70xfd06No error (0)txz.qq.comins-swbr0hdo.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:31.979415894 CET1.1.1.1192.168.2.70xfd06No error (0)ins-swbr0hdo.ias.tencent-cloud.net129.226.107.134A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:31.979415894 CET1.1.1.1192.168.2.70xfd06No error (0)ins-swbr0hdo.ias.tencent-cloud.net129.226.103.162A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:32.085860014 CET1.1.1.1192.168.2.70x7eb7No error (0)t.captcha.qq.comins-2n7ixenz.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:32.085860014 CET1.1.1.1192.168.2.70x7eb7No error (0)ins-2n7ixenz.ias.tencent-cloud.net129.226.106.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:32.085860014 CET1.1.1.1192.168.2.70x7eb7No error (0)ins-2n7ixenz.ias.tencent-cloud.net129.226.107.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:33.518143892 CET1.1.1.1192.168.2.70x7038No error (0)im.qq.comins-azm2llib.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:33.518143892 CET1.1.1.1192.168.2.70x7038No error (0)ins-azm2llib.ias.tencent-cloud.net43.129.115.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:33.518143892 CET1.1.1.1192.168.2.70x7038No error (0)ins-azm2llib.ias.tencent-cloud.net43.159.234.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:34.648907900 CET1.1.1.1192.168.2.70x9cb3No error (0)www.google.com142.251.41.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:34.649030924 CET1.1.1.1192.168.2.70x278aNo error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)qq-web.cdn-go.cnany.cdn-go.cn.tegsea.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)any.cdn-go.cn.tegsea.tc.qq.comweixin.cdn.ettdnsv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.cdn.ettdnsv.comweixin.f1weixin.download.ettdnsv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.165.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.164.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.164.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.164.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.165.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.47A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com203.205.137.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.314487934 CET1.1.1.1192.168.2.70x826aNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.675743103 CET1.1.1.1192.168.2.70xf326No error (0)cdn-go.cncdn-go.cn.tegsea.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.675743103 CET1.1.1.1192.168.2.70xf326No error (0)cdn-go.cn.tegsea.tc.qq.com404801.d1.download.ettdnsv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.675743103 CET1.1.1.1192.168.2.70xf326No error (0)404801.d1.download.ettdnsv.com211.152.148.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.675743103 CET1.1.1.1192.168.2.70xf326No error (0)404801.d1.download.ettdnsv.com211.152.149.37A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:35.675743103 CET1.1.1.1192.168.2.70xf326No error (0)404801.d1.download.ettdnsv.com211.152.148.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:37.630796909 CET1.1.1.1192.168.2.70x18e0No error (0)aegis.qq.com43.137.221.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.482150078 CET1.1.1.1192.168.2.70x364fNo error (0)v.qq.comp21ovs.tcdn.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.482150078 CET1.1.1.1192.168.2.70x364fNo error (0)p21ovs.tcdn.qq.comssd.tcdn.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.482150078 CET1.1.1.1192.168.2.70x364fNo error (0)ssd.tcdn.qq.com203.205.137.236A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)beacon.cdn.qq.combeacon.cdn.qq.com.cdn.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)beacon.cdn.qq.com.cdn.dnsv1.combest.ovslegodl.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com101.33.21.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com101.33.20.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com43.152.22.76A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com101.33.20.163A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com43.152.136.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com101.33.20.249A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com128.14.246.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com101.33.20.125A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com43.152.2.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com101.33.20.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com101.33.20.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com43.152.2.243A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com101.33.20.98A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:38.996612072 CET1.1.1.1192.168.2.70x51a8No error (0)best.ovslegodl.sched.ovscdns.com43.152.2.190A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)vm.gtimg.cnvm.gtimg.cn.cdn.dnsv1.com.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)vm.gtimg.cn.cdn.dnsv1.com.cn301yjo64.sched.sma-dk.tdnsstic1.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn116.148.161.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn113.194.51.51A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn61.243.13.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn60.220.213.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn113.201.158.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.214A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn116.148.161.141A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.391810894 CET1.1.1.1192.168.2.70x1c76No error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.404812098 CET1.1.1.1192.168.2.70x4c19No error (0)otheve.beacon.qq.comins-u4xprfqu.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.404812098 CET1.1.1.1192.168.2.70x4c19No error (0)ins-u4xprfqu.ias.tencent-cloud.net129.226.106.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.404812098 CET1.1.1.1192.168.2.70x4c19No error (0)ins-u4xprfqu.ias.tencent-cloud.net129.226.103.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.725749969 CET1.1.1.1192.168.2.70x63b2No error (0)cdn-go.cncdn-go.cn.tegsea.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.725749969 CET1.1.1.1192.168.2.70x63b2No error (0)cdn-go.cn.tegsea.tc.qq.com404801.d1.download.ettdnsv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.725749969 CET1.1.1.1192.168.2.70x63b2No error (0)404801.d1.download.ettdnsv.com211.152.148.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.725749969 CET1.1.1.1192.168.2.70x63b2No error (0)404801.d1.download.ettdnsv.com211.152.148.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:39.725749969 CET1.1.1.1192.168.2.70x63b2No error (0)404801.d1.download.ettdnsv.com211.152.149.37A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:40.267571926 CET1.1.1.1192.168.2.70x7509No error (0)im.qq.comins-azm2llib.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:40.267571926 CET1.1.1.1192.168.2.70x7509No error (0)ins-azm2llib.ias.tencent-cloud.net43.129.115.202A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:40.267571926 CET1.1.1.1192.168.2.70x7509No error (0)ins-azm2llib.ias.tencent-cloud.net43.159.234.178A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.815273046 CET1.1.1.1192.168.2.70xf87eNo error (0)aegis.qq.com43.137.221.145A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.821607113 CET1.1.1.1192.168.2.70x1a12No error (0)static-res.qq.comstatic-res.qq.com.tegsea.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.821607113 CET1.1.1.1192.168.2.70x1a12No error (0)static-res.qq.com.tegsea.tc.qq.com404984.d1.download.ettdnsv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.821607113 CET1.1.1.1192.168.2.70x1a12No error (0)404984.d1.download.ettdnsv.com211.152.148.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.821607113 CET1.1.1.1192.168.2.70x1a12No error (0)404984.d1.download.ettdnsv.com211.152.149.37A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:44.821607113 CET1.1.1.1192.168.2.70x1a12No error (0)404984.d1.download.ettdnsv.com211.152.148.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.883070946 CET1.1.1.1192.168.2.70xb1aaNo error (0)static-res.qq.comstatic-res.qq.com.tegsea.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.883070946 CET1.1.1.1192.168.2.70xb1aaNo error (0)static-res.qq.com.tegsea.tc.qq.com404984.d1.download.ettdnsv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.883070946 CET1.1.1.1192.168.2.70xb1aaNo error (0)404984.d1.download.ettdnsv.com211.152.148.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.883070946 CET1.1.1.1192.168.2.70xb1aaNo error (0)404984.d1.download.ettdnsv.com211.152.149.37A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:45.883070946 CET1.1.1.1192.168.2.70xb1aaNo error (0)404984.d1.download.ettdnsv.com211.152.148.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)qq-web.cdn-go.cnany.cdn-go.cn.tegsea.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)any.cdn-go.cn.tegsea.tc.qq.comweixin.cdn.ettdnsv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.cdn.ettdnsv.comweixin.f1weixin.download.ettdnsv.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com203.205.137.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.164.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.47A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.164.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.165.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.165.15A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com119.28.164.221A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.56A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.022815943 CET1.1.1.1192.168.2.70xd30dNo error (0)weixin.f1weixin.download.ettdnsv.com101.33.17.48A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.409682989 CET1.1.1.1192.168.2.70xd0fcNo error (0)t.captcha.qq.comins-2n7ixenz.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.409682989 CET1.1.1.1192.168.2.70xd0fcNo error (0)ins-2n7ixenz.ias.tencent-cloud.net129.226.106.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:46.409682989 CET1.1.1.1192.168.2.70xd0fcNo error (0)ins-2n7ixenz.ias.tencent-cloud.net129.226.107.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:47.199632883 CET1.1.1.1192.168.2.70x155fNo error (0)otheve.beacon.qq.comins-u4xprfqu.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:47.199632883 CET1.1.1.1192.168.2.70x155fNo error (0)ins-u4xprfqu.ias.tencent-cloud.net129.226.103.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:47.199632883 CET1.1.1.1192.168.2.70x155fNo error (0)ins-u4xprfqu.ias.tencent-cloud.net129.226.106.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)vm.gtimg.cnvm.gtimg.cn.cdn.dnsv1.com.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)vm.gtimg.cn.cdn.dnsv1.com.cn301yjo64.sched.sma-dk.tdnsstic1.cnCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn61.243.13.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn60.220.213.207A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn116.148.161.158A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn116.148.161.141A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn113.194.51.51A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.214A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn113.201.158.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.87A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:51:56.754089117 CET1.1.1.1192.168.2.70x577eNo error (0)301yjo64.sched.sma-dk.tdnsstic1.cn42.177.83.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:03.015098095 CET1.1.1.1192.168.2.70x3776No error (0)h.trace.qq.comins-diu1q33u.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:03.015098095 CET1.1.1.1192.168.2.70x3776No error (0)ins-diu1q33u.ias.tencent-cloud.net129.226.102.234A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:03.015098095 CET1.1.1.1192.168.2.70x3776No error (0)ins-diu1q33u.ias.tencent-cloud.net129.226.106.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:03.092097044 CET1.1.1.1192.168.2.70x4ea5No error (0)t.captcha.qq.comins-2n7ixenz.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:03.092097044 CET1.1.1.1192.168.2.70x4ea5No error (0)ins-2n7ixenz.ias.tencent-cloud.net129.226.107.149A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:03.092097044 CET1.1.1.1192.168.2.70x4ea5No error (0)ins-2n7ixenz.ias.tencent-cloud.net129.226.106.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:04.392411947 CET1.1.1.1192.168.2.70xcaf0No error (0)h.trace.qq.comins-diu1q33u.ias.tencent-cloud.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:04.392411947 CET1.1.1.1192.168.2.70xcaf0No error (0)ins-diu1q33u.ias.tencent-cloud.net129.226.102.234A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:04.392411947 CET1.1.1.1192.168.2.70xcaf0No error (0)ins-diu1q33u.ias.tencent-cloud.net129.226.106.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cnqzonestyle.gtimg.cn.cloud.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.cloud.tc.qq.comqzonestyle.mid.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.mid.tdnsv6.comqzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.249A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com119.167.182.192A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.208A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com122.190.64.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com221.204.209.188A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com221.204.209.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com122.188.37.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com27.222.2.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com61.241.148.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:15.695765018 CET1.1.1.1192.168.2.70xb858No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cnqzonestyle.gtimg.cn.cloud.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.cloud.tc.qq.comqzonestyle.mid.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.mid.tdnsv6.comqzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com61.241.148.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.249A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com122.188.37.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com221.204.209.188A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com122.190.64.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com27.222.2.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com119.167.182.192A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com221.204.209.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.481367111 CET1.1.1.1192.168.2.70x92d1No error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.208A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cnqzonestyle.gtimg.cn.cloud.tc.qq.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.cloud.tc.qq.comqzonestyle.mid.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.mid.tdnsv6.comqzonestyle.gtimg.cn.sched.legopic2.tdnsv6.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com122.190.64.57A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com119.167.182.192A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com122.188.37.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com27.222.2.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.208A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.227A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com61.241.148.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com221.204.209.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com36.250.242.245A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com221.204.209.188A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:52:19.999543905 CET1.1.1.1192.168.2.70x131dNo error (0)qzonestyle.gtimg.cn.sched.legopic2.tdnsv6.com180.95.234.249A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:53:03.346451998 CET1.1.1.1192.168.2.70xd202No error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:53:03.346451998 CET1.1.1.1192.168.2.70xd202No error (0)clients.l.google.com142.250.80.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:53:03.346795082 CET1.1.1.1192.168.2.70xf2ebNo error (0)clients1.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:53:34.759202003 CET1.1.1.1192.168.2.70x9d7cNo error (0)www.google.com142.251.40.132A (IP address)IN (0x0001)false
                                                                                                                                                                                                                        Feb 16, 2024 08:53:34.759233952 CET1.1.1.1192.168.2.70xabe2No error (0)www.google.com65IN (0x0001)false

                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.2.749699129.226.103.162802960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Feb 16, 2024 08:51:11.804208994 CET508OUTGET /cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ui.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Feb 16, 2024 08:51:12.116010904 CET538INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                        Server: stgw
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:11 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Location: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>stgw</center></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        1192.168.2.749740129.226.107.134807832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Feb 16, 2024 08:51:31.106204987 CET472OUTGET /p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124 HTTP/1.1
                                                                                                                                                                                                                        Host: txz.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Feb 16, 2024 08:51:31.413256884 CET370INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                        Server: stgw
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:31 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Location: https://txz.qq.com/p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>stgw</center></body></html>
                                                                                                                                                                                                                        Feb 16, 2024 08:52:16.424408913 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        2192.168.2.74978643.129.115.202807832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Feb 16, 2024 08:51:40.670094013 CET485OUTGET /index/ HTTP/1.1
                                                                                                                                                                                                                        Host: im.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=64fb0a5a1e6bde98b2cf602a7e28e948
                                                                                                                                                                                                                        Feb 16, 2024 08:51:40.966888905 CET328INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                        Server: stgw
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:40 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Location: https://im.qq.com/index/
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>stgw</center></body></html>
                                                                                                                                                                                                                        Feb 16, 2024 08:52:25.972548962 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        3192.168.2.749739129.226.107.134807832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Feb 16, 2024 08:52:16.120392084 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        4192.168.2.749742129.226.107.134807832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Feb 16, 2024 08:52:16.280318975 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        5192.168.2.74978543.129.115.202807832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        Feb 16, 2024 08:52:25.624547005 CET6OUTData Raw: 00
                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        0192.168.2.749700129.226.103.1624432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC508OUTGET /cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Host: ui.ptlogin2.qq.com
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC864INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:13 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 101281
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: QZHTTP-2.38.41
                                                                                                                                                                                                                        P3P: CP="CAO PSA OUR"
                                                                                                                                                                                                                        Cache-Control: max-age=600
                                                                                                                                                                                                                        Set-Cookie: pt_user_id=4642354890204111326; EXPIRES=Mon, 13-Feb-2034 07:51:13 GMT; PATH=/; DOMAIN=ui.ptlogin2.qq.com; SameSite=None; Secure
                                                                                                                                                                                                                        Set-Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; PATH=/; DOMAIN=ptlogin2.qq.com; SameSite=None; Secure
                                                                                                                                                                                                                        Set-Cookie: pt_clientip=9641bf60e3def13a; PATH=/; DOMAIN=ptlogin2.qq.com; SameSite=None; Secure
                                                                                                                                                                                                                        Set-Cookie: pt_serverip=be0d7f000001db6b; PATH=/; DOMAIN=ptlogin2.qq.com; SameSite=None; Secure
                                                                                                                                                                                                                        Set-Cookie: ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; PATH=/; DOMAIN=ui.ptlogin2.qq.com; SameSite=None; Secure
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=0
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC3232INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 20 3c 21 2d 2d 5b 69 66 20 49 45 5d 3e 0a 3c 73 63 72
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"> ...[if IE]><scr
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC116INData Raw: 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 2e 0a 20 2a 20 54 68 61 6e 6b 73 20 66 6f 72 20 73 75 70 70 6f 72 74 69 6e 67 20 54 41 4d 20 26 20 41 65 67 69 73 21 0a 20 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d
                                                                                                                                                                                                                        Data Ascii: ed under the MIT License. * Thanks for supporting TAM & Aegis! * =================================================
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC4096INData Raw: 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 20 2a 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 74 29 3a 28 65 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 65 7c 7c 73 65 6c 66 29 2e 41 65 67 69 73 3d 74 28 29 7d 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b
                                                                                                                                                                                                                        Data Ascii: ==================== **/!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e="undefined"!=typeof globalThis?globalThis:e||self).Aegis=t()}(this,function(){"use strict";
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC1520INData Raw: 70 6c 69 74 28 22 3a 20 22 29 29 5b 30 5d 2c 74 3d 74 5b 31 5d 2e 74 72 69 6d 28 29 2c 6e 5b 65 5d 3d 74 29 7d 29 2c 6e 7d 2c 61 29 2c 68 3d 28 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6f 75 72 63 65 55 52 4c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 64 61 74 61 2e 75 72 6c 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 74 75 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 28 74 68 69 73 2e 64 61 74 61 2e 73 74 61 74 75 73 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 65 61 64 65 72 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 6e 3d 7b 7d 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 64 61 74 61 2e 68 65 61 64 65 72 73 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6e 5b
                                                                                                                                                                                                                        Data Ascii: plit(": "))[0],t=t[1].trim(),n[e]=t)}),n},a),h=(t.prototype.sourceURL=function(){return this.data.url},t.prototype.status=function(){return Number(this.data.status)},t.prototype.headers=function(){var n={};return this.data.headers.forEach(function(e,t){n[
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC2808INData Raw: 63 74 69 6f 6e 28 29 7b 7d 3a 74 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 7d 29 7d 76 61 72 20 6d 3d 66 75 6e 63 74 69 6f 6e 28 69 2c 6f 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 6f 2e 6c 6f 67 43 72 65 61 74 65 64 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 6e 29 72 65 74 75 72 6e 20 69 28 22 62 65 66 6f 72 65 57 72 69 74 65 22 2c 65 29 2c 74 28 65 29 3b 65 3d 65 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 31 21 3d 3d 6e 28 65 29 7d 29 3b 72 65 74 75 72 6e 20 69 28 22 62 65 66 6f 72 65 57 72 69 74 65 22 2c 65 29 2c 74 28 65 29 7d 7d 2c 43 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 76 61 72 20 69 2c 6f 3d 5b 5d 2c 72 3d 65 2e 63 6f 6e 66
                                                                                                                                                                                                                        Data Ascii: ction(){}:t[e]=function(){})})}var m=function(i,o){return function(e,t){var n=o.logCreated;if("function"!=typeof n)return i("beforeWrite",e),t(e);e=e.filter(function(e){return!1!==n(e)});return i("beforeWrite",e),t(e)}},C=function(e,n){var i,o=[],r=e.conf
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC1404INData Raw: 2d 75 72 6c 65 6e 63 6f 64 65 64 22 2c 74 79 70 65 3a 54 2e 4c 4f 47 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 69 2e 63 6f 6e 66 69 67 2e 6f 6e 52 65 70 6f 72 74 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 65 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 28 65 29 7d 29 2c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6e 26 26 6e 28 5b 5d 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 22 34 30 33 20 66 6f 72 62 69 64 64 65 6e 22 3d 3d 3d 65 26 26 69 2e 64 65 73 74 72 6f 79 28 29 7d 29 7d 7d 2c 55 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 69 66 28 21 6e 7c 7c 21 6e 2e 72 65 64 75 63 65 7c 7c 21 6e 2e 6c 65 6e 67 74 68 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 63 72 65
                                                                                                                                                                                                                        Data Ascii: -urlencoded",type:T.LOG},function(){var t=i.config.onReport;"function"==typeof t&&e.forEach(function(e){t(e)}),"function"==typeof n&&n([])},function(e){"403 forbidden"===e&&i.destroy()})}},U=function(n){if(!n||!n.reduce||!n.length)throw new TypeError("cre
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC1404INData Raw: 3a 52 2e 49 4e 46 4f 7d 29 7d 2c 58 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 66 6f 41 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 74 3d 30 3b 74 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 65 5b 74 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3b 74 68 69 73 2e 6e 6f 72 6d 61 6c 4c 6f 67 50 69 70 65 6c 69 6e 65 28 7b 6d 73 67 3a 65 2c 6c 65 76 65 6c 3a 52 2e 49 4e 46 4f 5f 41 4c 4c 7d 29 7d 2c 58 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 70 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 74 3d 30 3b 74 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 65 5b 74 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 74 5d 3b 74 68 69 73 2e 6e 6f 72 6d 61 6c 4c 6f 67 50 69 70
                                                                                                                                                                                                                        Data Ascii: :R.INFO})},X.prototype.infoAll=function(){for(var e=[],t=0;t<arguments.length;t++)e[t]=arguments[t];this.normalLogPipeline({msg:e,level:R.INFO_ALL})},X.prototype.report=function(){for(var e=[],t=0;t<arguments.length;t++)e[t]=arguments[t];this.normalLogPip
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC1404INData Raw: 75 73 74 20 62 65 20 6e 75 6d 62 65 72 22 29 3a 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 72 65 70 6f 72 74 54 69 6d 65 3a 20 66 69 72 73 74 20 70 61 72 61 6d 20 6d 75 73 74 20 62 65 20 61 20 73 74 72 69 6e 67 22 29 7d 2c 58 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 70 6f 72 74 54 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 6e 61 6d 65 2c 6e 3d 65 2e 64 75 72 61 74 69 6f 6e 2c 69 3d 65 2e 65 78 74 31 2c 6f 3d 76 6f 69 64 20 30 3d 3d 3d 69 3f 22 22 3a 69 2c 72 3d 65 2e 65 78 74 32 2c 69 3d 76 6f 69 64 20 30 3d 3d 3d 72 3f 22 22 3a 72 2c 72 3d 65 2e 65 78 74 33 2c 72 3d 76 6f 69 64 20 30 3d 3d 3d 72 3f 22 22 3a 72 2c 65 3d 65 2e 66 72 6f 6d 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 22 6e 75 6d 62 65 72 22 3d 3d
                                                                                                                                                                                                                        Data Ascii: ust be number"):console.warn("reportTime: first param must be a string")},X.prototype.reportT=function(e){var t=e.name,n=e.duration,i=e.ext1,o=void 0===i?"":i,r=e.ext2,i=void 0===r?"":r,r=e.ext3,r=void 0===r?"":r,e=e.from;if("string"==typeof t&&"number"==
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC1404INData Raw: 69 67 2e 69 64 2b 22 26 63 6f 75 6e 74 3d 31 26 76 65 72 73 69 6f 6e 3d 22 2b 74 68 69 73 2e 63 6f 6e 66 69 67 2e 69 64 2b 22 28 31 2e 33 34 2e 32 31 29 22 2c 61 64 64 42 65 61 6e 3a 21 31 2c 6d 65 74 68 6f 64 3a 22 67 65 74 22 2c 74 79 70 65 3a 54 2e 53 44 4b 5f 45 52 52 4f 52 7d 29 7d 2c 58 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 73 74 72 6f 79 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 21 31 29 3b 76 61 72 20 74 2c 6e 2c 69 3d 58 2e 69 6e 73 74 61 6e 63 65 73 2e 69 6e 64 65 78 4f 66 28 74 68 69 73 29 3b 2d 31 21 3d 3d 69 26 26 58 2e 69 6e 73 74 61 6e 63 65 73 2e 73 70 6c 69 63 65 28 69 2c 31 29 3b 66 6f 72 28 76 61 72 20 6f 3d 58 2e 69 6e 73 74 61 6c 6c 65 64 50 6c 75 67 69 6e 73 2e 6c 65 6e 67 74 68 2d 31 3b 30
                                                                                                                                                                                                                        Data Ascii: ig.id+"&count=1&version="+this.config.id+"(1.34.21)",addBean:!1,method:"get",type:T.SDK_ERROR})},X.prototype.destroy=function(e){void 0===e&&(e=!1);var t,n,i=X.instances.indexOf(this);-1!==i&&X.instances.splice(i,1);for(var o=X.installedPlugins.length-1;0
                                                                                                                                                                                                                        2024-02-16 07:51:13 UTC1404INData Raw: 75 72 6e 21 28 21 65 7c 7c 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 65 29 7c 7c 21 21 65 7d 2c 42 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 43 6f 6e 66 69 67 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 3d 28 65 3d 65 2e 63 6f 6e 66 69 67 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 5b 74 68 69 73 2e 6e 61 6d 65 5d 7d 2c 42 2e 70 72 6f 74 6f 74 79 70 65 2e 65 78 69 73 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 2d 31 3d 3d 3d 74 68 69 73 2e 69 6e 73 74 61 6e 63 65 73 2e 69 6e 64 65 78 4f 66 28 65 29 7d 2c 42 2e 70 72 6f 74 6f 74 79 70 65 2e 74 72 69 67 67 65 72 49 6e 69 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 74 68 69 73 2e 69 6e 69 74 65 64 7c 7c 28 74 68
                                                                                                                                                                                                                        Data Ascii: urn!(!e||"object"!=typeof e)||!!e},B.prototype.getConfig=function(e){return null===(e=e.config)||void 0===e?void 0:e[this.name]},B.prototype.exist=function(e){return-1===this.instances.indexOf(e)},B.prototype.triggerInit=function(e){var t;this.inited||(th


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        1192.168.2.749701180.95.234.2044432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:16 UTC578OUTGET /ptlogin/v4/style/40/images/logo.png HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: imgcache.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:16 UTC832INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Thu, 03 Nov 2022 03:14:50 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        X-DataSrc: 9
                                                                                                                                                                                                                        X-ReqGue: 0
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Age: 865785
                                                                                                                                                                                                                        Content-Length: 1190
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 18108984676201921864
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: Lego Server
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:16 GMT
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Timing-Allow-Origin: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com
                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com
                                                                                                                                                                                                                        Vary: Accept
                                                                                                                                                                                                                        2024-02-16 07:51:16 UTC1190INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0c 00 00 00 0d 08 03 00 00 00 aa f7 7f 70 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 03 26 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 33 38 20 37 39 2e 31 35 39 38 32 34 2c 20 32 30 31 36 2f 30 39 2f 31 34 2d 30 31 3a 30 39 3a 30 31 20 20 20 20 20 20 20 20 22 3e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRpgAMAasRGB&iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 ">


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        2192.168.2.749702203.205.136.804432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:17 UTC613OUTGET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/theme/theme_0.css HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: qq-web-legacy.cdn-go.cn
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:18 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Nov 2023 02:30:20 GMT
                                                                                                                                                                                                                        Etag: "410e0d065899b7a313a1b47fe1d4bb9f"
                                                                                                                                                                                                                        Content-Type: text/css
                                                                                                                                                                                                                        Date: Wed, 15 Nov 2023 06:36:06 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 6070193590626324689
                                                                                                                                                                                                                        x-cos-request-id: NjU1NDY2ZDZfN2NmNzRjMGJfNWM0NV9kNWJmYzNj
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwNDQwNTgyODg1ODI3MDc
                                                                                                                                                                                                                        Content-Length: 121
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 16120886653783826357
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Vary: User-Agent,Origin
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        2024-02-16 07:51:18 UTC121INData Raw: 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 46 46 46 7d 2e 71 6c 6f 67 69 6e 20 2e 66 61 63 65 20 2e 6e 69 63 6b 2c 2e 71 6c 6f 67 69 6e 5f 6c 69 73 74 20 2e 72 65 74 75 72 6e 7b 77 69 64 74 68 3a 31 30 30 25 7d 2e 71 6c 6f 67 69 6e 20 2e 71 72 5f 31 20 2e 71 72 5f 69 6e 76 61 6c 69 64 5f 74 69 70 73 7b 63 6f 6c 6f 72 3a 23 46 46 46 7d
                                                                                                                                                                                                                        Data Ascii: body{background-color:#FFF}.qlogin .face .nick,.qlogin_list .return{width:100%}.qlogin .qr_1 .qr_invalid_tips{color:#FFF}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        3192.168.2.749710129.226.103.1624432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:22 UTC832OUTGET /style/11/images/icon_24_c_3.png HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ui.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC270INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:23 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 9532
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: QZHTTP-2.38.41
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Nov 2023 02:30:11 GMT
                                                                                                                                                                                                                        Cache-Control: public; max-age=86400
                                                                                                                                                                                                                        Expires: Sat, 17 Feb 2024 07:51:23 GMT
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC3826INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 12 00 00 01 63 08 03 00 00 00 c6 97 74 75 00 00 03 00 50 4c 54 45 9c 9c 9c 88 88 88 eb e7 e7 88 88 88 8b 8b 84 d2 b5 2c 9f ce fc d8 84 00 6d b8 26 3c 97 15 85 85 85 de 83 07 d1 d1 d1 9c c9 f5 d4 d4 d4 de aa 33 d6 d6 d6 d0 85 08 88 88 88 cc cd ce 67 b9 22 cb b2 21 d6 b8 2c 9b c4 ec 6c c1 24 e8 e8 e8 e7 d5 7f db c9 75 81 c2 ff df a9 1b d6 cd 8a e5 cd 5c b1 b1 b1 de 9c 10 c2 c2 c2 84 c3 ff ef e3 e1 df cd 78 7d 7e 7e bd b3 21 e6 e6 e6 5a b0 1e ed d4 d0 e4 e9 ee b9 b9 b9 dc dc dc e5 e5 e5 da db db ee ed ec 83 83 83 ca c7 bc e1 e1 e1 aa aa aa b8 b8 b6 bd b9 b6 b6 b6 b6 81 c2 ff bb bb b9 c1 be af b3 b3 b3 81 c2 ff ea 26 03 ea 28 04 ea 27 03 e9 24 00 ea 25 01 ea 27 04 bb bb b6 e8 24 01 ea 27 03 dd 22 00 dc
                                                                                                                                                                                                                        Data Ascii: PNGIHDRctuPLTE,m&<3g"!,l$u\x}~~!Z&('$%'$'"
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC116INData Raw: eb 3f 99 02 f6 bf b7 76 0e f4 d2 61 02 6a e1 e5 64 b2 1b d4 ba 93 c9 e5 70 81 46 c9 8e 95 7b e5 93 05 ab fc de ca 0e 4a 92 88 8e 0e 3c f8 b1 cb 0d 05 cb dd f5 e3 83 81 d1 68 22 4b a2 f4 27 93 fb b2 3e b1 7d c9 64 bf 52 98 51 32 99 49 bb a0 60 b9 d2 f4 b5 4c 2c 38 34 3e 7a e4 56 26 0c 05 2c 9c b9 75 64 74 7c 28 a8 29 f4 25 93 1f 78 21 9b f7 83 64
                                                                                                                                                                                                                        Data Ascii: ?vajdpF{J<h"K'>}dRQ2I`L,84>zV&,udt|()%x!d
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC2808INData Raw: b2 af 30 87 d7 49 f2 3d 14 b0 49 95 a4 77 a0 e5 56 06 0a 5a e6 56 cb 40 6f 96 24 f0 81 ee e8 e1 27 44 81 3c 11 3b 91 c4 c7 8a 47 32 16 cf 9d 7f 45 c6 99 d8 56 24 b1 b1 e8 e8 91 bd 85 27 d9 7b 64 34 aa 92 f4 90 c3 69 08 f2 0a 91 c3 6d 8f 5d 49 e2 45 27 f1 88 f9 97 26 66 62 8f 4d 49 d8 28 39 5c 78 92 c3 9c 44 cc bf 22 31 13 db 93 24 5e 6c 92 7e 72 d8 88 81 a1 18 39 c0 f4 db 93 a4 b8 a3 c4 30 ff ea 66 62 5b 92 14 79 94 04 1e f5 8d 73 ac 80 1d 49 8a 3b 4a e2 ba f9 d7 30 13 c7 6d 48 52 dc 51 a2 9f 7f 8d 33 b1 0d 49 8a 3a 4a 0c f3 af 71 26 1e b4 1f 49 51 47 89 98 55 cc e2 b3 91 fd 48 70 94 e0 b1 04 67 1c db 8d 12 3c 2f c1 b3 d7 9f fb 1a 67 9f d9 6b 9c 7d 25 fb 1a 07 5f 09 0b 12 fc 79 c9 a3 49 a0 87 bd ab 25 d2 de df b2 f5 4f d5 8a 44 b2 91 7f f6 5a 4c 92 47 ff
                                                                                                                                                                                                                        Data Ascii: 0I=IwVZV@o$'D<;G2EV$'{d4im]IE'&fbMI(9\xD"1$^l~r90fb[ysI;J0mHRQ3I:Jq&IQGUHpg</gk}%_yI%ODZLG
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC2782INData Raw: 5d 92 84 4d 72 89 1c 4c 92 84 c2 48 2d f9 7c 7d 5e 88 18 24 93 e9 74 3a 57 a0 62 69 5a a2 06 22 b5 b2 fc 68 d3 e9 6c 16 5f 2d a5 cb f8 c5 4d b9 8a 3b 11 5c 6a 16 e4 91 18 52 17 ed c5 c5 28 af 50 d0 88 24 cb c4 d3 12 3a 6e 20 d9 dc dc de 3e d8 de de 26 99 b7 dc 80 0a d6 03 60 c1 66 32 a9 30 b4 81 c9 7a 39 77 14 e7 e9 2f 0e a6 de ac 1d 07 c2 d1 66 24 21 20 c9 e7 88 84 ca a5 cb 14 a0 d0 4f 3a 18 8b 14 74 c8 53 ab 96 b3 44 a5 f1 44 67 65 d0 b0 85 c1 e8 32 e6 14 84 5f 2c af 99 45 b3 0e 1e e8 10 71 11 c9 ab 57 2f 37 37 5f 6e 02 c9 b6 2d 52 e1 c2 db c9 64 b3 4d e0 93 d0 54 70 d6 6f 2b 1c 8e fb e1 91 56 24 e3 69 74 1f 4c 12 50 2e 56 ae a6 73 79 1c e3 00 81 88 e4 b4 97 28 24 76 f6 12 38 7b aa 96 63 99 1c a3 0b 3c e0 8b 02 78 c9 9a 2b 48 ee d0 4c 03 1e 58 b5 e1 18
                                                                                                                                                                                                                        Data Ascii: ]MrLH-|}^$t:WbiZ"hl_-M;\jR(P$:n >&`f20z9w/f$! O:tSDDge2_,EqW/77_n-RdMTpo+V$itLP.Vsy($v8{c<x+HLX


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        4192.168.2.749707203.205.136.804432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:22 UTC623OUTGET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/error_icon_ie.png HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: qq-web-legacy.cdn-go.cn
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC634INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Nov 2023 02:30:21 GMT
                                                                                                                                                                                                                        Etag: "dd6f19337dd5a7ec79fb3566167d3100"
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Date: Thu, 21 Dec 2023 06:17:42 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 12908737476952392719
                                                                                                                                                                                                                        x-cos-request-id: NjU4M2Q4ODVfMWIxNDc2MGJfMzhkYV8xM2M0ZmVhYw==
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwNDQwNTgyODg0MTcyODE
                                                                                                                                                                                                                        Content-Length: 394
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 7572113235443530527
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Refresh Hit
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Vary: User-Agent,Origin
                                                                                                                                                                                                                        Cache-Control: max-age=666
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: false
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC394INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 01 44 49 44 41 54 38 4f 9d 93 3d 4b 03 41 10 86 9f b9 8b e2 cf b0 b0 54 c8 4f 08 18 2b b1 b5 10 cc 07 88 18 83 60 13 b0 52 6c 6c 52 fa 71 a2 c1 9c 58 5b 89 5d 82 f9 07 22 da c5 c2 9f 21 78 9b 91 64 a3 5e 92 bd 1c b8 dd ce ce 3c 33 2f fb 8e 30 76 34 b7 b9 48 c6 ab 02 79 60 7e f8 fc 81 d2 a1 e7 9f c9 d3 cd 4b bc 44 7e 2e 9a 2b cd e1 13 20 94 c6 a1 23 77 d5 06 46 f6 a4 13 7e f6 e3 03 c0 a0 38 a3 0f 20 fd ae e9 47 b5 85 91 b5 3e c4 02 96 4b cd d4 ce 13 5a 35 94 f6 6d 59 74 65 23 8b ce 3e 3b db 3e 5e d9 f0 ea b6 7b aa c8 2c 89 2e 17 af 11 d9 72 66 dc 9f 82 31 b0 be 9f 24 eb 52 34 5f e8 82 b7 e0 cc 68 9e 80 ef 41 e1 20
                                                                                                                                                                                                                        Data Ascii: PNGIHDRasRGBDIDAT8O=KATO+`RllRqX[]"!xd^<3/0v4Hy`~KD~.+ #wF~8 G>KZ5mYte#>;>^{,.rf1$R4_hA


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        5192.168.2.749708203.205.136.804432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:22 UTC620OUTGET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_left_ie.png HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: qq-web-legacy.cdn-go.cn
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC625INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Nov 2023 02:30:21 GMT
                                                                                                                                                                                                                        Etag: "dc7fd3bb66140c9fb9312c190befeacd"
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Date: Wed, 15 Nov 2023 06:55:03 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 1634144184227043324
                                                                                                                                                                                                                        x-cos-request-id: NjU1NDZiNDdfM2MyZTNkMGJfMjMyMGRfZDQ4OWQ5Ng==
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwNDQwNTgyODg0MTUyMjA
                                                                                                                                                                                                                        Content-Length: 488
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 1935492150572120472
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Vary: User-Agent,Origin
                                                                                                                                                                                                                        Cache-Control: max-age=666
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: false
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC488INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0c 00 00 00 15 08 06 00 00 00 72 ac 0f b4 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 01 a2 49 44 41 54 38 4f 95 53 bb 6a 1b 41 14 3d 77 76 b3 20 04 71 93 26 9d 8d 83 83 21 c6 ee fc 05 b6 8b f8 51 58 c1 04 84 40 8d 46 91 8c 0a 55 2a f5 0f 62 35 33 2b a9 37 a8 71 13 48 21 30 38 0a f8 51 a6 c9 1f a8 48 40 d8 44 24 82 91 c6 ac d8 15 b6 b3 5a 29 53 de 7b 0f 73 ef 79 10 16 78 42 88 65 c6 d8 2e e7 dc a3 79 f3 4a a9 55 00 5f 01 bc 06 70 1a 0b f0 3c 6f cd 18 f3 0d c0 2b 00 df b5 d6 bb 33 01 cd 66 f3 dd 68 34 ea 02 58 02 70 3d 1c 0e 0f 4a a5 d2 cf 48 40 ab d5 da d4 5a df 02 78 01 a0 db ef f7 f7 2b 95 ca 9d bf fe 3f 00 a5 d4 36 80 ab e0 b6 0b ad f5 61 b1 58 fc 1d de fa 04 e0 79 de 9e 31 e6 4b d0 fc 3c 18 0c
                                                                                                                                                                                                                        Data Ascii: PNGIHDRrsRGBIDAT8OSjA=wv q&!QX@FU*b53+7qH!08QH@D$Z)S{syxBe.yJU_p<o+3fh4Xp=JH@Zx+?6aXy1K<


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        6192.168.2.749709180.95.234.2044432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:22 UTC585OUTGET /ptlogin/v4/style/40/images/onekey_tips.png HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: imgcache.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC832INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Tue, 01 Nov 2022 22:23:30 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        X-DataSrc: 9
                                                                                                                                                                                                                        X-ReqGue: 0
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Age: 865791
                                                                                                                                                                                                                        Content-Length: 4223
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 18199409411557633705
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: Lego Server
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:23 GMT
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Timing-Allow-Origin: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com
                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com
                                                                                                                                                                                                                        Vary: Accept
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC4223INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a0 00 00 00 c6 08 03 00 00 00 62 bc 7b 58 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 00 ea 50 4c 54 45 4c 69 71 e6 e6 e6 f5 f5 f5 59 59 59 0e 0e 0e 0b 0b 0b 06 06 06 01 01 01 00 00 00 02 02 02 89 89 89 c1 c1 c1 e9 e9 e9 a6 a6 a6 b1 b1 b1 ce ce ce e8 e8 e8 de de de 7e 7e 7e f7 f7 f9 ff ff ff 1d b9 f2 11 b6 f5 f9 fa fc d2 d2 d3 f6 f6 f8 0b b5 f5 ff fb f9 87 d9 f8 f2 f1 f3 e6 e6 e8 ec ec ee fd fd fe df df e2 d9 d9 da 72 d3 f7 c7 ee fc 2a bd f4 bb e7 f9 8f dc fa 54 cb f6 cb ca cc 3a c3 f6 c2 c1 c3 cf ce d1 bc bc be a3 e2 f8 47 c6 f6 c6 c6 c8 15
                                                                                                                                                                                                                        Data Ascii: PNGIHDRb{XgAMAasRGBtEXtSoftwareAdobe ImageReadyqe<PLTELiqYYY~~~r*T:G


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        7192.168.2.749705180.95.234.2044432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:22 UTC585OUTGET /ptlogin/v4/style/40/images/icon_3_tiny.png HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: imgcache.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC832INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Wed, 02 Nov 2022 19:59:03 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        X-DataSrc: 9
                                                                                                                                                                                                                        X-ReqGue: 0
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Age: 865792
                                                                                                                                                                                                                        Content-Length: 10711
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 4744508647924739895
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: Lego Server
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:23 GMT
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Timing-Allow-Origin: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com
                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com
                                                                                                                                                                                                                        Vary: Accept
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC10711INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 12 00 00 02 b9 08 03 00 00 00 44 da 51 a1 00 00 03 00 50 4c 54 45 00 00 00 81 c2 ff ef ef ef 81 c2 ff 98 c8 f5 81 c2 ff 80 c2 ff 72 ba ff 71 ba ff 72 bb ff 81 c2 ff f2 f1 f1 ea ea ea 05 02 02 04 00 00 a7 c6 e2 33 34 32 4a 4f 45 da d9 d3 e7 e6 e2 e9 2d 03 e9 2a 02 e9 2a 00 ea 26 04 e9 24 00 88 88 88 ea 25 03 ea 26 04 7c bf fd e9 e9 e9 f2 f2 f2 dd 59 0f d0 d0 ce 7f c1 ff e9 24 00 e9 24 00 ea 2b 0a ea 2b 0b bd bd b7 ea 25 02 ea 25 03 ea 27 05 ba ba ba fc fc fc ba ba ba bc bd be dd de de e9 24 00 e7 e7 e7 ed ed ed e3 e3 e3 f0 f0 f0 83 c3 ff e9 e9 e9 81 c2 ff b4 b4 b4 fa fa fa c5 c5 c5 e9 e8 e8 f9 f9 f9 ec ec ec b4 b4 b4 8a 8a 8a f7 ed ec ff ff ff e4 cb 57 c4 c4 c4 dd dd dd 8a c6 ff b4 b4 b4 b4 b4 b4 be
                                                                                                                                                                                                                        Data Ascii: PNGIHDRDQPLTErqr342JOE-**&$%&|Y$$++%%'$W


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        8192.168.2.74971123.51.58.94443
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                        Host: fs.microsoft.com
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC495INHTTP/1.1 200 OK
                                                                                                                                                                                                                        ApiVersion: Distribute 1.1
                                                                                                                                                                                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                        Server: ECAcc (chd/073D)
                                                                                                                                                                                                                        X-CID: 11
                                                                                                                                                                                                                        X-Ms-ApiVersion: Distribute 1.2
                                                                                                                                                                                                                        X-Ms-Region: prod-eus2-z1
                                                                                                                                                                                                                        Cache-Control: public, max-age=41668
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:23 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-CID: 2


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        9192.168.2.74971423.51.58.94443
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                        Range: bytes=0-2147483646
                                                                                                                                                                                                                        User-Agent: Microsoft BITS/7.8
                                                                                                                                                                                                                        Host: fs.microsoft.com
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC455INHTTP/1.1 200 OK
                                                                                                                                                                                                                        ApiVersion: Distribute 1.1
                                                                                                                                                                                                                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                                                                                                                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                                                                                                                        Server: ECAcc (chd/0778)
                                                                                                                                                                                                                        X-CID: 11
                                                                                                                                                                                                                        Cache-Control: public, max-age=41625
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:23 GMT
                                                                                                                                                                                                                        Content-Length: 55
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-CID: 2
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        10192.168.2.749712203.205.136.804432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:23 UTC621OUTGET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/40/images/go_right_ie.png HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: qq-web-legacy.cdn-go.cn
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:24 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Nov 2023 02:30:21 GMT
                                                                                                                                                                                                                        Etag: "faa4acec8888ecc3f7517cdf0b58530c"
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Date: Sat, 23 Dec 2023 05:29:51 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 17143823528256864237
                                                                                                                                                                                                                        x-cos-request-id: NjU4NjcwNGZfN2QxMzAwYl8xMWQ5MF8xM2RmNGNkMA==
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwNDQwNTgyODg0MTM3OTU
                                                                                                                                                                                                                        Content-Length: 494
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 3674794319681516589
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Vary: User-Agent,Origin
                                                                                                                                                                                                                        Cache-Control: max-age=666
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: false
                                                                                                                                                                                                                        2024-02-16 07:51:24 UTC494INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 0c 00 00 00 15 08 06 00 00 00 72 ac 0f b4 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 01 a8 49 44 41 54 38 4f 8d 93 41 6b 1a 41 14 c7 ff 6f 77 c1 16 43 8a d0 1e fc 1a 85 36 81 d8 43 c1 83 d0 8b 17 41 c8 49 d4 9d 59 17 c1 8f e0 d1 93 82 a0 3b e3 a1 82 08 a5 b4 3d 34 6d 0e f9 06 f5 50 68 69 2f 2d ed 37 c8 25 10 11 36 3a 13 66 71 43 9a e8 da b9 bd f9 bf 1f 8f f7 fe ef 11 00 04 41 70 6c 59 d6 17 c6 d8 5f 13 27 3d 12 42 54 88 e8 35 80 73 22 3a 72 5d f7 77 22 d0 ef f7 9f a4 52 a9 4f 00 0e 00 5c d8 b6 9d ab d5 6a 3f b7 41 64 84 4e a7 f3 28 93 c9 7c 06 90 03 70 e5 38 ce b3 6a b5 fa 7d 13 14 01 e6 0d 06 83 3d c7 71 4e 00 bc 5c 7f 1d 32 c6 66 77 a1 1b c0 08 dd 6e f7 61 3a 9d 7e 07 e0 95 89 89 a8 e0 ba ee d9
                                                                                                                                                                                                                        Data Ascii: PNGIHDRrsRGBIDAT8OAkAowC6CAIY;=4mPhi/-7%6:fqCAplY_'=BT5s":r]w"RO\j?AdN(|p8j}=qN\2fwna:~


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        11192.168.2.749713203.205.136.804432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:24 UTC602OUTGET /any.ptlogin2.qq.com/v1.48.1/ptlogin/js/c_login_2.js HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: qq-web-legacy.cdn-go.cn
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC841INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Nov 2023 02:30:20 GMT
                                                                                                                                                                                                                        Etag: "8a50869763c7bb96e157b849e9469367"
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Date: Wed, 15 Nov 2023 06:30:58 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 8036533545221823656
                                                                                                                                                                                                                        x-cos-request-id: NjU1NDY1YTJfYzQ4ZDFiMDlfMWQxMzhfY2Y1NTk4MA==
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4MzZkMTZiZDQxYTg4MzRiMzIwYzRkYTRjMWFkNDM3YjQ=
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwNDQwNTgyODg2ODM5NjQ
                                                                                                                                                                                                                        Content-Length: 213026
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 305053273117449055
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Refresh Hit
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Vary: User-Agent,Origin
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 6f 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 69 66 28 6f 5b 74 5d 29 72 65 74 75 72 6e 20 6f 5b 74 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 65 3d 6f 5b 74 5d 3d 7b 22 69 22 3a 74 2c 22 6c 22 3a 21 31 2c 22 65 78 70 6f 72 74 73 22 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 6e 5b 74 5d 2e 63 61 6c 6c 28 65 2e 65 78 70 6f 72 74 73 2c 65 2c 65 2e 65 78 70 6f 72 74 73 2c 69 29 2c 65 2e 6c 3d 21 30 2c 65 2e 65 78 70 6f 72 74 73 7d 69 2e 6d 3d 6e 2c 69 2e 63 3d 6f 2c 69 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 69 2e 6f 28 74 2c 65 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 65 2c 7b 22 65 6e 75 6d 65 72 61 62 6c 65 22 3a 21 30 2c 22 67 65 74 22 3a 6e 7d
                                                                                                                                                                                                                        Data Ascii: !function(n){var o={};function i(t){if(o[t])return o[t].exports;var e=o[t]={"i":t,"l":!1,"exports":{}};return n[t].call(e.exports,e,e.exports,i),e.l=!0,e.exports}i.m=n,i.c=o,i.d=function(t,e,n){i.o(t,e)||Object.defineProperty(t,e,{"enumerable":!0,"get":n}
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 65 78 4f 66 28 22 6d 73 69 65 22 29 26 26 22 42 61 63 6b 43 6f 6d 70 61 74 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 63 6f 6d 70 61 74 4d 6f 64 65 7c 7c 28 64 3d 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 3f 64 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 6e 2c 6e 75 6c 6c 29 3a 6e 2e 63 75 72 72 65 6e 74 53 74 79 6c 65 2c 75 3d 6f 2e 77 69 64 74 68 7c 7c 30 3d 3d 6f 2e 77 69 64 74 68 3f 70 61 72 73 65 49 6e 74 28 6f 2e 77 69 64 74 68 29 3a 6e 75 6c 6c 2c 63 3d 6f 2e 68 65 69 67 68 74 7c 7c 30 3d 3d 6f 2e 68 65 69 67 68 74 3f 70 61 72 73 65 49 6e 74 28 6f 2e 68 65 69 67 68 74 29 3a 6e 75 6c 6c 2c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 75 26 26 28 6c 2e 70 75 73 68 28
                                                                                                                                                                                                                        Data Ascii: exOf("msie")&&"BackCompat"==document.compatMode||(d=document.defaultView?document.defaultView.getComputedStyle(n,null):n.currentStyle,u=o.width||0==o.width?parseInt(o.width):null,c=o.height||0==o.height?parseInt(o.height):null,"number"==typeof u&&(l.push(
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 65 3d 28 6e 7c 7c 70 2e 70 61 72 73 65 29 28 65 29 29 2c 6f 5b 74 5d 3d 65 3b 62 72 65 61 6b 3b 63 61 73 65 22 70 6f 72 74 22 3a 6f 5b 74 5d 3d 65 2c 66 28 65 2c 6f 2e 70 72 6f 74 6f 63 6f 6c 29 3f 65 26 26 28 6f 2e 68 6f 73 74 3d 6f 2e 68 6f 73 74 6e 61 6d 65 2b 22 3a 22 2b 65 29 3a 28 6f 2e 68 6f 73 74 3d 6f 2e 68 6f 73 74 6e 61 6d 65 2c 6f 5b 74 5d 3d 22 22 29 3b 62 72 65 61 6b 3b 63 61 73 65 22 68 6f 73 74 6e 61 6d 65 22 3a 6f 5b 74 5d 3d 65 2c 6f 2e 70 6f 72 74 26 26 28 65 2b 3d 22 3a 22 2b 6f 2e 70 6f 72 74 29 2c 6f 2e 68 6f 73 74 3d 65 3b 62 72 65 61 6b 3b 63 61 73 65 22 68 6f 73 74 22 3a 6f 5b 74 5d 3d 65 2c 75 2e 74 65 73 74 28 65 29 3f 28 65 3d 65 2e 73 70 6c 69 74 28 22 3a 22 29 2c 6f 2e 70 6f 72 74 3d 65 2e 70 6f 70 28 29 2c 6f 2e 68 6f 73 74
                                                                                                                                                                                                                        Data Ascii: e=(n||p.parse)(e)),o[t]=e;break;case"port":o[t]=e,f(e,o.protocol)?e&&(o.host=o.hostname+":"+e):(o.host=o.hostname,o[t]="");break;case"hostname":o[t]=e,o.port&&(e+=":"+o.port),o.host=e;break;case"host":o[t]=e,u.test(e)?(e=e.split(":"),o.port=e.pop(),o.host
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 65 72 28 74 5b 6e 5d 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 3b 31 3d 3d 6f 2e 6c 65 6e 67 74 68 26 26 28 6f 3d 22 30 22 2b 6f 29 2c 65 2b 3d 6f 7d 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 79 28 74 29 7b 69 3d 6e 65 77 20 41 72 72 61 79 28 38 29 2c 75 3d 6e 65 77 20 41 72 72 61 79 28 38 29 2c 73 3d 63 3d 30 2c 70 3d 21 30 2c 61 3d 30 3b 76 61 72 20 65 3d 74 2e 6c 65 6e 67 74 68 2c 6e 3d 30 3b 30 21 3d 28 61 3d 28 65 2b 31 30 29 25 38 29 26 26 28 61 3d 38 2d 61 29 2c 64 3d 6e 65 77 20 41 72 72 61 79 28 65 2b 61 2b 31 30 29 2c 69 5b 30 5d 3d 32 35 35 26 28 32 34 38 26 68 28 29 7c 61 29 3b 66 6f 72 28 76 61 72 20 6f 3d 31 3b 6f 3c 3d 61 3b 6f 2b 2b 29 69 5b 6f 5d 3d 32 35 35 26 68 28 29 3b 61 2b 2b 3b 66 6f 72 28 6f 3d 30 3b 6f 3c 38 3b 6f 2b
                                                                                                                                                                                                                        Data Ascii: er(t[n]).toString(16);1==o.length&&(o="0"+o),e+=o}return e}function y(t){i=new Array(8),u=new Array(8),s=c=0,p=!0,a=0;var e=t.length,n=0;0!=(a=(e+10)%8)&&(a=8-a),d=new Array(e+a+10),i[0]=255&(248&h()|a);for(var o=1;o<=a;o++)i[o]=255&h();a++;for(o=0;o<8;o+
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 5d 2e 63 68 65 63 6b 2e 69 73 4d 61 69 6c 28 74 29 29 72 65 74 75 72 6e 21 30 3b 69 66 28 43 5b 22 64 65 66 61 75 6c 74 22 5d 2e 63 68 65 63 6b 2e 69 73 50 68 6f 6e 65 28 74 29 29 72 65 74 75 72 6e 20 45 2e 61 74 5f 61 63 63 6f 75 6e 74 3d 22 40 22 2b 74 2e 72 65 70 6c 61 63 65 28 2f 5e 28 38 36 7c 38 38 36 29 2f 2c 22 22 29 2c 21 30 3b 69 66 28 43 5b 22 64 65 66 61 75 6c 74 22 5d 2e 63 68 65 63 6b 2e 69 73 4e 69 63 6b 28 74 29 29 72 65 74 75 72 6e 28 30 2c 43 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 75 22 29 2e 76 61 6c 75 65 3d 74 2b 22 40 71 71 2e 63 6f 6d 22 2c 45 2e 61 63 63 6f 75 6e 74 3d 74 2b 22 40 71 71 2e 63 6f 6d 22 2c 45 2e 61 74 5f 61 63 63 6f 75 6e 74 3d 74 2b 22 40 71 71 2e 63 6f 6d 22 2c 21 30 7d 72 65 74 75 72 6e 20 43 5b 22 64 65 66 61
                                                                                                                                                                                                                        Data Ascii: ].check.isMail(t))return!0;if(C["default"].check.isPhone(t))return E.at_account="@"+t.replace(/^(86|886)/,""),!0;if(C["default"].check.isNick(t))return(0,C["default"])("u").value=t+"@qq.com",E.account=t+"@qq.com",E.at_account=t+"@qq.com",!0}return C["defa
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 4c 3d 6e 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 2c 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 68 65 61 64 22 29 5b 30 5d 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 7d 63 61 74 63 68 28 65 29 7b 7d 77 69 6e 64 6f 77 2e 5f 67 7a 7c 7c 43 5b 22 64 65 66 61 75 6c 74 22 5d 2e 72 65 70 6f 72 74 2e 6e 6c 6f 67 28 22 67 7a 69 70 e6 8e a2 e6 b5 8b e5 bc 82 e5 b8 b8 ef bc 8c e8 bf 94 e5 9b 9e e5 86 85 e5 ae b9 ef bc 9a 22 2b 6e 2e 72 65 73 70 6f 6e 73 65 54 65 78 74 2b 22 e8 bf 94 e5 9b 9e e7 a0 81 ef bc 9a 22 2b 6e 2e 73 74 61 74 75 73 2b 22 75 69 6e 3d 22 2b 43 5b 22 64 65 66 61 75 6c 74 22 5d 2e 63 6f 6f 6b 69 65 2e 67 65 74 28 22 70 74 32 67 67 75 69 6e 22 29 2c 22 34 36 32 33 34 38 22 29 7d 65 6c 73 65 20 43
                                                                                                                                                                                                                        Data Ascii: L=n.responseText,document.getElementsByTagName("head")[0].appendChild(t)}catch(e){}window._gz||C["default"].report.nlog("gzip"+n.responseText+""+n.status+"uin="+C["default"].cookie.get("pt2gguin"),"462348")}else C
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 74 6c 6f 67 69 6e 5f 63 61 6c 6c 62 61 63 6b 28 43 5b 22 64 65 66 61 75 6c 74 22 5d 2e 73 74 72 2e 6a 73 6f 6e 32 73 74 72 28 74 29 29 7d 63 61 74 63 68 28 6f 29 7b 43 5b 22 64 65 66 61 75 6c 74 22 5d 2e 72 65 70 6f 72 74 2e 6e 6c 6f 67 28 22 70 74 6c 6f 67 69 6e 5f 63 61 6c 6c 62 61 63 6b 20 22 2b 6f 2e 6d 65 73 73 61 67 65 29 7d 7d 2c 22 75 69 73 74 79 6c 65 43 4d 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 43 5b 22 64 65 66 61 75 6c 74 22 5d 2e 73 74 72 2e 6a 73 6f 6e 32 73 74 72 28 74 29 29 2c 74 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 22 2f 2f 75 69 2e 70 74 6c 6f 67 69 6e 32 2e 22 2b 78 2e 70 74 75 69 2e 64 6f 6d 61 69 6e 2b 22 2f 63
                                                                                                                                                                                                                        Data Ascii: tlogin_callback(C["default"].str.json2str(t))}catch(o){C["default"].report.nlog("ptlogin_callback "+o.message)}},"uistyleCM":function(t){var e=encodeURIComponent(C["default"].str.json2str(t)),t=document.location.protocol+"//ui.ptlogin2."+x.ptui.domain+"/c
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 68 28 6f 29 7b 69 66 28 6e 29 72 65 74 75 72 6e 3b 6e 3d 21 30 2c 73 28 65 2c 6f 29 7d 7d 61 2e 70 72 6f 74 6f 74 79 70 65 5b 22 63 61 74 63 68 22 5d 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 6e 75 6c 6c 2c 74 29 7d 2c 61 2e 70 72 6f 74 6f 74 79 70 65 2e 74 68 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 3d 6e 65 77 20 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 69 29 3b 72 65 74 75 72 6e 20 72 28 74 68 69 73 2c 6e 65 77 20 64 28 74 2c 65 2c 6e 29 29 2c 6e 7d 2c 61 2e 70 72 6f 74 6f 74 79 70 65 5b 22 66 69 6e 61 6c 6c 79 22 5d 3d 74 5b 22 61 22 5d 2c 61 2e 61 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 61 28 66 75 6e 63 74 69 6f 6e 28 69 2c 72 29
                                                                                                                                                                                                                        Data Ascii: h(o){if(n)return;n=!0,s(e,o)}}a.prototype["catch"]=function(t){return this.then(null,t)},a.prototype.then=function(t,e){var n=new this.constructor(i);return r(this,new d(t,e,n)),n},a.prototype["finally"]=t["a"],a.all=function(e){return new a(function(i,r)
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 63 68 69 6c 64 4e 6f 64 65 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 74 3d 66 75 6e 63 74 69 6f 6e 20 61 74 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 2c 6f 3d 30 3b 6f 3c 65 3b 6f 2b 2b 29 33 3d 3d 74 5b 6f 5d 2e 6c 6f 67 69 6e 54 79 70 65 26 26 28 6e 3d 28 30 2c 6b 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 71 72 5f 61 72 65 61 22 29 2c 31 3d 3d 65 3f 28 6e 26 26 28 28 30 2c 6b 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 71 72 5f 61 72 65 61 22 29 2e 63 6c 61 73 73 4e 61 6d 65 3d 22 71 72 5f 30 22 29 2c 22 31 30 33 33 22 3d 3d 66 74 2e 70 74 75 69 2e 6c 61 6e 67 26 26 28 28 30 2c 6b 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 71 6c 6f 67 69 6e 5f 73 68 6f 77 22 29 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 28 30 2c 6b 5b 22 64 65 66 61 75 6c 74 22 5d 29 28 22 71
                                                                                                                                                                                                                        Data Ascii: childNodes.length)},at=function at(t,e){for(var n,o=0;o<e;o++)3==t[o].loginType&&(n=(0,k["default"])("qr_area"),1==e?(n&&((0,k["default"])("qr_area").className="qr_0"),"1033"==ft.ptui.lang&&((0,k["default"])("qlogin_show").style.height=(0,k["default"])("q
                                                                                                                                                                                                                        2024-02-16 07:51:25 UTC16384INData Raw: 69 73 2e 74 72 79 45 6e 74 72 69 65 73 2e 6c 65 6e 67 74 68 2d 31 3b 30 3c 3d 65 3b 2d 2d 65 29 7b 76 61 72 20 6e 3d 74 68 69 73 2e 74 72 79 45 6e 74 72 69 65 73 5b 65 5d 3b 69 66 28 6e 2e 74 72 79 4c 6f 63 3d 3d 3d 74 29 7b 76 61 72 20 6f 2c 69 3d 6e 2e 63 6f 6d 70 6c 65 74 69 6f 6e 3b 72 65 74 75 72 6e 22 74 68 72 6f 77 22 3d 3d 3d 69 2e 74 79 70 65 26 26 28 6f 3d 69 2e 61 72 67 2c 43 28 6e 29 29 2c 6f 7d 7d 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 69 6c 6c 65 67 61 6c 20 63 61 74 63 68 20 61 74 74 65 6d 70 74 22 29 7d 2c 22 64 65 6c 65 67 61 74 65 59 69 65 6c 64 22 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 64 65 6c 65 67 61 74 65 3d 7b 22 69 74 65 72 61 74 6f 72 22 3a 71 28 74 29 2c 22 72 65 73 75
                                                                                                                                                                                                                        Data Ascii: is.tryEntries.length-1;0<=e;--e){var n=this.tryEntries[e];if(n.tryLoc===t){var o,i=n.completion;return"throw"===i.type&&(o=i.arg,C(n)),o}}throw new Error("illegal catch attempt")},"delegateYield":function(t,e,n){return this.delegate={"iterator":q(t),"resu


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        12192.168.2.749716129.226.103.1624432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC894OUTGET /style/0/images/load.gif HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ui.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC269INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:27 GMT
                                                                                                                                                                                                                        Content-Type: image/gif
                                                                                                                                                                                                                        Content-Length: 771
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: QZHTTP-2.38.41
                                                                                                                                                                                                                        Last-Modified: Tue, 18 Oct 2022 10:20:43 GMT
                                                                                                                                                                                                                        Cache-Control: public; max-age=86400
                                                                                                                                                                                                                        Expires: Sat, 17 Feb 2024 07:51:27 GMT
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC771INData Raw: 47 49 46 38 39 61 10 00 10 00 b3 0c 00 aa a8 a0 91 8e 86 9d 9b 93 b7 b5 ad 9d 9b 92 b7 b5 ac 90 8f 86 aa a8 9f c3 c1 b9 d0 ce c5 77 75 6c 84 82 79 ff ff ff 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 05 00 00 0c 00 2c 00 00 00 00 10 00 10 00 00 04 4f 90 c9 c9 8c a1 98 06 7b b3 14 04 b3 59 cc b2 60 02 18 92 a6 49 a5 44 38 b5 e7 2b 53 ee 04 00 de a4 28 8c 83 f0 d0 fb fd 86 44 8f 11 28 ec 49 7e 94 c2 20 93 48 60 0a d2 e9 a4 5a 8d 66 19 08 04 83 6b 8d 4e c3 e1 71 d9 83 16 3b 27 e9 4c 04 00 21 f9 04 05 00 00 0c 00 2c 00 00 00 00 10 00 10 00 00 04 4e 90 c9 c9 04 a1 98 0a 7b b3 04 40 c5 31 86 81 1d e8 51 5d 41 69 4e a9 3a b5 e5 29 53 f5 54 0c de b4 2c 8c c2 8e e7 f9 fd 84 03 62 c6 08 dc f5 24 3f 0a 02 91 51 28 30
                                                                                                                                                                                                                        Data Ascii: GIF89awuly!NETSCAPE2.0!,O{Y`ID8+S(D(I~ H`ZfkNq;'L!,N{@1Q]AiN:)ST,b$?Q(0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        13192.168.2.749717129.226.103.1624432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC998OUTGET /cross_proxy.html HTTP/1.1
                                                                                                                                                                                                                        Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ui.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC270INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:27 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 1765
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: QZHTTP-2.38.41
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Nov 2023 02:30:11 GMT
                                                                                                                                                                                                                        Cache-Control: public; max-age=86400
                                                                                                                                                                                                                        Expires: Sat, 17 Feb 2024 07:51:27 GMT
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC1765INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 70
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>p


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        14192.168.2.749718203.205.136.804432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC626OUTGET /any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/20/images/shouQ_v2/qr_tips.png HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: qq-web-legacy.cdn-go.cn
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC593INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                        Content-Type: application/xml
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:43:00 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        x-cos-request-id: NjVjZjEyMDRfNjczNTJjMGJfMjEyYzRfNzk0MmY4ZQ==
                                                                                                                                                                                                                        x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWRlZDk5YzgyOTg0ZTg2ODA1ODFjOGY0MWFhYWFhOTdmZWZiMTE1MDY5YzA1ZGY5MzIyY2I1OTg3YjI4MDViMDI=
                                                                                                                                                                                                                        Content-Length: 511
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 1295915586044575746
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Vary: User-Agent,Origin
                                                                                                                                                                                                                        Cache-Control: max-age=666
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: false
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC511INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 27 31 2e 30 27 20 65 6e 63 6f 64 69 6e 67 3d 27 75 74 66 2d 38 27 20 3f 3e 0a 3c 45 72 72 6f 72 3e 0a 09 3c 43 6f 64 65 3e 4e 6f 53 75 63 68 4b 65 79 3c 2f 43 6f 64 65 3e 0a 09 3c 4d 65 73 73 61 67 65 3e 54 68 65 20 73 70 65 63 69 66 69 65 64 20 6b 65 79 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73 74 2e 3c 2f 4d 65 73 73 61 67 65 3e 0a 09 3c 52 65 73 6f 75 72 63 65 3e 2f 71 71 2d 77 65 62 2d 6c 65 67 61 63 79 2f 61 6e 79 2e 70 74 6c 6f 67 69 6e 32 2e 71 71 2e 63 6f 6d 2f 76 31 2e 34 38 2e 31 2f 70 74 6c 6f 67 69 6e 2f 76 34 2f 73 74 79 6c 65 2f 32 30 2f 69 6d 61 67 65 73 2f 73 68 6f 75 51 5f 76 32 2f 71 72 5f 74 69 70 73 2e 70 6e 67 3c 2f 52 65 73 6f 75 72 63 65 3e 0a 09 3c 52 65 71 75 65 73 74 49 64 3e 4e 6a 56 6a
                                                                                                                                                                                                                        Data Ascii: <?xml version='1.0' encoding='utf-8' ?><Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Resource>/qq-web-legacy/any.ptlogin2.qq.com/v1.48.1/ptlogin/v4/style/20/images/shouQ_v2/qr_tips.png</Resource><RequestId>NjVj


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        15192.168.2.74972143.135.106.654432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC703OUTGET /report/007?app=qfingerprint-device-id&url=device-id%2Funsupport&type=1&httpcode=undefined&retcode=9999&cost=10086 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: report.qqweb.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC264INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:27 GMT
                                                                                                                                                                                                                        Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Powered-By: TSW/Node.js
                                                                                                                                                                                                                        Server: TSW/1.4.3
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Mod-Map: report_007
                                                                                                                                                                                                                        Cache-Offline: false
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC32INData Raw: 31 61 0d 0a 7b 22 63 6f 64 65 22 3a 30 2c 22 6d 73 67 22 3a 22 73 75 63 63 65 73 73 22 7d 0d 0a
                                                                                                                                                                                                                        Data Ascii: 1a{"code":0,"msg":"success"}
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        16192.168.2.749723129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:27 UTC908OUTGET /ptqrshow?appid=21000124&e=2&l=M&s=3&d=72&v=4&t=0.07547320607663266&daid=8&pt_3rd_aid=0&u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:28 UTC481INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:28 GMT
                                                                                                                                                                                                                        Content-Length: 444
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        P3P: CP=CAO PSA OUR
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        Set-Cookie: qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28;Path=/;Domain=ptlogin2.qq.com;Secure;SameSite=None;
                                                                                                                                                                                                                        2024-02-16 07:51:28 UTC444INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6f 00 00 00 6f 01 00 00 00 00 ca be a3 cd 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 01 6e 49 44 41 54 38 8d b5 d5 31 aa c3 30 0c 06 60 85 0c de d2 0b 18 7c 0d 6f bd 52 7c 81 38 bd 40 7a 25 6f be 86 c1 17 48 36 0f a6 7a bf db 52 78 43 ad 0c ef 95 52 f8 0a 89 25 45 52 88 7f 7d e8 0f 59 89 b4 8f 75 b1 69 26 f2 12 3d eb 59 e9 4b 49 8e ab c8 59 19 0e f8 93 8f a0 4f 50 0f d1 6c 4a bb 53 34 ab 32 0f 5b cf d0 b3 d9 ac 9e 89 8f 77 90 3d 22 5f 17 db f7 93 fe 77 a2 7c 95 54 5e d5 a7 b0 1d d6 d9 8e b7 68 56 44 55 92 17 88 60 78 27 7e a8 7c 2b 86 05 b6 34 e9 5a 07 a6 85 da ad fa 5c ae c8 22 1f ed ac cc 12 27 a2 45 55 b2 7a a2 56 9c 2e 99 23 82 d7 1e 65 e4 91 25 de 18 51 d1 64 0d b3 91
                                                                                                                                                                                                                        Data Ascii: PNGIHDRoopHYsnIDAT810`|oR|8@z%oH6zRxCR%ER}Yui&=YKIYOPlJS42[w="_w|T^hVDU`x'~|+4Z\"'EUzV.#e%Qd


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        17192.168.2.749724129.226.103.1624432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:28 UTC896OUTGET /cgi-bin/report?id=2732844 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ui.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:28 UTC205INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:28 GMT
                                                                                                                                                                                                                        Content-Type: image/bmp;
                                                                                                                                                                                                                        Content-Length: 66
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: QZHTTP-2.38.41
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Cache-Control: no-cache; must-revalidate
                                                                                                                                                                                                                        2024-02-16 07:51:28 UTC66INData Raw: 42 4d 42 00 00 00 00 00 00 00 3e 00 00 00 28 00 00 00 01 00 00 00 01 00 00 00 01 00 01 00 00 00 00 00 04 00 00 00 c3 0e 00 00 c3 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 80 00 00 00
                                                                                                                                                                                                                        Data Ascii: BMB>(


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        18192.168.2.74972552.165.165.26443
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=h7TpwPWTnx9b8Nd&MD=UGSOSwfe HTTP/1.1
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                        Host: slscr.update.microsoft.com
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                                                                                                                        MS-CorrelationId: a5c0f1dd-0c73-4de9-b678-7bee91a18dd1
                                                                                                                                                                                                                        MS-RequestId: 940a54de-f9b0-4481-b915-fc8541634457
                                                                                                                                                                                                                        MS-CV: E6oOvNfXM0isr2TZ.0
                                                                                                                                                                                                                        X-Microsoft-SLSClientCache: 2880
                                                                                                                                                                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:28 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Length: 24490
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                                                                                                                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                                                                                                                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        19192.168.2.749722157.255.220.1684432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC600OUTGET /TCaptcha.js HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.captcha.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:29 GMT
                                                                                                                                                                                                                        Content-Type: text/javascript
                                                                                                                                                                                                                        Content-Length: 81536
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        P3P: CP=CAO PSA OUR
                                                                                                                                                                                                                        Server: Trpc httpd
                                                                                                                                                                                                                        Server: tencent http server
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Cache-Control: max-age=600
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC2580INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 61 28 69 29 7b 69 66 28 74 5b 69 5d 29 72 65 74 75 72 6e 20 74 5b 69 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 72 3d 74 5b 69 5d 3d 7b 69 3a 69 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 5f 5f 65 73 4d 6f 64 75 6c 65 3a 20 75 6e 64 65 66 69 6e 65 64 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 69 5d 2e 63 61 6c 6c 28 72 2e 65 78 70 6f 72 74 73 2c 72 2c 72 2e 65 78 70 6f 72 74 73 2c 61 29 2c 72 2e 6c 3d 21 30 2c 72 2e 65 78 70 6f 72 74 73 7d 61 2e 6d 3d 65 2c 61 2e 63 3d 74 2c 61 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 69 29 7b 61 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c
                                                                                                                                                                                                                        Data Ascii: !function(e){var t={};function a(i){if(t[i])return t[i].exports;var r=t[i]={i:i,l:!1,exports:{__esModule: undefined}};return e[i].call(r.exports,r,r.exports,a),r.l=!0,r.exports}a.m=e,a.c=t,a.d=function(e,t,i){a.o(e,t)||Object.defineProperty(e,t,{enumerabl
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC4096INData Raw: 6e 74 53 74 79 6c 65 5b 74 5d 3a 77 69 6e 64 6f 77 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 65 2c 6e 75 6c 6c 29 5b 74 5d 7d 3b 74 2e 73 65 74 43 73 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 65 26 26 74 26 26 72 2e 69 73 4f 62 6a 65 63 74 28 74 29 29 7b 66 6f 72 28 76 61 72 20 61 20 69 6e 20 74 29 74 72 79 7b 65 2e 73 74 79 6c 65 5b 61 5d 3d 74 5b 61 5d 7d 63 61 74 63 68 28 69 29 7b 7d 72 65 74 75 72 6e 20 74 7d 7d 3b 74 2e 61 64 64 43 6c 61 73 73 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 65 2e 63 6c 61 73 73 4c 69 73 74 29 65 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 74 29 3b 65 6c 73 65 7b 76 61 72 20 61 3d 65 2e 63 6c 61 73 73 4e 61 6d 65 2c 69 3d 61 2b 28 22 22 21 3d 3d 61 3f 22 20 22 3a 22 22 29 2b 74 3b 65
                                                                                                                                                                                                                        Data Ascii: ntStyle[t]:window.getComputedStyle(e,null)[t]};t.setCss=function(e,t){if(e&&t&&r.isObject(t)){for(var a in t)try{e.style[a]=t[a]}catch(i){}return t}};t.addClass=function(e,t){if(e.classList)e.classList.add(t);else{var a=e.className,i=a+(""!==a?" ":"")+t;e
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC4096INData Raw: 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 61 3b 66 6f 72 28 61 20 69 6e 20 74 29 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 5b 61 5d 26 26 28 65 3d 69 28 65 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 22 22 2b 74 5b 61 5d 29 29 29 3b 72 65 74 75 72 6e 20 65 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 65 2e 65 78 70 6f 72 74 73 3d 74 7d 29 2e 63 61 6c 6c 28 74 68 69 73 2c 7b 7d 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 69 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 72 3d 4f 62 6a
                                                                                                                                                                                                                        Data Ascii: function(e,t){var a;for(a in t)"undefined"!=typeof t[a]&&(e=i(e,encodeURIComponent(a),encodeURIComponent(""+t[a])));return e}},function(e,t){(function(t){e.exports=t}).call(this,{})},function(e,t,a){"use strict";var i=Object.prototype.hasOwnProperty,r=Obj
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC3200INData Raw: 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 61 2c 21 31 29 3a 65 2e 61 74 74 61 63 68 45 76 65 6e 74 3f 65 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 74 2c 61 29 3a 65 5b 22 6f 6e 22 2b 74 5d 3d 61 29 7d 2c 72 65 6d 6f 76 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 65 26 26 28 65 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 65 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 61 2c 21 31 29 3a 65 2e 64 65 74 61 63 68 45 76 65 6e 74 3f 65 2e 64 65 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 22 2b 74 2c 61 29 3a 65 5b 22 6f 6e 22 2b 74 5d 3d 6e 75 6c 6c 29 7d 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b
                                                                                                                                                                                                                        Data Ascii: ntListener?e.addEventListener(t,a,!1):e.attachEvent?e.attachEvent("on"+t,a):e["on"+t]=a)},remove:function(e,t,a){e&&(e.removeEventListener?e.removeEventListener(t,a,!1):e.detachEvent?e.detachEvent("on"+t,a):e["on"+t]=null)}}},function(e,t,a){"use strict";
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC1424INData Raw: 75 39 36 65 33 5c 75 66 66 30 63 5c 75 35 64 66 32 5c 75 37 30 62 61 5c 75 34 66 36 30 5c 75 36 36 66 34 5c 75 36 33 64 62 5c 75 39 38 34 63 5c 75 37 36 65 65 22 2c 22 5c 75 37 64 62 32 5c 75 37 64 36 31 5c 75 35 30 35 63 5c 75 39 38 31 33 5c 75 34 65 38 36 5c 75 34 65 30 30 5c 75 34 65 30 62 28 2b 29 5c 75 66 66 30 63 5c 75 35 31 38 64 5c 75 38 61 36 36 5c 75 34 65 30 30 5c 75 36 62 32 31 5c 75 35 34 32 37 22 2c 22 61 70 70 69 64 5c 75 36 32 34 30 5c 75 35 63 36 63 5c 75 35 37 33 30 5c 75 35 37 64 66 5c 75 38 32 30 37 5c 75 35 62 65 36 5c 75 39 36 39 62 5c 75 34 66 37 66 5c 75 37 35 32 38 5c 75 35 37 33 30 5c 75 35 37 64 66 5c 75 34 65 30 64 5c 75 37 62 32 36 5c 75 66 66 30 63 5c 75 38 61 63 62 5c 75 38 30 36 66 5c 75 37 63 66 62 5c 75 39 61 35 37 5c 75
                                                                                                                                                                                                                        Data Ascii: u96e3\uff0c\u5df2\u70ba\u4f60\u66f4\u63db\u984c\u76ee","\u7db2\u7d61\u505c\u9813\u4e86\u4e00\u4e0b(+)\uff0c\u518d\u8a66\u4e00\u6b21\u5427","appid\u6240\u5c6c\u5730\u57df\u8207\u5be6\u969b\u4f7f\u7528\u5730\u57df\u4e0d\u7b26\uff0c\u8acb\u806f\u7cfb\u9a57\u
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC4096INData Raw: 53 77 69 74 63 68 20 74 6f 20 53 74 61 6e 64 61 72 64 20 6d 6f 64 65 22 2c 22 54 6f 6f 20 64 69 66 66 69 63 75 6c 74 3f 20 53 77 69 74 63 68 20 74 6f 20 53 69 6d 70 6c 65 20 6d 6f 64 65 22 2c 22 46 65 65 64 62 61 63 6b 22 2c 22 54 72 79 20 61 20 6e 65 77 20 63 61 70 74 63 68 61 22 2c 22 49 6d 61 67 65 20 6c 6f 61 64 69 6e 67 20 66 61 69 6c 65 64 2e 20 43 6c 69 63 6b 20 74 6f 20 72 65 66 72 65 73 68 22 2c 22 56 65 72 69 66 69 63 61 74 69 6f 6e 20 70 61 73 73 65 64 22 2c 22 4e 65 74 77 6f 72 6b 20 74 69 6d 65 64 20 6f 75 74 2e 20 50 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 2e 22 2c 22 56 65 72 69 66 69 63 61 74 69 6f 6e 20 66 61 69 6c 65 64 2e 20 54 72 79 20 61 67 61 69 6e 2e 22 2c 22 4f 70 65 72 61 74 69 6f 6e 20 74 6f 6f 20 6f 66 74 65 6e 2e 20 50 6c
                                                                                                                                                                                                                        Data Ascii: Switch to Standard mode","Too difficult? Switch to Simple mode","Feedback","Try a new captcha","Image loading failed. Click to refresh","Verification passed","Network timed out. Please try again.","Verification failed. Try again.","Operation too often. Pl
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC176INData Raw: 74 61 72 64 65 2e 22 2c 22 4d 75 69 74 6f 20 64 69 66 5c 78 65 64 63 69 6c 3f 20 54 65 6e 74 65 20 6f 75 74 72 6f 22 2c 22 45 72 72 6f 20 64 65 20 72 65 64 65 20 28 2b 29 2e 20 54 65 6e 74 65 20 6e 6f 76 61 6d 65 6e 74 65 2e 22 2c 22 4f 20 41 70 70 49 44 20 6e 5c 78 65 33 6f 20 63 6f 72 72 65 73 70 6f 6e 64 65 20 61 6f 20 6c 6f 63 61 6c 20 72 65 61 6c 2e 20 45 6e 74 72 65 20 65 6d 20 63 6f 6e 74 61 74 6f 20 63 6f 6d 20 61 20 65 71 75 69 70 65 20 64 6f 20 43 61 70 74 63 68 61 2e 22 5d 2c 69 64 3a 5b 22 56 65 72 69 66 69 6b
                                                                                                                                                                                                                        Data Ascii: tarde.","Muito dif\xedcil? Tente outro","Erro de rede (+). Tente novamente.","O AppID n\xe3o corresponde ao local real. Entre em contato com a equipe do Captcha."],id:["Verifik
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC4096INData Raw: 61 73 69 22 2c 22 4b 65 6d 62 61 6c 69 22 2c 22 4d 6f 64 65 20 73 65 64 65 72 68 61 6e 61 22 2c 22 4d 6f 64 65 20 73 74 61 6e 64 61 72 22 2c 22 4f 6b 65 22 2c 22 4d 6f 64 65 20 73 65 64 65 72 68 61 6e 61 22 2c 22 4d 6f 64 65 20 73 74 61 6e 64 61 72 22 2c 22 4b 65 6c 75 61 72 20 76 65 72 69 66 69 6b 61 73 69 22 2c 22 42 65 72 61 6c 69 68 20 6b 65 20 6d 6f 64 65 20 53 74 61 6e 64 61 72 22 2c 22 54 65 72 6c 61 6c 75 20 73 75 6c 69 74 3f 20 42 65 72 61 6c 69 68 20 6b 65 20 6d 6f 64 65 20 53 65 64 65 72 68 61 6e 61 22 2c 22 4d 61 73 75 6b 61 6e 22 2c 22 43 6f 62 61 20 63 61 70 74 63 68 61 20 62 61 72 75 22 2c 22 47 61 6d 62 61 72 20 67 61 67 61 6c 20 64 69 6d 75 61 74 2e 20 4b 6c 69 6b 20 75 6e 74 75 6b 20 6d 65 72 65 66 72 65 73 68 22 2c 22 56 65 72 69 66 69
                                                                                                                                                                                                                        Data Ascii: asi","Kembali","Mode sederhana","Mode standar","Oke","Mode sederhana","Mode standar","Keluar verifikasi","Beralih ke mode Standar","Terlalu sulit? Beralih ke mode Sederhana","Masukan","Coba captcha baru","Gambar gagal dimuat. Klik untuk merefresh","Verifi
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC1600INData Raw: 62 5c 75 31 30 34 62 20 5c 75 31 30 31 62 5c 75 31 30 32 65 5c 75 31 30 31 36 5c 75 31 30 31 62 5c 75 31 30 30 30 5c 75 31 30 33 61 5c 75 31 30 31 62 5c 75 31 30 33 65 5c 75 31 30 33 61 5c 75 31 30 31 63 5c 75 31 30 32 66 5c 75 31 30 31 35 5c 75 31 30 33 61 5c 75 31 30 31 62 5c 75 31 30 31 34 5c 75 31 30 33 61 5c 75 31 30 31 34 5c 75 31 30 33 65 5c 75 31 30 32 64 5c 75 31 30 31 35 5c 75 31 30 33 61 22 2c 22 5c 75 31 30 32 31 5c 75 31 30 31 30 5c 75 31 30 30 61 5c 75 31 30 33 61 5c 75 31 30 31 35 5c 75 31 30 33 63 5c 75 31 30 32 66 5c 75 31 30 30 31 5c 75 31 30 33 63 5c 75 31 30 30 34 5c 75 31 30 33 61 5c 75 31 30 33 38 5c 75 31 30 32 31 5c 75 31 30 33 31 5c 75 31 30 32 63 5c 75 31 30 30 34 5c 75 31 30 33 61 22 2c 22 5c 75 31 30 30 30 5c 75 31 30 33 64 5c
                                                                                                                                                                                                                        Data Ascii: b\u104b \u101b\u102e\u1016\u101b\u1000\u103a\u101b\u103e\u103a\u101c\u102f\u1015\u103a\u101b\u1014\u103a\u1014\u103e\u102d\u1015\u103a","\u1021\u1010\u100a\u103a\u1015\u103c\u102f\u1001\u103c\u1004\u103a\u1038\u1021\u1031\u102c\u1004\u103a","\u1000\u103d\
                                                                                                                                                                                                                        2024-02-16 07:51:29 UTC4096INData Raw: 66 72 3a 5b 22 56 5c 78 65 39 72 69 66 69 63 61 74 69 6f 6e 22 2c 22 52 65 74 6f 75 72 22 2c 22 4d 6f 64 65 20 73 69 6d 70 6c 65 22 2c 22 4d 6f 64 65 20 73 74 61 6e 64 61 72 64 22 2c 22 4f 4b 22 2c 22 4d 6f 64 65 20 73 69 6d 70 6c 65 22 2c 22 4d 6f 64 65 20 73 74 61 6e 64 61 72 64 22 2c 22 41 72 72 5c 78 65 61 74 65 72 20 6c 61 20 76 5c 78 65 39 72 69 66 69 63 61 74 69 6f 6e 22 2c 22 50 61 73 73 65 7a 20 65 6e 20 6d 6f 64 65 20 73 74 61 6e 64 61 72 64 22 2c 22 54 72 6f 70 20 64 69 66 66 69 63 69 6c 65 5c 78 61 30 3f 20 50 61 73 73 65 7a 20 65 6e 20 6d 6f 64 65 20 73 69 6d 70 6c 65 22 2c 22 43 6f 6d 6d 65 6e 74 61 69 72 65 73 22 2c 22 45 73 73 61 79 65 7a 20 75 6e 20 6e 6f 75 76 65 61 75 20 63 61 70 74 63 68 61 22 2c 22 49 6d 61 67 65 20 6e 6f 6e 20 63 68
                                                                                                                                                                                                                        Data Ascii: fr:["V\xe9rification","Retour","Mode simple","Mode standard","OK","Mode simple","Mode standard","Arr\xeater la v\xe9rification","Passez en mode standard","Trop difficile\xa0? Passez en mode simple","Commentaires","Essayez un nouveau captcha","Image non ch


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        20192.168.2.749734142.251.32.1104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC752OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                                                                                                                                                                                        Host: clients2.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        X-Goog-Update-Interactivity: fg
                                                                                                                                                                                                                        X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                                                                                                                                                                                                                        X-Goog-Update-Updater: chromecrx-117.0.5938.134
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC732INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-goujl2tLy-Y5xPU8cktj1g' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:30 GMT
                                                                                                                                                                                                                        Content-Type: text/xml; charset=UTF-8
                                                                                                                                                                                                                        X-Daynum: 6254
                                                                                                                                                                                                                        X-Daystart: 85890
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                        Server: GSE
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC520INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 32 35 34 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 38 35 38 39 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                                                                                                                                                                                        Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6254" elapsed_seconds="85890"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC200INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        21192.168.2.749735142.250.31.844437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC680OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                                                                                                                                                                                                        Host: accounts.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 1
                                                                                                                                                                                                                        Origin: https://www.google.com
                                                                                                                                                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: NID=511=nNadqW9uTcY0OP6I3afnr71o6EzaYLsdpW4UEYN3vYq_rbRrNFxM1jozPGuhjORBZKKMz2tdDpVe7dNuTWp4CyK-zt5Is6wVElveWAfKQgwNJiKKtXHCCCmrlgzZTl5CiKjTeA2iQqf6zlRK2h8wg1hVpIsWsaKqaWJyHMPF3JA
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC1OUTData Raw: 20
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC1799INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                        Access-Control-Allow-Origin: https://www.google.com
                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:30 GMT
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-GfSsSlsrE_C4UgrFnEyx4g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                                                                                                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                                                                        reporting-endpoints: default="/_/IdentityListAccountsHttp/web-reports?context=eJzjMtDikmII1pBiOHxtB5Meyy0mIyCe2_2UaSEQH4x7znQUiHf4eLA4pc9gDQJiIR6OphV71rEJdDTPOcEEALPcFvQ"
                                                                                                                                                                                                                        Server: ESF
                                                                                                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Accept-Ranges: none
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC23INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                                                                                                                                                                                                        Data Ascii: 11["gaia.l.a.r",[]]
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                        22192.168.2.749736104.98.116.138443
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC2205OUTPOST /threshold/xls.aspx HTTP/1.1
                                                                                                                                                                                                                        Origin: https://www.bing.com
                                                                                                                                                                                                                        Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Content-type: text/xml
                                                                                                                                                                                                                        X-Agent-DeviceId: 01000A4109005EFE
                                                                                                                                                                                                                        X-BM-CBT: 1696492382
                                                                                                                                                                                                                        X-BM-DateFormat: dd/MM/yyyy
                                                                                                                                                                                                                        X-BM-DeviceDimensions: 784x984
                                                                                                                                                                                                                        X-BM-DeviceDimensionsLogical: 784x984
                                                                                                                                                                                                                        X-BM-DeviceScale: 100
                                                                                                                                                                                                                        X-BM-DTZ: 60
                                                                                                                                                                                                                        X-BM-Market: CH
                                                                                                                                                                                                                        X-BM-Theme: 000000;0078d7
                                                                                                                                                                                                                        X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                                                                                                                        X-Device-ClientSession: 7964DE11F2244989AF4CA95A808EA94C
                                                                                                                                                                                                                        X-Device-isOptin: false
                                                                                                                                                                                                                        X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                                                                                                                        X-Device-OSSKU: 48
                                                                                                                                                                                                                        X-Device-Touch: false
                                                                                                                                                                                                                        X-DeviceID: 01000A4109005EFE
                                                                                                                                                                                                                        X-MSEdge-ExternalExp: bfbwsbcm0921cf,d-thshld42,websuganno_t2,wsbmsaqfuxt3,wsbqfasmsall_t,wsbqfminiserp500,wsbref-t,wsbuacf
                                                                                                                                                                                                                        X-MSEdge-ExternalExpType: JointCoord
                                                                                                                                                                                                                        X-PositionerType: Desktop
                                                                                                                                                                                                                        X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                                                                                                                        X-Search-CortanaAvailableCapabilities: None
                                                                                                                                                                                                                        X-Search-SafeSearch: Moderate
                                                                                                                                                                                                                        X-Search-TimeZone: Bias=0; DaylightBias=-60; TimeZoneKeyName=GMT Standard Time
                                                                                                                                                                                                                        X-UserAgeClass: Unknown
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                                                                                                                        Host: www.bing.com
                                                                                                                                                                                                                        Content-Length: 516
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Cookie: SRCHUID=V=2&GUID=19565074ACE142FCABAF0CDCC0DFAAEB&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&LUT=1696492216762&IPMH=45187fb8&IPMID=1696492382078&HV=1696492289; CortanaAppUID=FE52A12E95B5DF3DB5902D0602A16B66; MUID=A92BA4E78D2946A0AFDA5029FA43D7A8; _SS=SID=21E2F496C67F672E2F62E737C76966EF&CPID=1696492383022&AC=1&CPH=644b7eae; _EDGE_S=SID=21E2F496C67F672E2F62E737C76966EF; MUIDB=A92BA4E78D2946A0AFDA5029FA43D7A8
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC1OUTData Raw: 3c
                                                                                                                                                                                                                        Data Ascii: <
                                                                                                                                                                                                                        2024-02-16 07:51:30 UTC515OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 41 39 32 42 41 34 45 37 38 44 32 39 34 36 41 30 41 46 44 41 35 30 32 39 46 41 34 33 44 37 41 38 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 37 35 31 45 39 44 31 37 45 34 43 44 34 32 45 42 41 41 36 41 45 35 39 41 36 45 44 35 43 32 32 41 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
                                                                                                                                                                                                                        Data Ascii: ClientInstRequest><CID>A92BA4E78D2946A0AFDA5029FA43D7A8</CID><Events><E><T>Event.ClientInst</T><IG>751E9D17E4CD42EBAA6AE59A6ED5C22A</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC480INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                        X-MSEdge-Ref: Ref A: 637B0394AF0B412D8D2CDAF93E431187 Ref B: LAX311000111035 Ref C: 2024-02-16T07:51:31Z
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:31 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=93600
                                                                                                                                                                                                                        X-CDN-TraceID: 0.86746268.1708069891.116a9139


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        23192.168.2.74974143.152.136.1774432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC573OUTGET /1/tcaptcha-frame.28d99140.js HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: captcha.gtimg.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC673INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Tue, 23 Jan 2024 09:40:30 GMT
                                                                                                                                                                                                                        Etag: "706b3daf5cb9e7f198fd91c8ce9d727a"
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Date: Thu, 25 Jan 2024 16:08:02 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 15199421889656475905
                                                                                                                                                                                                                        x-cos-request-id: NjViMjg3NjJfYWRmNDNjMGJfMjQxYWRfNDhiODdmZQ==
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwMzgwNzA4Nzg2ODc1MzQ
                                                                                                                                                                                                                        x-cosindex-replication-status: Complete
                                                                                                                                                                                                                        Content-Length: 169192
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 17511493730933382689
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 69 28 72 29 7b 69 66 28 74 5b 72 5d 29 72 65 74 75 72 6e 20 74 5b 72 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 61 3d 74 5b 72 5d 3d 7b 69 3a 72 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 5f 5f 65 73 4d 6f 64 75 6c 65 3a 20 75 6e 64 65 66 69 6e 65 64 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 2e 63 61 6c 6c 28 61 2e 65 78 70 6f 72 74 73 2c 61 2c 61 2e 65 78 70 6f 72 74 73 2c 69 29 2c 61 2e 6c 3d 21 30 2c 61 2e 65 78 70 6f 72 74 73 7d 69 2e 6d 3d 65 2c 69 2e 63 3d 74 2c 69 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 69 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c
                                                                                                                                                                                                                        Data Ascii: !function(e){var t={};function i(r){if(t[r])return t[r].exports;var a=t[r]={i:r,l:!1,exports:{__esModule: undefined}};return e[r].call(a.exports,a,a.exports,i),a.l=!0,a.exports}i.m=e,i.c=t,i.d=function(e,t,r){i.o(e,t)||Object.defineProperty(e,t,{enumerabl
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 33 30 35 66 5c 75 33 30 30 32 5c 75 33 30 61 66 5c 75 33 30 65 61 5c 75 33 30 63 33 5c 75 33 30 61 66 5c 75 33 30 35 37 5c 75 33 30 36 36 5c 75 36 36 66 34 5c 75 36 35 62 30 5c 75 33 30 35 37 5c 75 33 30 36 36 5c 75 33 30 34 66 5c 75 33 30 36 30 5c 75 33 30 35 35 5c 75 33 30 34 34 22 2c 22 5c 75 38 61 38 64 5c 75 38 61 33 63 5c 75 33 30 36 62 5c 75 36 32 31 30 5c 75 35 32 39 66 5c 75 33 30 35 37 5c 75 33 30 37 65 5c 75 33 30 35 37 5c 75 33 30 35 66 22 2c 22 5c 75 33 30 61 34 5c 75 33 30 66 33 5c 75 33 30 62 66 5c 75 33 30 66 63 5c 75 33 30 63 64 5c 75 33 30 63 33 5c 75 33 30 63 38 5c 75 36 33 61 35 5c 75 37 64 39 61 5c 75 33 30 34 63 5c 75 33 30 62 66 5c 75 33 30 61 34 5c 75 33 30 65 30 5c 75 33 30 61 32 5c 75 33 30 61 36 5c 75 33 30 63 38 5c 75 33 30 35
                                                                                                                                                                                                                        Data Ascii: 305f\u3002\u30af\u30ea\u30c3\u30af\u3057\u3066\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044","\u8a8d\u8a3c\u306b\u6210\u529f\u3057\u307e\u3057\u305f","\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u63a5\u7d9a\u304c\u30bf\u30a4\u30e0\u30a2\u30a6\u30c8\u305
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 30 65 62 30 5c 75 30 65 61 35 5c 75 30 65 62 38 5c 75 30 65 39 39 5c 75 30 65 62 32 5c 75 30 65 61 35 5c 75 30 65 61 64 5c 75 30 65 38 37 5c 75 30 65 63 33 5c 75 30 65 64 64 5c 75 30 65 63 38 2e 22 2c 22 5c 75 30 65 38 31 5c 75 30 65 62 32 5c 75 30 65 39 39 5c 75 30 65 38 31 5c 75 30 65 61 37 5c 75 30 65 39 34 5c 75 30 65 61 61 5c 75 30 65 61 64 5c 75 30 65 39 61 5c 75 30 65 39 61 5c 75 30 65 63 64 5c 75 30 65 63 38 5c 75 30 65 61 61 5c 75 30 65 62 33 5c 75 30 65 63 30 5c 75 30 65 61 35 5c 75 30 65 62 31 5c 75 30 65 39 34 2e 20 5c 75 30 65 61 35 5c 75 30 65 61 64 5c 75 30 65 38 37 5c 75 30 65 63 33 5c 75 30 65 64 64 5c 75 30 65 63 38 5c 75 30 65 61 64 5c 75 30 65 62 35 5c 75 30 65 38 31 2e 22 2c 22 5c 75 30 65 38 31 5c 75 30 65 62 32 5c 75 30 65 39 39 5c
                                                                                                                                                                                                                        Data Ascii: 0eb0\u0ea5\u0eb8\u0e99\u0eb2\u0ea5\u0ead\u0e87\u0ec3\u0edd\u0ec8.","\u0e81\u0eb2\u0e99\u0e81\u0ea7\u0e94\u0eaa\u0ead\u0e9a\u0e9a\u0ecd\u0ec8\u0eaa\u0eb3\u0ec0\u0ea5\u0eb1\u0e94. \u0ea5\u0ead\u0e87\u0ec3\u0edd\u0ec8\u0ead\u0eb5\u0e81.","\u0e81\u0eb2\u0e99\
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 64 6f 72 69 7c 65 70 69 70 68 61 6e 79 7c 73 69 6c 6b 7c 73 6b 79 66 69 72 65 7c 6f 76 69 62 72 6f 77 73 65 72 7c 62 6f 6c 74 7c 69 72 6f 6e 7c 76 69 76 61 6c 64 69 7c 69 72 69 64 69 75 6d 7c 70 68 61 6e 74 6f 6d 6a 73 7c 62 6f 77 73 65 72 7c 71 75 61 72 6b 7c 71 75 70 7a 69 6c 6c 61 7c 66 61 6c 6b 6f 6e 7c 72 65 6b 6f 6e 71 7c 70 75 66 66 69 6e 7c 62 72 61 76 65 7c 77 68 61 6c 65 28 3f 21 2e 2b 6e 61 76 65 72 29 7c 71 71 62 72 6f 77 73 65 72 6c 69 74 65 7c 71 71 7c 64 75 63 6b 64 75 63 6b 67 6f 29 5c 2f 28 5b 2d 5c 77 5c 2e 5d 2b 29 2f 69 2c 2f 28 77 65 69 62 6f 29 5f 5f 28 5b 5c 64 5c 2e 5d 2b 29 2f 69 5d 2c 5b 73 2c 63 5d 2c 5b 2f 28 3f 3a 5c 62 75 63 3f 20 3f 62 72 6f 77 73 65 72 7c 28 3f 3a 6a 75 63 2e 2b 29 75 63 77 65 62 29 5b 5c 2f 20 5d 3f 28 5b
                                                                                                                                                                                                                        Data Ascii: dori|epiphany|silk|skyfire|ovibrowser|bolt|iron|vivaldi|iridium|phantomjs|bowser|quark|qupzilla|falkon|rekonq|puffin|brave|whale(?!.+naver)|qqbrowserlite|qq|duckduckgo)\/([-\w\.]+)/i,/(weibo)__([\d\.]+)/i],[s,c],[/(?:\buc? ?browser|(?:juc.+)ucweb)[\/ ]?([
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 29 3f 53 74 72 69 6e 67 28 64 29 3a 22 6e 75 6c 6c 22 3b 63 61 73 65 22 62 6f 6f 6c 65 61 6e 22 3a 63 61 73 65 22 6e 75 6c 6c 22 3a 72 65 74 75 72 6e 20 53 74 72 69 6e 67 28 64 29 3b 63 61 73 65 22 6f 62 6a 65 63 74 22 3a 69 66 28 21 64 29 72 65 74 75 72 6e 22 6e 75 6c 6c 22 3b 69 66 28 67 61 70 2b 3d 69 6e 64 65 6e 74 2c 6f 3d 5b 5d 2c 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 5d 22 3d 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 61 70 70 6c 79 28 64 29 29 7b 66 6f 72 28 6e 3d 64 2e 6c 65 6e 67 74 68 2c 69 3d 30 3b 69 3c 6e 3b 69 2b 3d 31 29 6f 5b 69 5d 3d 73 74 72 28 69 2c 64 29 7c 7c 22 6e 75 6c 6c 22 3b 72 65 74 75 72 6e 20 61 3d 30 3d 3d 3d 6f 2e 6c 65 6e 67 74 68 3f 22 5b 5d 22 3a 67 61 70 3f 22 5b 5c 6e 22 2b
                                                                                                                                                                                                                        Data Ascii: )?String(d):"null";case"boolean":case"null":return String(d);case"object":if(!d)return"null";if(gap+=indent,o=[],"[object Array]"===Object.prototype.toString.apply(d)){for(n=d.length,i=0;i<n;i+=1)o[i]=str(i,d)||"null";return a=0===o.length?"[]":gap?"[\n"+
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 32 64 2c 72 3d 65 2e 73 70 72 69 74 65 5f 70 6f 73 2c 61 3d 65 2e 69 6e 69 74 5f 70 6f 73 2c 6e 3d 65 2e 73 70 72 69 74 65 53 69 7a 65 2c 6f 3d 30 2c 73 3d 30 3b 72 65 74 75 72 6e 20 61 26 26 28 73 3d 61 5b 30 5d 2a 74 2c 6f 3d 61 5b 31 5d 2a 74 29 2c 7b 62 67 50 6f 73 4c 65 66 74 3a 2d 72 5b 30 5d 2a 74 2c 62 67 50 6f 73 54 6f 70 3a 2d 72 5b 31 5d 2a 74 2c 62 67 57 69 64 74 68 3a 6e 5b 30 5d 2a 74 2c 62 67 48 65 69 67 68 74 3a 6e 5b 31 5d 2a 74 2c 77 69 64 74 68 3a 69 5b 30 5d 2a 74 2c 68 65 69 67 68 74 3a 69 5b 31 5d 2a 74 2c 6c 65 66 74 3a 73 2c 74 6f 70 3a 6f 7d 7d 66 75 6e 63 74 69 6f 6e 20 6f 28 65 2c 74 29 7b 76 61 72 20 69 3d 6e 28 65 2c 74 29 3b 72 65 74 75 72 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 50 6f 73 69 74 69 6f 6e 3a 69 2e 62 67 50 6f 73 4c
                                                                                                                                                                                                                        Data Ascii: 2d,r=e.sprite_pos,a=e.init_pos,n=e.spriteSize,o=0,s=0;return a&&(s=a[0]*t,o=a[1]*t),{bgPosLeft:-r[0]*t,bgPosTop:-r[1]*t,bgWidth:n[0]*t,bgHeight:n[1]*t,width:i[0]*t,height:i[1]*t,left:s,top:o}}function o(e,t){var i=n(e,t);return{backgroundPosition:i.bgPosL
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 5a 71 49 70 34 66 56 37 71 58 55 43 51 70 2b 35 42 6b 4b 7a 63 48 6c 35 4f 56 59 65 73 4a 48 49 45 63 4a 4c 65 49 4a 52 6e 69 6a 71 5a 4a 79 35 4f 6e 35 2b 45 59 6b 36 77 68 4d 35 73 6d 55 4a 31 41 56 6d 38 4d 32 6e 7a 68 63 6b 6b 47 4c 46 76 56 56 35 77 72 62 62 4a 4b 68 71 73 53 58 79 5a 4d 73 51 77 4e 37 71 52 61 42 49 2b 41 52 31 53 44 77 39 50 59 57 69 4b 43 61 42 7a 4d 70 57 46 65 48 61 35 33 30 73 74 67 31 79 78 38 52 7a 7a 47 31 55 62 70 76 72 71 67 4b 4b 6a 46 52 56 69 2b 30 43 63 30 71 69 36 49 34 45 55 6a 4e 41 77 36 5a 4b 6f 71 79 46 62 59 70 45 34 73 41 6c 6f 4e 45 4e 73 4c 65 6d 76 4d 44 45 53 53 72 71 72 4b 70 37 55 4a 63 45 6e 55 36 5a 52 4b 62 54 47 56 69 63 70 45 4e 58 5a 38 77 61 2b 46 68 59 46 77 6b 64 6e 62 6b 67 36 36 64 30 4f 67 50
                                                                                                                                                                                                                        Data Ascii: ZqIp4fV7qXUCQp+5BkKzcHl5OVYesJHIEcJLeIJRnijqZJy5On5+EYk6whM5smUJ1AVm8M2nzhckkGLFvVV5wrbbJKhqsSXyZMsQwN7qRaBI+AR1SDw9PYWiKCaBzMpWFeHa530stg1yx8RzzG1UbpvrqgKKjFRVi+0Cc0qi6I4EUjNAw6ZKoqyFbYpE4sAloNENsLemvMDESSrqrKp7UJcEnU6ZRKbTGVicpENXZ8wa+FhYFwkdnbkg66d0OgP
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 28 29 2c 54 3d 22 31 22 2c 22 31 22 29 3a 28 6e 75 6c 6c 3d 3d 3d 65 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 7c 7c 65 2e 74 65 72 6d 69 6e 61 74 65 28 29 2c 22 32 22 29 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 22 32 22 7d 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 49 66 72 61 6d 65 53 72 63 4e 65 77 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 73 72 63 5f 31 29 72 65 74 75 72 6e 22 22 3b 76 61 72 20 74 3d 22 22 3b 74 3d 74 68 69 73 2e 6f 70 74 73 2e 64 6f 6d 61 69 6e 2b 22 2f 22 2b 65 2e 73 72 63 5f 31 2b 74 68 69 73 2e 6f 70 74 73 2e 70 61 72 61 6d 73 3b 76 61 72 20 69 3d 7b 73 65 73 73 3a 65 2e 73 65 73 73 2c 66 77 69 64 74 68 3a 74 68 69 73 2e 6f 70 74 73 2e 66 77 69 64 74 68 2c 73 69 64 3a 65 2e 73 69 64 2c 66 6f 72 63 65 73 74
                                                                                                                                                                                                                        Data Ascii: (),T="1","1"):(null===e||void 0===e||e.terminate(),"2")}catch(t){return"2"}},e.prototype.getIframeSrcNew=function(e){if(!e.src_1)return"";var t="";t=this.opts.domain+"/"+e.src_1+this.opts.params;var i={sess:e.sess,fwidth:this.opts.fwidth,sid:e.sid,forcest
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 6c 3d 3d 3d 28 72 3d 74 68 69 73 2e 73 69 7a 65 53 43 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 72 3f 76 6f 69 64 20 30 3a 72 2e 68 65 69 67 68 74 29 2b 22 70 78 22 2c 77 69 64 74 68 3a 28 6e 75 6c 6c 3d 3d 3d 28 6e 3d 74 68 69 73 2e 73 69 7a 65 53 43 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6e 3f 76 6f 69 64 20 30 3a 6e 2e 77 69 64 74 68 29 2b 22 70 78 22 2c 62 61 63 6b 67 72 6f 75 6e 64 3a 74 68 69 73 2e 69 6e 44 61 72 6b 4d 6f 64 65 3f 22 23 32 33 32 33 32 33 22 3a 22 23 66 66 66 22 7d 3b 61 5b 22 64 65 66 61 75 6c 74 22 5d 2e 43 53 53 28 6f 2c 73 29 3b 76 61 72 20 64 3d 74 68 69 73 2e 63 72 65 61 74 65 49 66 72 61 6d 65 57 72 61 70 70 65 72 28 6f 2c 74 2c 69 29 3b 74 68 69 73 2e 74 72 61 6e 73 66 6f 72 6d 45 6c 3d 64 2c 69 3f 28 75 2e 73 74 79 6c 65 64 54 79 70
                                                                                                                                                                                                                        Data Ascii: l===(r=this.sizeSC)||void 0===r?void 0:r.height)+"px",width:(null===(n=this.sizeSC)||void 0===n?void 0:n.width)+"px",background:this.inDarkMode?"#232323":"#fff"};a["default"].CSS(o,s);var d=this.createIframeWrapper(o,t,i);this.transformEl=d,i?(u.styledTyp
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC16384INData Raw: 28 74 68 69 73 2e 70 72 65 54 72 69 67 65 72 50 6f 69 6e 74 29 2c 74 68 69 73 2e 65 6c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 2c 74 68 69 73 2e 69 6e 69 74 50 72 65 54 72 69 67 67 65 72 50 6f 69 6e 74 54 61 72 67 65 74 28 29 2c 74 68 69 73 2e 70 72 65 68 61 6e 64 6c 65 49 6e 69 74 43 62 3d 65 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 63 72 65 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 72 79 7b 76 61 72 20 69 3d 65 2e 70 72 65 6c 6f 61 64 54 65 6d 70 6c 61 74 65 7c 7c 6e 75 6c 6c 2c 72 3d 65 2e 73 69 7a 65 53 43 3b 74 68 69 73 2e 73 69 7a 65 53 43 3d 65 2e 73 69 7a 65 53 43 3b 76 61 72 20 61 3d 28 6e 75 6c 6c 3d 3d 3d 69 7c 7c 76 6f 69 64 20 30 3d 3d 3d 69 3f 76 6f 69 64 20 30 3a 69 2e 77 72 61 70 70 65 72 29 7c 7c 64 6f 63 75 6d 65
                                                                                                                                                                                                                        Data Ascii: (this.preTrigerPoint),this.ele.appendChild(t),this.initPreTriggerPointTarget(),this.prehandleInitCb=e},e.prototype.create=function(e,t){try{var i=e.preloadTemplate||null,r=e.sizeSC;this.sizeSC=e.sizeSC;var a=(null===i||void 0===i?void 0:i.wrapper)||docume


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        24192.168.2.749743129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:31 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069890529&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:32 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:32 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:32 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        25192.168.2.749744129.226.107.1344437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:32 UTC700OUTGET /p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124 HTTP/1.1
                                                                                                                                                                                                                        Host: txz.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC189INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                        Server: stgw
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:33 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 137
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Location: https://im.qq.com/mobileqq/
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC137INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>stgw</center></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        26192.168.2.749745129.226.106.264432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC720OUTGET /template/drag_ele.html HTTP/1.1
                                                                                                                                                                                                                        Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: t.captcha.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC233INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:33 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 63209
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        P3P: CP=CAO PSA OUR
                                                                                                                                                                                                                        Pragma: No-cache
                                                                                                                                                                                                                        Server: Trpc httpd
                                                                                                                                                                                                                        Server: tencent http server
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC1177INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6d 75 6c 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 6e 64 65 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 6b 69 74 22 3e 3c 74 69 74 6c 65 3e e9 aa 8c e8 af 81 e7 a0 81 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 77 69 6e 64 6f 77 2e 53 65 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 53 65 74 3f 53 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 76 61 72 20 61 70 69 44 6f 6d 61 69 6e 3d 77 69 6e 64 6f 77 2e 6e 61 6d 65 2c 6d 61 74 63 68 65 64 3d 21 31 3b 69 66 28 61 70 69 44 6f 6d 61 69 6e
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html lang="mul"><head><meta charset="UTF-8"><meta name="renderer" content="webkit"><title></title><script type="text/javascript">window.Set="undefined"!=typeof Set?Set:function(){};var apiDomain=window.name,matched=!1;if(apiDomain
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC4096INData Raw: 64 69 66 5d 2d 2d 3e 3c 21 2d 2d 5b 69 66 20 6c 74 65 20 49 45 20 39 5d 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2f 2a e5 9c a8 49 45 e6 b5 8f e8 a7 88 e5 99 a8 e4 b8 8b e4 b8 8d e4 bd bf e7 94 a8 66 6c 65 78 e5 b8 83 e5 b1 80 ef bc 8c e5 9b a0 e4 b8 ba 66 6c 65 78 e5 b8 83 e5 b1 80 e5 9c a8 49 45 e4 b8 8a e4 bc 9a e6 9c 89 e5 be 88 e5 a4 9a e5 a5 87 e6 80 aa e7 9a 84 e5 85 bc e5 ae b9 e6 80 a7 e9 97 ae e9 a2 98 2c e6 9d a1 e4 bb b6 e6 b3 a8 e9 87 8a e5 9c a8 49 45 31 30 e3 80 81 31 31 e4 b8 8a e4 b8 8d e8 a2 ab e8 af 86 e5 88 ab ef bc 8c e9 92 88 e5 af b9 49 45 31 30 e3 80 81 31 31 e4 bd bf e7 94 a8 e5 aa 92 e4 bd 93 e6 9f a5 e8 af a2 e8 bf 9b e8 a1 8c e9 85 8d e7 bd ae 2a 2f 0a 20 20 20 20 2e 74 63 2d 74 69 74 6c 65 7b 0a 20 20 20 20 20 20 64 69
                                                                                                                                                                                                                        Data Ascii: dif]-->...[if lte IE 9]> <style> /*IEflexflexIE,IE1011IE1011*/ .tc-title{ di
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC4096INData Raw: 79 6c 65 2e 66 6f 6e 74 53 69 7a 65 3d 22 31 32 70 78 22 7d 2c 21 31 29 2c 72 28 29 2c 6d 2e 64 70 72 3d 6c 2e 64 70 72 3d 31 2c 6d 2e 72 65 66 72 65 73 68 52 65 6d 3d 72 2c 6d 2e 72 65 6d 32 70 78 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 70 61 72 73 65 46 6c 6f 61 74 28 65 29 2a 74 68 69 73 2e 72 65 6d 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 65 2e 6d 61 74 63 68 28 2f 72 65 6d 24 2f 29 26 26 28 74 2b 3d 22 70 78 22 29 2c 74 7d 2c 6d 2e 70 78 32 72 65 6d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 70 61 72 73 65 46 6c 6f 61 74 28 65 29 2f 74 68 69 73 2e 72 65 6d 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 65 26 26 65 2e 6d 61 74 63 68 28 2f 70 78 24 2f 29 26
                                                                                                                                                                                                                        Data Ascii: yle.fontSize="12px"},!1),r(),m.dpr=l.dpr=1,m.refreshRem=r,m.rem2px=function(e){var t=parseFloat(e)*this.rem;return"string"==typeof e&&e.match(/rem$/)&&(t+="px"),t},m.px2rem=function(e){var t=parseFloat(e)/this.rem;return"string"==typeof e&&e.match(/px$/)&
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC4096INData Raw: 3b 2d 6d 6f 7a 2d 61 6e 69 6d 61 74 69 6f 6e 3a 32 73 20 6f 70 61 63 69 74 79 32 20 30 73 20 69 6e 66 69 6e 69 74 65 3b 2d 6f 2d 61 6e 69 6d 61 74 69 6f 6e 3a 32 73 20 6f 70 61 63 69 74 79 32 20 30 73 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 3a 32 73 20 6f 70 61 63 69 74 79 32 20 30 73 20 69 6e 66 69 6e 69 74 65 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 73 68 61 6b 65 7b 31 30 25 2c 39 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 2d 31 70 78 2c 30 2c 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 2d 31 70 78 2c 30 2c 30 29 7d 32 30 25 2c 38 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 33
                                                                                                                                                                                                                        Data Ascii: ;-moz-animation:2s opacity2 0s infinite;-o-animation:2s opacity2 0s infinite;animation:2s opacity2 0s infinite}@-webkit-keyframes shake{10%,90%{-webkit-transform:translate3d(-1px,0,0);transform:translate3d(-1px,0,0)}20%,80%{-webkit-transform:translate3d(3
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC528INData Raw: 63 69 74 79 20 2e 35 73 3b 2d 6f 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 35 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 35 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 35 73 7d 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 6f 70 65 72 61 2e 6f 70 65 72 61 2d 62 6f 72 64 65 72 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 66 33 66 33 66 33 7d 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 6f 70 65 72 61 20 2e 74 63 2d 73 6c 69 64 65 72 2d 6e 6f 72 6d 61 6c 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 39 39 39 70 78 3b 62 6f 72 64 65 72 2d
                                                                                                                                                                                                                        Data Ascii: city .5s;-o-transition:opacity .5s;-moz-transition:opacity .5s;transition:opacity .5s}.body-wrap .tc-opera.opera-border{border:1px solid #f3f3f3}.body-wrap .tc-opera .tc-slider-normal{position:absolute;text-align:center;-webkit-border-radius:999px;border-
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC2848INData Raw: 69 64 65 72 2d 69 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 36 38 70 78 3b 68 65 69 67 68 74 3a 33 38 70 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 6f 70 65 72 61 20 2e 74 63 2d 73 6c 69 64 65 72 2d 69 65 20 2e 74 63 2d 69 63 6f 6e 66 6f 6e 74 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 74 63 61 70 69 63 6f 6e 3b 66 6f 6e 74 2d 73 69 7a 65 3a 39 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 7a 6f 6f 6d 3a 31 3b 66 69 6c 6c 3a 23 31 61 37 39 66 66 3b 63 6f 6c 6f 72 3a 23 30 30 37 61 66 66 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 2d 32 36 70 78
                                                                                                                                                                                                                        Data Ascii: ider-ie{position:absolute;width:68px;height:38px;display:block}.body-wrap .tc-opera .tc-slider-ie .tc-iconfont-btn{background-color:transparent;font-family:tcapicon;font-size:90px;line-height:1;zoom:1;fill:#1a79ff;color:#007aff;position:absolute;top:-26px
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC2848INData Raw: 7d 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 66 61 69 6c 20 2e 74 63 2d 66 61 69 6c 2d 74 65 78 74 7b 63 6f 6c 6f 72 3a 23 39 39 39 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 36 36 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 32 35 25 7d 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 66 61 69 6c 20 2e 74 63 2d 66 61 69 6c 2d 62 74 6e 7b 77 69 64 74 68 3a 34 34 70 78 3b 68 65 69 67 68 74 3a 32 38 70 78 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 61 75 74 6f 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 45 51 41 41 41 41 75 43
                                                                                                                                                                                                                        Data Ascii: }.body-wrap .tc-fail .tc-fail-text{color:#999;font-size:15px;text-align:center;padding-top:66px;padding-top:25%}.body-wrap .tc-fail .tc-fail-btn{width:44px;height:28px;margin:10px auto;background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEQAAAAuC
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC2848INData Raw: 32 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 2e 36 36 37 72 65 6d 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 7d 2e 62 6f 64 79 2d 77 72 61 70 20 2e 61 67 65 64 2d 69 63 6f 6e 2e 73 68 6f 77 2c 2e 62 6f 64 79 2d 77 72 61 70 20 2e 6e 6f 72 6d 61 6c 2d 76 65 72 69 66 79 2d 69 63 6f 6e 2e 73 68 6f 77 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 61 63 74 69 6f 6e 2e 74 63 2d 61 63 74 69 6f 6e 2d 2d 61 67 65 64 2c 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 61 63 74 69 6f 6e 2e 74 63 2d 61 63 74 69 6f 6e 2d 2d 6e 6f 72 6d 61 6c 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7d 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 61 63 74 69 6f 6e 2e 74 63 2d 61 63 74 69 6f 6e 2d 2d 61 67
                                                                                                                                                                                                                        Data Ascii: 24px;line-height:.667rem;vertical-align:top}.body-wrap .aged-icon.show,.body-wrap .normal-verify-icon.show{display:block}.body-wrap .tc-action.tc-action--aged,.body-wrap .tc-action.tc-action--normal{display:inline-block}.body-wrap .tc-action.tc-action--ag
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC1424INData Raw: 68 3a 32 36 32 70 78 3b 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 7d 2e 74 79 70 65 2d 65 6d 62 65 64 20 2e 74 63 2d 63 61 70 74 63 68 61 20 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 61 63 74 69 6f 6e 2d 2d 63 6c 6f 73 65 2c 2e 74 79 70 65 2d 70 6f 70 75 70 20 2e 74 63 2d 63 61 70 74 63 68 61 20 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 61 63 74 69 6f 6e 2d 2d 63 6c 6f 73 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 31 30 70 78 3b 74 6f 70 3a 2e 32 37 38 72 65 6d 3b 72 69 67 68 74 3a 31 30 70 78 3b 72 69 67 68 74 3a 2e 32 37 38 72 65 6d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 33 33 30 70 78 29 7b 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 74 69 74 6c
                                                                                                                                                                                                                        Data Ascii: h:262px;left:0;padding-left:0}.type-embed .tc-captcha .body-wrap .tc-action--close,.type-popup .tc-captcha .body-wrap .tc-action--close{display:block;position:fixed;top:10px;top:.278rem;right:10px;right:.278rem}@media (max-width:330px){.body-wrap .tc-titl
                                                                                                                                                                                                                        2024-02-16 07:51:33 UTC2672INData Raw: 68 74 2d 74 6f 2d 6c 65 66 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 74 79 70 65 2d 70 6f 70 75 70 20 2e 62 6f 64 79 2d 77 72 61 70 20 2e 74 63 2d 74 69 74 6c 65 2d 77 72 61 70 7b 74 65 78 74 2d 73 68 61 64 6f 77 3a 31 70 78 20 31 70 78 20 32 70 78 20 23 64 33 64 33 64 33 7d 2e 68 6f 76 65 72 2d 74 69 70 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 32 32 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 70 61 64 64 69 6e 67 3a 33 70 78 20 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 2d 77 65 62 6b 69 74 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 70 78 3b 7a 2d 69 6e
                                                                                                                                                                                                                        Data Ascii: ht-to-left{display:block!important;text-align:right!important}.type-popup .body-wrap .tc-title-wrap{text-shadow:1px 1px 2px #d3d3d3}.hover-tip{background-color:#222;color:#fff;padding:3px 5px;position:fixed;-webkit-border-radius:3px;border-radius:3px;z-in


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        27192.168.2.749749129.226.103.1624432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC1032OUTGET /js/c_login_2.js?v=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ui.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_user_id=4642354890204111326; ptui_identifier=000D02B1A2FFAC087EC057F44029A20133D6E2DFEAF8D23229A81028C3; pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC287INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:34 GMT
                                                                                                                                                                                                                        Content-Type: application/x-javascript
                                                                                                                                                                                                                        Content-Length: 213026
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: QZHTTP-2.38.41
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Nov 2023 02:30:09 GMT
                                                                                                                                                                                                                        Cache-Control: public; max-age=86400
                                                                                                                                                                                                                        Expires: Sat, 17 Feb 2024 07:51:34 GMT
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC3809INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 6f 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 69 28 74 29 7b 69 66 28 6f 5b 74 5d 29 72 65 74 75 72 6e 20 6f 5b 74 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 65 3d 6f 5b 74 5d 3d 7b 22 69 22 3a 74 2c 22 6c 22 3a 21 31 2c 22 65 78 70 6f 72 74 73 22 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 6e 5b 74 5d 2e 63 61 6c 6c 28 65 2e 65 78 70 6f 72 74 73 2c 65 2c 65 2e 65 78 70 6f 72 74 73 2c 69 29 2c 65 2e 6c 3d 21 30 2c 65 2e 65 78 70 6f 72 74 73 7d 69 2e 6d 3d 6e 2c 69 2e 63 3d 6f 2c 69 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 69 2e 6f 28 74 2c 65 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 65 2c 7b 22 65 6e 75 6d 65 72 61 62 6c 65 22 3a 21 30 2c 22 67 65 74 22 3a 6e 7d
                                                                                                                                                                                                                        Data Ascii: !function(n){var o={};function i(t){if(o[t])return o[t].exports;var e=o[t]={"i":t,"l":!1,"exports":{}};return n[t].call(e.exports,e,e.exports,i),e.l=!0,e.exports}i.m=n,i.c=o,i.d=function(t,e,n){i.o(t,e)||Object.defineProperty(t,e,{"enumerable":!0,"get":n}
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC116INData Raw: 6e 74 28 22 64 69 76 22 29 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 73 74 79 6c 65 22 2c 22 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 30 3b 74 6f 70 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 69 6e 68 65 72 69 74 3b 66 69 6c 74 65 72 3a 20
                                                                                                                                                                                                                        Data Ascii: nt("div")).setAttribute("style","width:100%;height:100%;position: absolute;left:0;top:0;background: inherit;filter:
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC4096INData Raw: 62 6c 75 72 28 31 35 70 78 29 3b 22 29 2c 6f 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6e 29 29 2c 6f 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 2c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 6f 29 29 3a 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 2c 74 68 69 73 2e 72 65 63 65 69 76 65 4d 65 73 73 61 67 65 46 72 6f 6d 49 66 72 61 6d 65 50 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 63 6f 6e 73 6f 6c 65 2e 6c 6f 67 28 22 72 65 63 65 69 76 65 4d 65 73 73 61 67 65 46 72 6f 6d 49 66 72 61 6d 65 50 61 67 65 22 2c 74 29 3b 76 61 72 20 65 3d 74 26 26 74 2e 64 61 74 61 26 26 74 2e 64 61 74 61 2e 6d 73 67 7c 7c 22 22 2c 6e 3d 74 2e 64 61 74 61 2e 63 75 73 74 6f 6d 44 61 74 61 3b 73 77 69
                                                                                                                                                                                                                        Data Ascii: blur(15px);"),o.appendChild(n)),o.appendChild(e),document.body.appendChild(o)):document.body.appendChild(e),this.receiveMessageFromIframePage=function(t){console.log("receiveMessageFromIframePage",t);var e=t&&t.data&&t.data.msg||"",n=t.data.customData;swi
                                                                                                                                                                                                                        2024-02-16 07:51:35 UTC4096INData Raw: 4b 65 79 2c 22 63 74 72 6c 4b 65 79 22 3a 74 2e 63 74 72 6c 4b 65 79 2c 22 73 68 69 66 74 4b 65 79 22 3a 74 2e 73 68 69 66 74 4b 65 79 2c 22 6b 65 79 43 6f 64 65 22 3a 74 2e 6b 65 79 43 6f 64 65 2c 22 64 61 74 61 22 3a 74 2e 64 61 74 61 2c 22 6f 72 69 67 69 6e 22 3a 74 2e 6f 72 69 67 69 6e 2c 22 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 65 76 65 6e 74 2e 63 61 6e 63 65 6c 42 75 62 62 6c 65 3d 21 30 7d 2c 22 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 65 76 65 6e 74 2e 72 65 74 75 72 6e 56 61 6c 75 65 3d 21 31 7d 7d 3b 46 75 6e 63 74 69 6f 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 63 61 6c 6c 3f 6e 2e 63 61 6c 6c 28 65 2c 74 29 3a 28 65 2e 5f 63 75
                                                                                                                                                                                                                        Data Ascii: Key,"ctrlKey":t.ctrlKey,"shiftKey":t.shiftKey,"keyCode":t.keyCode,"data":t.data,"origin":t.origin,"stopPropagation":function(){this._event.cancelBubble=!0},"preventDefault":function(){this._event.returnValue=!1}};Function.prototype.call?n.call(e,t):(e._cu
                                                                                                                                                                                                                        2024-02-16 07:51:35 UTC1636INData Raw: 69 6e 32 53 74 72 69 6e 67 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 6f 72 28 76 61 72 20 65 3d 5b 5d 2c 6e 3d 30 2c 6f 3d 74 2e 6c 65 6e 67 74 68 3b 6e 3c 6f 3b 6e 2b 2b 29 7b 76 61 72 20 69 3d 74 2e 63 68 61 72 43 6f 64 65 41 74 28 6e 29 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 3b 31 3d 3d 69 2e 6c 65 6e 67 74 68 26 26 28 69 3d 22 30 22 2b 69 29 2c 65 2e 70 75 73 68 28 69 29 7d 72 65 74 75 72 6e 20 65 3d 22 30 78 22 2b 65 2e 6a 6f 69 6e 28 22 22 29 2c 65 3d 70 61 72 73 65 49 6e 74 28 65 2c 31 36 29 7d 2c 22 73 74 72 32 62 69 6e 22 3a 66 75 6e 63 74 69 6f 6e 20 73 74 72 32 62 69 6e 28 73 74 72 29 7b 66 6f 72 28 76 61 72 20 61 72 72 3d 5b 5d 2c 69 3d 30 3b 69 3c 73 74 72 2e 6c 65 6e 67 74 68 3b 69 2b 3d 32 29 61 72 72 2e 70 75 73 68 28 65 76 61 6c 28 22
                                                                                                                                                                                                                        Data Ascii: in2String":function(t){for(var e=[],n=0,o=t.length;n<o;n++){var i=t.charCodeAt(n).toString(16);1==i.length&&(i="0"+i),e.push(i)}return e="0x"+e.join(""),e=parseInt(e,16)},"str2bin":function str2bin(str){for(var arr=[],i=0;i<str.length;i+=2)arr.push(eval("
                                                                                                                                                                                                                        2024-02-16 07:51:35 UTC4096INData Raw: 4f 66 66 73 65 74 50 6f 73 69 74 69 6f 6e 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 3d 24 28 74 29 3b 76 61 72 20 65 3d 30 2c 6e 3d 30 3b 69 66 28 47 63 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 26 26 74 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 29 76 61 72 20 6f 3d 74 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 2c 69 3d 47 63 2e 63 6c 69 65 6e 74 54 6f 70 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 69 65 6e 74 54 6f 70 7c 7c 30 2c 72 3d 47 63 2e 63 6c 69 65 6e 74 4c 65 66 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 69 65 6e 74 4c 65 66 74 7c 7c 30 2c 65 3d 6f 2e 74 6f 70 2b 74 68 69 73 2e 67 65 74 50 61 67 65 53 63 72 6f 6c 6c 54 6f 70 28 29 2d 69 2c 6e
                                                                                                                                                                                                                        Data Ascii: OffsetPosition":function(t){t=$(t);var e=0,n=0;if(Gc.getBoundingClientRect&&t.getBoundingClientRect)var o=t.getBoundingClientRect(),i=Gc.clientTop||document.body.clientTop||0,r=Gc.clientLeft||document.body.clientLeft||0,e=o.top+this.getPageScrollTop()-i,n
                                                                                                                                                                                                                        2024-02-16 07:51:35 UTC116INData Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 68 74 74 70 73 3a 22 3d 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 7d 2c 22 69 73 53 73 6c 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 3b 72 65 74 75 72 6e 2f 5e 73 73 6c 2e 2f
                                                                                                                                                                                                                        Data Ascii: function(){return"https:"==document.location.protocol},"isSsl":function(){var t=document.location.host;return/^ssl./
                                                                                                                                                                                                                        2024-02-16 07:51:35 UTC4096INData Raw: 69 2e 74 65 73 74 28 74 29 7d 2c 22 69 73 49 70 61 64 22 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 72 65 74 75 72 6e 2f 69 70 61 64 2f 69 2e 74 65 73 74 28 74 29 7d 2c 22 69 73 51 51 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 2f 5e 5b 31 2d 39 5d 7b 31 7d 5c 64 7b 34 2c 39 7d 24 2f 2e 74 65 73 74 28 74 29 7d 2c 22 69 73 51 51 4d 61 69 6c 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 2f 5e 5b 31 2d 39 5d 7b 31 7d 5c 64 7b 34 2c 39 7d 40 71 71 5c 2e 63 6f 6d 24 2f 2e 74 65 73 74 28 74 29 7d 2c 22 69 73 4e 75 6c 6c 51 51 22 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 2f 5e 5c 64 7b 31 2c 34 7d 24 2f 2e
                                                                                                                                                                                                                        Data Ascii: i.test(t)},"isIpad":function(){var t=navigator.userAgent.toLowerCase();return/ipad/i.test(t)},"isQQ":function(t){return/^[1-9]{1}\d{4,9}$/.test(t)},"isQQMail":function(t){return/^[1-9]{1}\d{4,9}@qq\.com$/.test(t)},"isNullQQ":function(t){return/^\d{1,4}$/.
                                                                                                                                                                                                                        2024-02-16 07:51:35 UTC4096INData Raw: 73 74 28 72 29 3f 28 2f 5e 70 74 5f 77 69 6e 64 6f 77 73 5f 73 73 6f 5f 5c 64 2b 5f 33 2f 2e 74 65 73 74 28 72 29 3f 24 2e 72 65 70 6f 72 74 2e 6e 6c 6f 67 28 22 51 51 e6 8f 92 e4 bb b6 e4 b8 8d e6 94 af e6 8c 81 e8 af a5 75 72 6c 22 2b 61 2e 6d 65 73 73 61 67 65 2c 33 32 36 30 34 34 29 3a 24 2e 72 65 70 6f 72 74 2e 6e 6c 6f 67 28 22 51 51 e6 8f 92 e4 bb b6 e6 8a 9b e5 87 ba e5 86 85 e9 83 a8 e9 94 99 e8 af af 22 2b 61 2e 6d 65 73 73 61 67 65 2c 33 32 35 33 36 31 29 2c 24 2e 73 73 6f 5f 73 74 61 74 65 3d 31 29 3a 69 26 26 22 6d 73 69 65 22 3d 3d 24 2e 62 72 6f 77 73 65 72 28 22 74 79 70 65 22 29 3f 22 57 69 6e 36 34 22 21 3d 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 70 6c 61 74 66 6f 72 6d 3f 28 24 2e 72 65 70 6f 72 74 2e 6e 6c 6f 67 28 22 e5 8f
                                                                                                                                                                                                                        Data Ascii: st(r)?(/^pt_windows_sso_\d+_3/.test(r)?$.report.nlog("QQurl"+a.message,326044):$.report.nlog("QQ"+a.message,325361),$.sso_state=1):i&&"msie"==$.browser("type")?"Win64"!=window.navigator.platform?($.report.nlog("
                                                                                                                                                                                                                        2024-02-16 07:51:35 UTC4096INData Raw: 45 72 72 6f 72 28 74 79 70 65 6f 66 20 6e 2b 22 20 22 2b 6e 2b 22 20 69 73 20 6e 6f 74 20 69 74 65 72 61 62 6c 65 28 63 61 6e 6e 6f 74 20 72 65 61 64 20 70 72 6f 70 65 72 74 79 20 53 79 6d 62 6f 6c 28 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 29 29 22 29 29 3b 76 61 72 20 69 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 6e 29 3b 69 66 28 30 3d 3d 3d 69 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 6f 28 5b 5d 29 3b 76 61 72 20 72 3d 69 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 76 61 72 20 65 3d 30 3b 65 3c 69 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 21 66 75 6e 63 74 69 6f 6e 20 61 28 65 2c 74 29 7b 69 66 28 74 26 26 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65
                                                                                                                                                                                                                        Data Ascii: Error(typeof n+" "+n+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var i=Array.prototype.slice.call(n);if(0===i.length)return o([]);var r=i.length;for(var e=0;e<i.length;e++)!function a(e,t){if(t&&("object"==typeof t||"function"==type


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        28192.168.2.74975243.152.136.1774432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC378OUTGET /1/dy-ele.b2eedcdd.js HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://t.captcha.qq.com/template/drag_ele.html
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: captcha.gtimg.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC890INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Thu, 01 Feb 2024 02:31:43 GMT
                                                                                                                                                                                                                        Etag: "6971992c672b34568dca8f57414037f3"
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Date: Fri, 02 Feb 2024 16:30:21 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 2367685738240469391
                                                                                                                                                                                                                        x-cos-request-id: NjViZDE4OWRfMTc4ZGMwMWVfMTc1N2ZfZTk3YjIw
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-trace-id: OGVmYzZiMmQzYjA2OWNhODk0NTRkMTBiOWVmMDAxODc0OWRkZjk0ZDM1NmI1M2E2MTRlY2MzZDhmNmI5MWI1OWE4OGMxZjNjY2JiNTBmMTVmMWY1MzAzYzkyZGQ2ZWM4Mzg4NGU3YTZkZjZlMDQzZTZmMWE5NjBlMmRiZDc4OTE=
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwMzczMTkwMDU3OTI2MjI
                                                                                                                                                                                                                        x-cosindex-replication-status: Complete
                                                                                                                                                                                                                        Content-Length: 167405
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 12640636978863987546
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 72 28 69 29 7b 69 66 28 65 5b 69 5d 29 72 65 74 75 72 6e 20 65 5b 69 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 6e 3d 65 5b 69 5d 3d 7b 69 3a 69 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 5f 5f 65 73 4d 6f 64 75 6c 65 3a 20 75 6e 64 65 66 69 6e 65 64 7d 7d 3b 72 65 74 75 72 6e 20 74 5b 69 5d 2e 63 61 6c 6c 28 6e 2e 65 78 70 6f 72 74 73 2c 6e 2c 6e 2e 65 78 70 6f 72 74 73 2c 72 29 2c 6e 2e 6c 3d 21 30 2c 6e 2e 65 78 70 6f 72 74 73 7d 72 2e 6d 3d 74 2c 72 2e 63 3d 65 2c 72 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 69 29 7b 72 2e 6f 28 74 2c 65 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 65 2c 7b 65 6e 75 6d 65 72 61 62 6c
                                                                                                                                                                                                                        Data Ascii: !function(t){var e={};function r(i){if(e[i])return e[i].exports;var n=e[i]={i:i,l:!1,exports:{__esModule: undefined}};return t[i].call(n.exports,n,n.exports,r),n.l=!0,n.exports}r.m=t,r.c=e,r.d=function(t,e,i){r.o(t,e)||Object.defineProperty(t,e,{enumerabl
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 33 30 35 66 5c 75 33 30 30 32 5c 75 33 30 61 66 5c 75 33 30 65 61 5c 75 33 30 63 33 5c 75 33 30 61 66 5c 75 33 30 35 37 5c 75 33 30 36 36 5c 75 36 36 66 34 5c 75 36 35 62 30 5c 75 33 30 35 37 5c 75 33 30 36 36 5c 75 33 30 34 66 5c 75 33 30 36 30 5c 75 33 30 35 35 5c 75 33 30 34 34 22 2c 22 5c 75 38 61 38 64 5c 75 38 61 33 63 5c 75 33 30 36 62 5c 75 36 32 31 30 5c 75 35 32 39 66 5c 75 33 30 35 37 5c 75 33 30 37 65 5c 75 33 30 35 37 5c 75 33 30 35 66 22 2c 22 5c 75 33 30 61 34 5c 75 33 30 66 33 5c 75 33 30 62 66 5c 75 33 30 66 63 5c 75 33 30 63 64 5c 75 33 30 63 33 5c 75 33 30 63 38 5c 75 36 33 61 35 5c 75 37 64 39 61 5c 75 33 30 34 63 5c 75 33 30 62 66 5c 75 33 30 61 34 5c 75 33 30 65 30 5c 75 33 30 61 32 5c 75 33 30 61 36 5c 75 33 30 63 38 5c 75 33 30 35
                                                                                                                                                                                                                        Data Ascii: 305f\u3002\u30af\u30ea\u30c3\u30af\u3057\u3066\u66f4\u65b0\u3057\u3066\u304f\u3060\u3055\u3044","\u8a8d\u8a3c\u306b\u6210\u529f\u3057\u307e\u3057\u305f","\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u63a5\u7d9a\u304c\u30bf\u30a4\u30e0\u30a2\u30a6\u30c8\u305
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 30 65 62 30 5c 75 30 65 61 35 5c 75 30 65 62 38 5c 75 30 65 39 39 5c 75 30 65 62 32 5c 75 30 65 61 35 5c 75 30 65 61 64 5c 75 30 65 38 37 5c 75 30 65 63 33 5c 75 30 65 64 64 5c 75 30 65 63 38 2e 22 2c 22 5c 75 30 65 38 31 5c 75 30 65 62 32 5c 75 30 65 39 39 5c 75 30 65 38 31 5c 75 30 65 61 37 5c 75 30 65 39 34 5c 75 30 65 61 61 5c 75 30 65 61 64 5c 75 30 65 39 61 5c 75 30 65 39 61 5c 75 30 65 63 64 5c 75 30 65 63 38 5c 75 30 65 61 61 5c 75 30 65 62 33 5c 75 30 65 63 30 5c 75 30 65 61 35 5c 75 30 65 62 31 5c 75 30 65 39 34 2e 20 5c 75 30 65 61 35 5c 75 30 65 61 64 5c 75 30 65 38 37 5c 75 30 65 63 33 5c 75 30 65 64 64 5c 75 30 65 63 38 5c 75 30 65 61 64 5c 75 30 65 62 35 5c 75 30 65 38 31 2e 22 2c 22 5c 75 30 65 38 31 5c 75 30 65 62 32 5c 75 30 65 39 39 5c
                                                                                                                                                                                                                        Data Ascii: 0eb0\u0ea5\u0eb8\u0e99\u0eb2\u0ea5\u0ead\u0e87\u0ec3\u0edd\u0ec8.","\u0e81\u0eb2\u0e99\u0e81\u0ea7\u0e94\u0eaa\u0ead\u0e9a\u0e9a\u0ecd\u0ec8\u0eaa\u0eb3\u0ec0\u0ea5\u0eb1\u0e94. \u0ea5\u0ead\u0e87\u0ec3\u0edd\u0ec8\u0ead\u0eb5\u0e81.","\u0e81\u0eb2\u0e99\
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 2e 74 65 73 74 3f 74 68 69 73 5b 6f 5b 30 5d 5d 3d 73 3f 73 2e 72 65 70 6c 61 63 65 28 6f 5b 31 5d 2c 6f 5b 32 5d 29 3a 76 6f 69 64 20 30 3a 74 68 69 73 5b 6f 5b 30 5d 5d 3d 73 3f 6f 5b 31 5d 2e 63 61 6c 6c 28 74 68 69 73 2c 73 2c 6f 5b 32 5d 29 3a 76 6f 69 64 20 30 3a 34 3d 3d 3d 6f 2e 6c 65 6e 67 74 68 26 26 28 74 68 69 73 5b 6f 5b 30 5d 5d 3d 73 3f 6f 5b 33 5d 2e 63 61 6c 6c 28 74 68 69 73 2c 73 2e 72 65 70 6c 61 63 65 28 6f 5b 31 5d 2c 6f 5b 32 5d 29 29 3a 76 6f 69 64 20 30 29 3a 74 68 69 73 5b 6f 5d 3d 73 7c 7c 76 6f 69 64 20 30 3b 63 2b 3d 32 7d 7d 2c 77 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 72 20 69 6e 20 65 29 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 5b 72 5d 26 26 65 5b 72 5d 2e 6c 65 6e 67 74
                                                                                                                                                                                                                        Data Ascii: .test?this[o[0]]=s?s.replace(o[1],o[2]):void 0:this[o[0]]=s?o[1].call(this,s,o[2]):void 0:4===o.length&&(this[o[0]]=s?o[3].call(this,s.replace(o[1],o[2])):void 0):this[o]=s||void 0;c+=2}},w=function(t,e){for(var r in e)if("object"==typeof e[r]&&e[r].lengt
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 73 69 6f 6e 54 69 6d 65 6f 75 74 3a 33 35 2c 76 65 72 69 66 79 53 74 61 72 74 3a 34 30 2c 73 65 6e 64 54 72 61 63 6b 65 72 44 61 74 61 3a 34 31 7d 2c 74 65 6d 70 6c 61 74 65 4b 65 79 73 3a 5b 22 64 72 61 67 22 2c 22 64 79 22 5d 2c 72 65 74 43 6f 64 65 3a 7b 73 75 63 63 65 73 73 3a 30 2c 65 72 72 6f 72 57 69 74 68 54 69 63 6b 65 74 3a 30 2c 63 6c 6f 73 65 3a 32 7d 2c 64 65 66 61 75 6c 74 43 6f 6c 6f 72 53 63 68 65 6d 65 3a 22 23 30 30 35 41 43 46 22 7d 7d 2c 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 69 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 76 61 6c 75 65 73 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26
                                                                                                                                                                                                                        Data Ascii: sionTimeout:35,verifyStart:40,sendTrackerData:41},templateKeys:["drag","dy"],retCode:{success:0,errorWithTicket:0,close:2},defaultColorScheme:"#005ACF"}},,function(t,e,r){"use strict";var i=this&&this.__values||function(t){var e="function"==typeof Symbol&
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 4d 6f 64 75 6c 65 22 7d 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 7d 2c 65 2e 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 69 66 28 31 26 6e 26 26 28 74 3d 65 28 74 29 29 2c 38 26 6e 29 72 65 74 75 72 6e 20 74 3b 69 66 28 34 26 6e 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 74 26 26 74 2e 5f 5f 65 73 4d 6f 64 75 6c 65 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 72 3d 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 28 6e 75 6c 6c 29 3b 69 66 28 65 2e 72 28 72 29 2c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 72 2c 22 64 65 66 61 75 6c 74 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 74 7d 29
                                                                                                                                                                                                                        Data Ascii: Module"}),Object.defineProperty(t,"__esModule",{value:!0})},e.t=function(t,n){if(1&n&&(t=e(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(e.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t})
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 61 74 69 6f 6e 29 2c 74 68 69 73 2e 65 76 65 6e 74 3d 6e 65 77 20 64 2e 45 76 65 6e 74 45 6d 69 74 74 65 72 2c 74 68 69 73 2e 68 74 74 70 52 65 71 75 65 73 74 3d 6e 65 77 20 6c 2e 52 65 71 75 65 73 74 4d 61 6e 61 67 65 72 28 74 68 69 73 29 2c 74 68 69 73 2e 6d 6f 6e 69 74 6f 72 3d 6e 65 77 20 62 2e 4d 6f 6e 69 74 6f 72 2c 74 68 69 73 2e 6d 75 6c 74 69 53 74 65 70 3d 21 31 2c 74 68 69 73 2e 73 69 64 3d 22 22 2c 74 68 69 73 2e 61 70 70 69 64 3d 22 22 2c 74 68 69 73 2e 75 69 70 3d 22 22 2c 74 68 69 73 2e 63 75 72 43 6f 6d 6d 6f 6e 43 6f 6e 66 69 67 3d 6e 75 6c 6c 2c 74 68 69 73 2e 63 75 72 44 79 6e 53 68 6f 77 49 6e 66 6f 3d 6e 75 6c 6c 2c 74 68 69 73 2e 72 65 66 72 65 73 68 48 74 74 70 45 72 72 6f 72 43 6f 75 6e 74 65 72 3d 30 2c 74 68 69 73 2e 76 65 72 69
                                                                                                                                                                                                                        Data Ascii: ation),this.event=new d.EventEmitter,this.httpRequest=new l.RequestManager(this),this.monitor=new b.Monitor,this.multiStep=!1,this.sid="",this.appid="",this.uip="",this.curCommonConfig=null,this.curDynShowInfo=null,this.refreshHttpErrorCounter=0,this.veri
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 72 2e 63 61 6c 6c 28 74 29 2c 61 3d 5b 5d 3b 74 72 79 7b 66 6f 72 28 3b 28 76 6f 69 64 20 30 3d 3d 3d 65 7c 7c 65 2d 2d 20 3e 30 29 26 26 21 28 69 3d 6f 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 61 2e 70 75 73 68 28 69 2e 76 61 6c 75 65 29 7d 63 61 74 63 68 28 73 29 7b 6e 3d 7b 65 72 72 6f 72 3a 73 7d 7d 66 69 6e 61 6c 6c 79 7b 74 72 79 7b 69 26 26 21 69 2e 64 6f 6e 65 26 26 28 72 3d 6f 5b 22 72 65 74 75 72 6e 22 5d 29 26 26 72 2e 63 61 6c 6c 28 6f 29 7d 66 69 6e 61 6c 6c 79 7b 69 66 28 6e 29 74 68 72 6f 77 20 6e 2e 65 72 72 6f 72 7d 7d 72 65 74 75 72 6e 20 61 7d 2c 6e 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 76 61 6c 75 65 73 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 53 79 6d
                                                                                                                                                                                                                        Data Ascii: r.call(t),a=[];try{for(;(void 0===e||e-- >0)&&!(i=o.next()).done;)a.push(i.value)}catch(s){n={error:s}}finally{try{i&&!i.done&&(r=o["return"])&&r.call(o)}finally{if(n)throw n.error}}return a},n=this&&this.__values||function(t){var e="function"==typeof Sym
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 69 77 22 3d 3d 3d 72 2c 74 68 69 73 2e 63 75 72 72 65 6e 74 4c 61 6e 67 75 61 67 65 3d 72 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 57 6f 72 64 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 63 75 72 4c 61 6e 67 75 61 67 65 50 61 63 6b 5b 74 5d 3b 69 66 28 21 65 29 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 74 68 69 73 2e 6b 65 79 73 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 69 66 28 74 68 69 73 2e 6b 65 79 73 5b 72 5d 3d 3d 3d 74 29 7b 65 3d 74 68 69 73 2e 63 6f 6e 74 65 6e 74 2e 65 6e 5b 72 5d 3b 62 72 65 61 6b 7d 72 65 74 75 72 6e 20 69 2e 69 73 41 72 72 61 79 28 65 29 3f 65 5b 4d 61 74 68 2e 66 6c 6f 6f 72 28 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2a 65 2e 6c 65 6e 67 74 68 29 5d 3a 65 7d 2c 74 7d 28 29 3b 65 5b 22 64 65 66
                                                                                                                                                                                                                        Data Ascii: iw"===r,this.currentLanguage=r},t.prototype.getWord=function(t){var e=this.curLanguagePack[t];if(!e)for(var r=0;r<this.keys.length;r++)if(this.keys[r]===t){e=this.content.en[r];break}return i.isArray(e)?e[Math.floor(Math.random()*e.length)]:e},t}();e["def
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 52 61 74 65 28 29 2c 74 68 69 73 2e 63 61 70 74 63 68 61 2e 75 73 65 72 45 76 65 6e 74 2e 6f 6e 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 6e 3b 74 2e 74 61 72 67 65 74 2e 62 6c 75 72 28 29 3b 76 61 72 20 61 3d 74 2e 74 61 72 67 65 74 2c 73 3d 72 2e 67 65 74 4d 61 72 6b 49 6e 64 65 78 28 61 29 3b 69 66 28 2d 31 21 3d 3d 73 29 7b 74 72 79 7b 66 6f 72 28 76 61 72 20 63 3d 69 28 72 2e 6d 61 72 6b 73 2e 73 70 6c 69 63 65 28 73 2c 72 2e 6d 61 72 6b 73 2e 6c 65 6e 67 74 68 2d 73 29 29 2c 75 3d 63 2e 6e 65 78 74 28 29 3b 21 75 2e 64 6f 6e 65 3b 75 3d 63 2e 6e 65 78 74 28 29 29 7b 76 61 72 20 6c 3d 75 2e 76 61 6c 75 65 3b 24 28 6c 29 2e 72 65 6d 6f 76 65 28 29 7d 7d 63 61 74 63 68 28 70 29 7b 65 3d 7b 65 72 72 6f 72 3a 70 7d
                                                                                                                                                                                                                        Data Ascii: Rate(),this.captcha.userEvent.on("click",function(t){var e,n;t.target.blur();var a=t.target,s=r.getMarkIndex(a);if(-1!==s){try{for(var c=i(r.marks.splice(s,r.marks.length-s)),u=c.next();!u.done;u=c.next()){var l=u.value;$(l).remove()}}catch(p){e={error:p}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        29192.168.2.74975143.152.136.1774432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC368OUTGET /1/dy-jy.js HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://t.captcha.qq.com/template/drag_ele.html
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: captcha.gtimg.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC693INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Tue, 10 Jan 2023 08:26:54 GMT
                                                                                                                                                                                                                        Etag: "303dbb4b8a1e11044ed428151f047b12"
                                                                                                                                                                                                                        Content-Type: text/javascript
                                                                                                                                                                                                                        Date: Sat, 10 Feb 2024 12:33:21 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 17706959839496341509
                                                                                                                                                                                                                        x-cos-request-id: NjVjNzZkMTFfMmEzNTQwMGJfZjg0M182Y2QxMTM2
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwNzA3MzQ0OTUxODA5Mjk
                                                                                                                                                                                                                        x-cosindex-replication-status: Complete
                                                                                                                                                                                                                        Content-Length: 97336
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 11534263392782066058
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 69 74 68 20 61 20 64 6f 63 75 6d 65 6e 74 22 29 3b 72 65 74 75 72 6e 20 62 28 61 29 7d 3a 62 28 61 29 7d 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 3f 77 69 6e 64 6f 77 3a 74 68 69 73 2c 66 75 6e 63
                                                                                                                                                                                                                        Data Ascii: !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,func
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 61 63 65 28 62 61 2c 63 61 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 28 62 2e 74 65 78 74 43 6f 6e 74 65 6e 74 7c 7c 62 2e 69 6e 6e 65 72 54 65 78 74 7c 7c 65 28 62 29 29 2e 69 6e 64 65 78 4f 66 28 61 29 3e 2d 31 7d 7d 29 2c 6c 61 6e 67 3a 68 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 56 2e 74 65 73 74 28 61 7c 7c 22 22 29 7c 7c 66 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 6c 61 6e 67 3a 20 22 2b 61 29 2c 61 3d 61 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 76 61 72 20 63 3b 64 6f 20 69 66 28 63 3d 70 3f 62 2e 6c 61 6e 67 3a 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 78 6d 6c 3a 6c 61 6e 67 22 29 7c 7c 62 2e 67
                                                                                                                                                                                                                        Data Ascii: ace(ba,ca),function(b){return(b.textContent||b.innerText||e(b)).indexOf(a)>-1}}),lang:ha(function(a){return V.test(a||"")||fa.error("unsupported lang: "+a),a=a.replace(ba,ca).toLowerCase(),function(b){var c;do if(c=p?b.lang:b.getAttribute("xml:lang")||b.g
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 62 20 69 6e 20 64 3f 62 3d 5b 62 5d 3a 28 62 3d 6e 2e 63 61 6d 65 6c 43 61 73 65 28 62 29 2c 62 3d 62 20 69 6e 20 64 3f 5b 62 5d 3a 62 2e 73 70 6c 69 74 28 22 20 22 29 29 2c 65 3d 62 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 65 2d 2d 29 64 65 6c 65 74 65 20 64 5b 62 5b 65 5d 5d 3b 69 66 28 63 3f 21 51 28 64 29 3a 21 6e 2e 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 28 64 29 29 72 65 74 75 72 6e 7d 28 63 7c 7c 28 64 65 6c 65 74 65 20 67 5b 68 5d 2e 64 61 74 61 2c 51 28 67 5b 68 5d 29 29 29 26 26 28 66 3f 6e 2e 63 6c 65 61 6e 44 61 74 61 28 5b 61 5d 2c 21 30 29 3a 6c 2e 64 65 6c 65 74 65 45 78 70 61 6e 64 6f 7c 7c 67 21 3d 67 2e 77 69 6e 64 6f 77 3f 64 65 6c 65 74 65 20 67 5b 68 5d 3a 67 5b 68 5d 3d 76 6f 69 64 20 30 29 7d 7d 7d 6e 2e 65 78 74 65 6e 64 28 7b 63
                                                                                                                                                                                                                        Data Ascii: b in d?b=[b]:(b=n.camelCase(b),b=b in d?[b]:b.split(" ")),e=b.length;while(e--)delete d[b[e]];if(c?!Q(d):!n.isEmptyObject(d))return}(c||(delete g[h].data,Q(g[h])))&&(f?n.cleanData([a],!0):l.deleteExpando||g!=g.window?delete g[h]:g[h]=void 0)}}}n.extend({c
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 28 6e 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2e 63 68 61 6e 67 65 3d 7b 73 65 74 75 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6b 61 2e 74 65 73 74 28 74 68 69 73 2e 6e 6f 64 65 4e 61 6d 65 29 3f 28 28 22 63 68 65 63 6b 62 6f 78 22 3d 3d 3d 74 68 69 73 2e 74 79 70 65 7c 7c 22 72 61 64 69 6f 22 3d 3d 3d 74 68 69 73 2e 74 79 70 65 29 26 26 28 6e 2e 65 76 65 6e 74 2e 61 64 64 28 74 68 69 73 2c 22 70 72 6f 70 65 72 74 79 63 68 61 6e 67 65 2e 5f 63 68 61 6e 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 22 63 68 65 63 6b 65 64 22 3d 3d 3d 61 2e 6f 72 69 67 69 6e 61 6c 45 76 65 6e 74 2e 70 72 6f 70 65 72 74 79 4e 61 6d 65 26 26 28 74 68 69 73 2e 5f 6a 75 73 74 43 68 61 6e 67 65 64 3d 21 30 29 7d 29 2c 6e 2e 65 76 65 6e 74 2e 61 64 64 28 74
                                                                                                                                                                                                                        Data Ascii: (n.event.special.change={setup:function(){return ka.test(this.nodeName)?(("checkbox"===this.type||"radio"===this.type)&&(n.event.add(this,"propertychange._change",function(a){"checked"===a.originalEvent.propertyName&&(this._justChanged=!0)}),n.event.add(t
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC16384INData Raw: 70 74 69 6f 6e 73 2e 73 74 65 70 26 26 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 73 74 65 70 2e 63 61 6c 6c 28 74 68 69 73 2e 65 6c 65 6d 2c 74 68 69 73 2e 6e 6f 77 2c 74 68 69 73 29 2c 63 26 26 63 2e 73 65 74 3f 63 2e 73 65 74 28 74 68 69 73 29 3a 67 62 2e 70 72 6f 70 48 6f 6f 6b 73 2e 5f 64 65 66 61 75 6c 74 2e 73 65 74 28 74 68 69 73 29 2c 74 68 69 73 7d 7d 2c 67 62 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 69 74 2e 70 72 6f 74 6f 74 79 70 65 3d 67 62 2e 70 72 6f 74 6f 74 79 70 65 2c 67 62 2e 70 72 6f 70 48 6f 6f 6b 73 3d 7b 5f 64 65 66 61 75 6c 74 3a 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3b 72 65 74 75 72 6e 20 31 21 3d 3d 61 2e 65 6c 65 6d 2e 6e 6f 64 65 54 79 70 65 7c 7c 6e 75 6c 6c 21 3d 61 2e 65 6c 65 6d 5b 61 2e 70 72 6f 70
                                                                                                                                                                                                                        Data Ascii: ptions.step&&this.options.step.call(this.elem,this.now,this),c&&c.set?c.set(this):gb.propHooks._default.set(this),this}},gb.prototype.init.prototype=gb.prototype,gb.propHooks={_default:{get:function(a){var b;return 1!==a.elem.nodeType||null!=a.elem[a.prop
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC15416INData Raw: 73 2e 75 6e 73 68 69 66 74 28 6a 29 2c 67 28 6a 29 2c 21 31 29 7d 29 2c 69 7d 72 65 74 75 72 6e 20 67 28 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 7c 7c 21 65 5b 22 2a 22 5d 26 26 67 28 22 2a 22 29 7d 66 75 6e 63 74 69 6f 6e 20 55 62 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 2c 65 3d 6e 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 66 6c 61 74 4f 70 74 69 6f 6e 73 7c 7c 7b 7d 3b 66 6f 72 28 64 20 69 6e 20 62 29 76 6f 69 64 20 30 21 3d 3d 62 5b 64 5d 26 26 28 28 65 5b 64 5d 3f 61 3a 63 7c 7c 28 63 3d 7b 7d 29 29 5b 64 5d 3d 62 5b 64 5d 29 3b 72 65 74 75 72 6e 20 63 26 26 6e 2e 65 78 74 65 6e 64 28 21 30 2c 61 2c 63 29 2c 61 7d 66 75 6e 63 74 69 6f 6e 20 56 62 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 2c 66 2c 67 2c 68 3d 61 2e 63 6f 6e 74 65 6e 74 73 2c 69
                                                                                                                                                                                                                        Data Ascii: s.unshift(j),g(j),!1)}),i}return g(b.dataTypes[0])||!e["*"]&&g("*")}function Ub(a,b){var c,d,e=n.ajaxSettings.flatOptions||{};for(d in b)void 0!==b[d]&&((e[d]?a:c||(c={}))[d]=b[d]);return c&&n.extend(!0,a,c),a}function Vb(a,b,c){var d,e,f,g,h=a.contents,i


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        30192.168.2.74975043.129.115.2024437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC661OUTGET /mobileqq/ HTTP/1.1
                                                                                                                                                                                                                        Host: im.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-User: ?1
                                                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC446INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:34 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 4387
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=64fb0a5a1e6bde98b2cf602a7e28e948; Expires=Fri, 16-Feb-2024 08:21:34 GMT; Path=/
                                                                                                                                                                                                                        Server: openresty/1.16.1.1
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Last-Modified: Thu, 08 Feb 2024 02:14:31 GMT
                                                                                                                                                                                                                        ETag: "65c43907-1123"
                                                                                                                                                                                                                        Cache-Control: max-age=600
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        x-request-time: 0.001
                                                                                                                                                                                                                        x-whistle-client-id: -,
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC2503INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 43 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 54 65 6e 63 65 6e 74 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 51 51 32 30 32 33 e6 96 b0 e7 89 88 2c 51 51 32 30 32 33 e5 ae 98 e6 96 b9 e4 b8 8b e8 bd bd 2c 51 51 32 34 e5 91 a8 e5 b9 b4 2c 51 51 39 e9 a2 84 e7 ba a6 2c e6 89 8b e6 9c ba 51 51 e5 ae 98 e6 96 b9 e6 9c 80
                                                                                                                                                                                                                        Data Ascii: <!doctype html><html lang=""><head><meta charset="utf-8"/><meta name="Copyright" content="Tencent"/><meta http-equiv="X-UA-Compatible" content="ie=edge"/><meta name="keywords" content="QQ2023,QQ2023,QQ24,QQ9,QQ
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC1884INData Raw: 32 35 38 35 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 64 65 39 63 39 32 30 62 2f 6a 73 2f 6f 74 68 65 72 2d 63 68 75 6e 6b 2e 64 64 66 30 34 32 64 31 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 65 66 65 72 3d 22 64 65 66 65 72 22 20 74 79 70 65 3d 22 6d 6f 64 75 6c 65 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 64 65 39 63 39 32 30 62 2f 6a 73 2f 63 68 75 6e 6b 2d 76 65 6e 64 6f 72 73 2e 65 33 62 39 61
                                                                                                                                                                                                                        Data Ascii: 2585.js"></script><script defer="defer" type="module" src="https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/other-chunk.ddf042d1.js"></script><script defer="defer" type="module" src="https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/chunk-vendors.e3b9a


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        31192.168.2.749753129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:34 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069893516&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:35 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:35 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:35 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        32192.168.2.749765211.152.148.324437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC537OUTGET /aegis/aegis-sdk/latest/aegis.min.js HTTP/1.1
                                                                                                                                                                                                                        Host: cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC481INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:36 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 68901
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=666
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 08:02:41 GMT
                                                                                                                                                                                                                        Last-Modified: Thu, 18 Jan 2024 04:18:18 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 9261f712-b5ef-4e7e-86c1-9ec665a055ce
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: false
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC15903INData Raw: 2f 2a 2a 0a 20 2a 20 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 20 2a 20 40 74 65 6e 63 65 6e 74 2f 61 65 67 69 73 2d 77 65 62 2d 73 64 6b 40 31 2e 34 33 2e 36 20 28 63 29 20 32 30 32 34 20 54 65 6e 63 65 6e 74 43 6c 6f 75 64 20 52 65 61 6c 20 55 73 65 72 20 4d 6f 6e 69 74 6f 72 69 6e 67 2e 0a 20 2a 20 41 75 74 68 6f 72 20 70 75 6d 70 6b 69 6e 63 61 69 2e 0a 20 2a 20 4c 61 73 74 20 52 65 6c 65 61 73 65 20 54 69 6d 65 20 54 68 75 20 4a 61 6e 20 31 38 20 32 30 32 34 20 31 32 3a 31 36 3a 30 30 20 47 4d 54 2b 30 38 30 30 20 28 47 4d 54 2b 30 38 3a 30 30 29 2e 0a 20 2a 20 52 65
                                                                                                                                                                                                                        Data Ascii: /** * ========================================================================== * @tencent/aegis-web-sdk@1.43.6 (c) 2024 TencentCloud Real User Monitoring. * Author pumpkincai. * Last Release Time Thu Jan 18 2024 12:16:00 GMT+0800 (GMT+08:00). * Re
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 45 72 72 6f 72 28 65 29 7d 74 68 69 73 2e 6c 69 66 65 43 79 63 6c 65 2e 65 6d 69 74 28 22 6f 6e 49 6e 69 74 65 64 22 29 7d 2c 53 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 73 74 72 6f 79 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 21 31 29 3b 76 61 72 20 74 2c 6e 2c 72 3d 53 2e 69 6e 73 74 61 6e 63 65 73 2e 69 6e 64 65 78 4f 66 28 74 68 69 73 29 3b 2d 31 21 3d 3d 72 26 26 53 2e 69 6e 73 74 61 6e 63 65 73 2e 73 70 6c 69 63 65 28 72 2c 31 29 3b 66 6f 72 28 76 61 72 20 6f 3d 53 2e 69 6e 73 74 61 6c 6c 65 64 50 6c 75 67 69 6e 73 2e 6c 65 6e 67 74 68 2d 31 3b 30 3c 3d 6f 3b 6f 2d 2d 29 74 72 79 7b 53 2e 69 6e 73 74 61 6c 6c 65 64 50 6c 75 67 69 6e 73 5b 6f 5d 2e 75 6e 70 61 74 63 68 28 74 68 69 73 29 7d 63 61 74 63 68 28 65
                                                                                                                                                                                                                        Data Ascii: Error(e)}this.lifeCycle.emit("onInited")},S.prototype.destroy=function(e){void 0===e&&(e=!1);var t,n,r=S.instances.indexOf(this);-1!==r&&S.instances.splice(r,1);for(var o=S.installedPlugins.length-1;0<=o;o--)try{S.installedPlugins[o].unpatch(this)}catch(e
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 28 22 6d 6f 62 69 6c 65 22 29 7d 2c 61 2e 66 78 6f 73 54 61 62 6c 65 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 66 78 6f 73 28 29 26 26 72 28 22 74 61 62 6c 65 74 22 29 7d 2c 61 2e 6d 65 65 67 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 28 22 6d 65 65 67 6f 22 29 7d 2c 61 2e 63 6f 72 64 6f 76 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 63 6f 72 64 6f 76 61 26 26 22 66 69 6c 65 3a 22 3d 3d 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 7d 2c 61 2e 6e 6f 64 65 57 65 62 6b 69 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 2e 70 72 6f 63 65 73 73 7d 2c 61 2e 6d 6f 62 69 6c 65 3d 66 75 6e 63 74 69
                                                                                                                                                                                                                        Data Ascii: ("mobile")},a.fxosTablet=function(){return a.fxos()&&r("tablet")},a.meego=function(){return r("meego")},a.cordova=function(){return window.cordova&&"file:"===location.protocol},a.nodeWebkit=function(){return"object"==typeof window.process},a.mobile=functi
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 28 65 5b 33 5d 7c 7c 30 29 2b 22 29 5c 6e 20 20 20 20 20 20 20 20 20 20 5c 6e 22 2b 79 28 65 5b 34 5d 7c 7c 22 22 29 2c 6c 65 76 65 6c 3a 77 2e 45 52 52 4f 52 7d 2c 6f 29 2c 6e 75 6c 6c 21 3d 63 26 26 63 2e 63 61 6c 6c 2e 61 70 70 6c 79 28 63 2c 75 28 5b 77 69 6e 64 6f 77 5d 2c 65 29 29 7d 2c 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 65 29 3b 77 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 65 72 72 6f 72 22 2c 74 2c 21 30 29 2c 6f 2e 6c 69 66 65 43 79 63 6c 65 2e 6f 6e 28 22 64 65 73 74 72 6f 79 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 30 3d 3d 3d 75 74 2e 63 6f 75 6e 74 49 6e 73 74 61 6e 63 65 28 29 26 26 28 77
                                                                                                                                                                                                                        Data Ascii: (e[3]||0)+")\n \n"+y(e[4]||""),level:w.ERROR},o),null!=c&&c.call.apply(c,u([window],e))},window.addEventListener("unhandledrejection",e);window.document.addEventListener("error",t,!0),o.lifeCycle.on("destroy",function(){0===ut.countInstance()&&(w
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC3846INData Raw: 65 74 22 3d 3d 3d 69 2e 74 6f 4c 6f 63 61 6c 65 4c 6f 77 65 72 43 61 73 65 28 29 3f 28 6e 2e 6f 70 65 6e 28 22 67 65 74 22 2c 28 72 3d 73 2e 75 72 6c 2c 6f 3d 73 2e 64 61 74 61 2c 22 73 74 72 69 6e 67 22 21 3d 74 79 70 65 6f 66 20 72 3f 22 22 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6f 26 26 6f 3f 28 69 3d 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 4e 61 6d 65 73 28 6f 29 2e 6d 61 70 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 6f 5b 65 5d 3b 72 65 74 75 72 6e 20 65 2b 22 3d 22 2b 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 3f 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 74 29 3a 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 74 29
                                                                                                                                                                                                                        Data Ascii: et"===i.toLocaleLowerCase()?(n.open("get",(r=s.url,o=s.data,"string"!=typeof r?"":"object"==typeof o&&o?(i=Object.getOwnPropertyNames(o).map(function(e){var t=o[e];return e+"="+("string"==typeof t?encodeURIComponent(t):encodeURIComponent(JSON.stringify(t)


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        33192.168.2.749760119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC580OUTGET /im.qq.com_new/de9c920b/js/vue-chunk.bc9c2585.js HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC485INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:36 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 139706
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:36 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 25e97a50-d19b-4a18-bc55-76dd33d9aaac
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC15899INData Raw: 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 37 37 5d 2c 7b 39 36 36 32 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 36 31 34 29 2c 6f 3d 65 28 36 33 33 30 29 2c 69 3d 54 79 70 65 45 72 72 6f 72 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 6e 28 74 29 29 72 65 74 75 72 6e 20 74 3b 74 68 72 6f 77 20 69 28 6f 28 74 29 2b 22 20 69 73 20 6e 6f 74 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 7d 7d 2c 39 34 38 33 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 34 34 31 31 29 2c 6f 3d 65 28 36 33 33
                                                                                                                                                                                                                        Data Ascii: (self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new||[]).push([[277],{9662:function(t,r,e){var n=e(614),o=e(6330),i=TypeError;t.exports=function(t){if(n(t))return t;throw i(o(t)+" is not a function")}},9483:function(t,r,e){var n=e(4411),o=e(633
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 69 28 74 29 3b 72 65 74 75 72 6e 21 30 3d 3d 3d 65 3f 78 28 72 29 2e 68 61 73 28 74 29 3a 65 26 26 70 28 65 2c 72 2e 69 64 29 7d 7d 29 2c 6f 28 68 2c 65 3f 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 3d 67 28 74 68 69 73 29 3b 69 66 28 73 28 74 29 29 7b 76 61 72 20 65 3d 69 28 74 29 3b 72 65 74 75 72 6e 21 30 3d 3d 3d 65 3f 78 28 72 29 2e 67 65 74 28 74 29 3a 65 3f 65 5b 72 2e 69 64 5d 3a 76 6f 69 64 20 30 7d 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 29 7b 72 65 74 75 72 6e 20 79 28 74 68 69 73 2c 74 2c 72 29 7d 7d 3a 7b 61 64 64 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 79 28 74 68 69 73 2c 74 2c 21 30 29 7d 7d 29 2c 6c 7d 7d 7d 2c 37 37 31 30 3a 66 75 6e 63 74
                                                                                                                                                                                                                        Data Ascii: eturn!1;var e=i(t);return!0===e?x(r).has(t):e&&p(e,r.id)}}),o(h,e?{get:function(t){var r=g(this);if(s(t)){var e=i(t);return!0===e?x(r).get(t):e?e[r.id]:void 0}},set:function(t,r){return y(this,t,r)}}:{add:function(t){return y(this,t,!0)}}),l}}},7710:funct
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 21 69 28 74 29 29 72 65 74 75 72 6e 21 31 3b 73 77 69 74 63 68 28 75 28 74 29 29 7b 63 61 73 65 22 41 73 79 6e 63 46 75 6e 63 74 69 6f 6e 22 3a 63 61 73 65 22 47 65 6e 65 72 61 74 6f 72 46 75 6e 63 74 69 6f 6e 22 3a 63 61 73 65 22 41 73 79 6e 63 47 65 6e 65 72 61 74 6f 72 46 75 6e 63 74 69 6f 6e 22 3a 72 65 74 75 72 6e 21 31 7d 74 72 79 7b 72 65 74 75 72 6e 20 76 7c 7c 21 21 68 28 70 2c 63 28 74 29 29 7d 63 61 74 63 68 28 72 29 7b 72 65 74 75 72 6e 21 30 7d 7d 3b 67 2e 73 68 61 6d 3d 21 30 2c 74 2e 65 78 70 6f 72 74 73 3d 21 6c 7c 7c 6f 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 64 28 64 2e 63 61 6c 6c 29 7c 7c 21 64 28 4f 62 6a 65 63 74 29 7c 7c 21 64 28 28 66 75 6e 63 74 69
                                                                                                                                                                                                                        Data Ascii: function(t){if(!i(t))return!1;switch(u(t)){case"AsyncFunction":case"GeneratorFunction":case"AsyncGeneratorFunction":return!1}try{return v||!!h(p,c(t))}catch(r){return!0}};g.sham=!0,t.exports=!l||o((function(){var t;return d(d.call)||!d(Object)||!d((functi
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 38 38 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 76 61 72 20 6e 3d 65 28 38 35 35 34 29 2c 6f 3d 54 79 70 65 45 72 72 6f 72 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 6e 28 74 29 29 74 68 72 6f 77 20 6f 28 22 43 61 6e 27 74 20 63 61 6c 6c 20 6d 65 74 68 6f 64 20 6f 6e 20 22 2b 74 29 3b 72 65 74 75 72 6e 20 74 7d 7d 2c 31 31 35 30 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 65 78 70 6f 72 74 73 3d 4f 62 6a 65 63 74 2e 69 73 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 2c 72 29 7b 72 65 74 75 72 6e 20 74 3d 3d 3d 72 3f 30 21 3d 3d 74 7c 7c 31 2f 74 3d 3d 31 2f 72 3a 74 21 3d 74 26 26 72 21 3d 72 7d 7d 2c 36 33 34 30 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d
                                                                                                                                                                                                                        Data Ascii: 88:function(t,r,e){var n=e(8554),o=TypeError;t.exports=function(t){if(n(t))throw o("Can't call method on "+t);return t}},1150:function(t){t.exports=Object.is||function(t,r){return t===r?0!==t||1/t==1/r:t!=t&&r!=r}},6340:function(t,r,e){"use strict";var n=
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 3d 65 28 31 32 32 33 29 3b 6e 28 7b 74 61 72 67 65 74 3a 22 41 72 72 61 79 22 2c 70 72 6f 74 6f 3a 21 30 7d 2c 7b 66 69 6e 64 4c 61 73 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6f 28 74 68 69 73 2c 74 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 3f 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 76 6f 69 64 20 30 29 7d 7d 29 2c 69 28 22 66 69 6e 64 4c 61 73 74 22 29 7d 2c 39 38 32 36 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 65 28 32 31 30 39 29 2c 6f 3d 65 28 32 30 39 32 29 2e 66 69 6e 64 2c 69 3d 65 28 31 32 32 33 29 2c 75 3d 22 66 69 6e 64 22 2c 61 3d 21 30 3b 75 20 69 6e 5b 5d 26 26 41 72 72 61 79 28 31 29 2e 66 69 6e 64 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61
                                                                                                                                                                                                                        Data Ascii: =e(1223);n({target:"Array",proto:!0},{findLast:function(t){return o(this,t,arguments.length>1?arguments[1]:void 0)}}),i("findLast")},9826:function(t,r,e){"use strict";var n=e(2109),o=e(2092).find,i=e(1223),u="find",a=!0;u in[]&&Array(1).find((function(){a
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 28 29 7b 7d 29 29 7d 29 29 7d 2c 7b 66 69 6e 61 6c 6c 79 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 3d 73 28 74 68 69 73 2c 61 28 22 50 72 6f 6d 69 73 65 22 29 29 2c 65 3d 63 28 74 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 74 68 65 6e 28 65 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 28 72 2c 74 28 29 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 7d 29 29 7d 3a 74 2c 65 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 28 72 2c 74 28 29 29 2e 74 68 65 6e 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 65 7d 29 29 7d 3a 74 29 7d 7d 29 2c 21 6f 26 26 63 28 69 29 29 7b 76 61 72 20 68 3d 61 28 22 50 72 6f 6d 69 73 65 22 29 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6e 61 6c 6c
                                                                                                                                                                                                                        Data Ascii: (){}))}))},{finally:function(t){var r=s(this,a("Promise")),e=c(t);return this.then(e?function(e){return f(r,t()).then((function(){return e}))}:t,e?function(e){return f(r,t()).then((function(){throw e}))}:t)}}),!o&&c(i)){var h=a("Promise").prototype.finall
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 6f 6c 2c 76 3d 68 26 26 68 2e 70 72 6f 74 6f 74 79 70 65 3b 69 66 28 6f 26 26 63 28 68 29 26 26 28 21 28 22 64 65 73 63 72 69 70 74 69 6f 6e 22 69 6e 20 76 29 7c 7c 76 6f 69 64 20 30 21 3d 3d 68 28 29 2e 64 65 73 63 72 69 70 74 69 6f 6e 29 29 7b 76 61 72 20 64 3d 7b 7d 2c 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3c 31 7c 7c 76 6f 69 64 20 30 3d 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 3f 76 6f 69 64 20 30 3a 66 28 61 72 67 75 6d 65 6e 74 73 5b 30 5d 29 2c 72 3d 73 28 76 2c 74 68 69 73 29 3f 6e 65 77 20 68 28 74 29 3a 76 6f 69 64 20 30 3d 3d 3d 74 3f 68 28 29 3a 68 28 74 29 3b 72 65 74 75 72 6e 22 22 3d 3d 3d 74 26 26 28 64 5b 72 5d 3d 21 30 29 2c 72 7d 3b 70 28 67 2c 68 29 2c 67 2e 70 72 6f
                                                                                                                                                                                                                        Data Ascii: ol,v=h&&h.prototype;if(o&&c(h)&&(!("description"in v)||void 0!==h().description)){var d={},g=function(){var t=arguments.length<1||void 0===arguments[0]?void 0:f(arguments[0]),r=s(v,this)?new h(t):void 0===t?h():h(t);return""===t&&(d[r]=!0),r};p(g,h),g.pro
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 30 32 29 2c 66 3d 65 28 38 30 35 32 29 2c 6c 3d 65 28 37 30 34 35 29 2c 70 3d 65 28 35 37 38 37 29 2c 68 3d 65 28 32 35 39 37 29 2c 76 3d 65 28 31 35 37 34 29 2c 64 3d 65 28 38 34 35 37 29 2c 67 3d 65 28 31 35 38 39 29 2c 79 3d 65 28 38 37 31 30 29 2e 63 6f 64 65 41 74 2c 6d 3d 65 28 33 31 39 37 29 2c 62 3d 65 28 31 33 34 30 29 2c 78 3d 65 28 38 30 30 33 29 2c 77 3d 65 28 38 30 35 33 29 2c 45 3d 65 28 35 35 35 36 29 2c 41 3d 65 28 39 39 30 39 29 2c 53 3d 41 2e 73 65 74 2c 4f 3d 41 2e 67 65 74 74 65 72 46 6f 72 28 22 55 52 4c 22 29 2c 52 3d 45 2e 55 52 4c 53 65 61 72 63 68 50 61 72 61 6d 73 2c 54 3d 45 2e 67 65 74 53 74 61 74 65 2c 49 3d 61 2e 55 52 4c 2c 5f 3d 61 2e 54 79 70 65 45 72 72 6f 72 2c 6a 3d 61 2e 70 61 72 73 65 49 6e 74 2c 50 3d 4d 61 74 68 2e
                                                                                                                                                                                                                        Data Ascii: 02),f=e(8052),l=e(7045),p=e(5787),h=e(2597),v=e(1574),d=e(8457),g=e(1589),y=e(8710).codeAt,m=e(3197),b=e(1340),x=e(8003),w=e(8053),E=e(5556),A=e(9909),S=A.set,O=A.getterFor("URL"),R=E.URLSearchParams,T=E.getState,I=a.URL,_=a.TypeError,j=a.parseInt,P=Math.
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC9119INData Raw: 6f 64 65 49 64 3b 64 28 72 2c 6e 29 2c 65 2e 73 74 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 72 2c 65 29 7b 72 3d 22 72 6f 6f 74 22 3d 3d 3d 65 3f 72 3a 72 5b 65 5d 3b 76 61 72 20 6e 3d 4f 62 6a 65 63 74 2e 6b 65 79 73 28 72 29 2c 6f 3d 7b 73 74 61 74 65 3a 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 2e 73 74 61 74 65 29 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 72 29 7b 72 65 74 75 72 6e 7b 6b 65 79 3a 72 2c 65 64 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 74 2e 73 74 61 74 65 5b 72 5d 7d 7d 29 29 7d 3b 69 66 28 6e 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 69 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 72 3d 7b 7d 3b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 6b 65 79 73 28 74 29 2e 66 6f 72 45 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b
                                                                                                                                                                                                                        Data Ascii: odeId;d(r,n),e.state=function(t,r,e){r="root"===e?r:r[e];var n=Object.keys(r),o={state:Object.keys(t.state).map((function(r){return{key:r,editable:!0,value:t.state[r]}}))};if(n.length){var i=function(t){var r={};return Object.keys(t).forEach((function(e){


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        34192.168.2.749763119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC574OUTGET /im.qq.com_new/de9c920b/css/other-chunk.b343dd17.css HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: style
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC904INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:37 GMT
                                                                                                                                                                                                                        Content-Type: text/css
                                                                                                                                                                                                                        Content-Length: 14224
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:37 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: f3d09015e46271b3aa5a3f36b41c5ff7
                                                                                                                                                                                                                        ETag: "549a976efb6e4679ed06f748da789657"
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 9524798913488099887
                                                                                                                                                                                                                        x-cos-request-id: NjViOWYyODhfNGVlYzRjMGJfMTEyOGVfNTM5YWYyNA==
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwMzc0MDIyNjM2ODcxNzI
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        X-NWS-LOG-UUID: bace4852-bfba-46ab-bc7c-2b0551735652
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        x-sername: cdn-go.cn
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC14224INData Raw: 2e 71 2d 73 68 61 72 65 2d 70 69 63 74 75 72 65 7b 63 6f 6c 6f 72 3a 23 36 36 36 7d 2e 71 2d 73 68 61 72 65 2d 70 69 63 74 75 72 65 5f 5f 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 32 35 33 70 78 7d 2e 71 2d 73 68 61 72 65 2d 70 69 63 74 75 72 65 5f 5f 70 61 6e 65 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 62 67 5f 74 6f 70 5f 6c 69 67 68 74 2c 23 66 66 66 29 7d 2e 71 2d 73 68 61 72 65 2d 70 69 63 74 75 72 65 5f 5f 74 69 74 6c 65 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 31 36 70 78 3b 70 61 64 64 69 6e 67 2d 72 69
                                                                                                                                                                                                                        Data Ascii: .q-share-picture{color:#666}.q-share-picture__img{position:absolute;width:253px}.q-share-picture__panel{background-color:var(--bg_top_light,#fff)}.q-share-picture__title{display:flex;justify-content:space-between;align-items:center;padding:16px;padding-ri


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        35192.168.2.749761119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC576OUTGET /im.qq.com_new/de9c920b/css/chunk-vendors.120b3a4b.css HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: style
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC623INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:36 GMT
                                                                                                                                                                                                                        Content-Type: text/css
                                                                                                                                                                                                                        Content-Length: 884
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:36 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 491be89711ba59791335b51f10c8bda1
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 60aeebfc-330a-4d3b-a7bd-4483fded1457
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC884INData Raw: 61 2c 61 64 64 72 65 73 73 2c 62 2c 62 6c 6f 63 6b 71 75 6f 74 65 2c 62 6f 64 79 2c 64 69 76 2c 65 6d 2c 66 69 65 6c 64 73 65 74 2c 66 6f 72 6d 2c 68 31 2c 68 32 2c 68 33 2c 68 34 2c 68 35 2c 68 36 2c 68 74 6d 6c 2c 69 2c 69 66 72 61 6d 65 2c 69 6d 67 2c 6c 61 62 65 6c 2c 6c 65 67 65 6e 64 2c 6c 69 2c 6f 6c 2c 70 2c 73 2c 73 70 61 6e 2c 74 61 62 6c 65 2c 74 62 6f 64 79 2c 74 64 2c 74 66 6f 6f 74 2c 74 68 2c 74 68 65 61 64 2c 74 72 2c 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 2d 61 70 70 6c 65 2d 73 79 73 74 65
                                                                                                                                                                                                                        Data Ascii: a,address,b,blockquote,body,div,em,fieldset,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,label,legend,li,ol,p,s,span,table,tbody,td,tfoot,th,thead,tr,ul{margin:0;padding:0;border:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:-apple-syste


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        36192.168.2.749757119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC582OUTGET /im.qq.com_new/de9c920b/js/other-chunk.ddf042d1.js HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC640INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:36 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 164836
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:36 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 3f0eb5283091335db21cdb113f305e5a
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 7e43ee0f-d777-4723-9cff-15118c619f6c
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC15744INData Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6f 74 68 65 72 2d 63 68 75 6e 6b 2e 64 64 66 30 34 32 64 31 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 32 35 36 5d 2c 7b 37 32 36 38 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 34 30 32 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 65 2c 7b 70 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 7d 29 3b 76 61 72 20 72 3d 22 71 22 7d 2c 33 39
                                                                                                                                                                                                                        Data Ascii: /*! For license information please see other-chunk.ddf042d1.js.LICENSE.txt */(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new||[]).push([[256],{7268:function(){},402:function(t,e,n){"use strict";n.d(e,{p:function(){return r}});var r="q"},39
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 29 2c 6f 6e 54 6f 75 63 68 6d 6f 76 65 3a 65 5b 32 5d 7c 7c 28 65 5b 32 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 6f 6e 54 6f 75 63 68 6d 6f 76 65 26 26 74 2e 6f 6e 54 6f 75 63 68 6d 6f 76 65 2e 61 70 70 6c 79 28 74 2c 61 72 67 75 6d 65 6e 74 73 29 7d 29 7d 2c 74 2e 24 61 74 74 72 73 29 2c 5b 28 30 2c 72 2e 57 6d 29 28 69 2e 75 54 2c 7b 6e 61 6d 65 3a 22 66 61 64 65 22 7d 2c 7b 64 65 66 61 75 6c 74 3a 28 30 2c 72 2e 77 35 29 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 5b 28 30 2c 72 2e 77 79 29 28 28 30 2c 72 2e 5f 29 28 22 64 69 76 22 2c 7b 72 6f 6c 65 3a 22 62 75 74 74 6f 6e 22 2c 22 61 72 69 61 2d 6c 61 62 65 6c 22 3a 22 5c 75 35 31 37 33 5c 75 39 35 65 64 22 2c 63 6c 61 73 73 3a 28 30 2c 6f 2e 43 5f 29 28 22 22 2e
                                                                                                                                                                                                                        Data Ascii: ),onTouchmove:e[2]||(e[2]=function(){return t.onTouchmove&&t.onTouchmove.apply(t,arguments)})},t.$attrs),[(0,r.Wm)(i.uT,{name:"fade"},{default:(0,r.w5)((function(){return[(0,r.wy)((0,r._)("div",{role:"button","aria-label":"\u5173\u95ed",class:(0,o.C_)("".
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 64 74 5f 6d 61 69 6e 6c 6f 67 69 6e 5f 68 35 3a 22 22 2c 64 74 5f 71 71 3a 22 22 2c 64 74 5f 71 71 6f 70 65 6e 69 64 3a 22 22 2c 64 74 5f 77 78 6f 70 65 6e 69 64 3a 22 22 2c 64 74 5f 77 62 6f 70 65 6e 69 64 3a 22 22 2c 64 74 5f 6d 61 69 6e 6c 6f 67 69 6e 3a 22 22 7d 3b 21 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 45 4e 41 42 4c 45 5f 46 45 41 54 55 52 45 3d 22 31 22 7d 28 42 7c 7c 28 42 3d 7b 7d 29 29 2c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 74 2e 52 45 50 4f 52 54 5f 56 49 45 57 3d 22 72 65 70 6f 72 74 56 69 65 77 22 2c 74 2e 52 45 41 4c 54 49 4d 45 5f 44 45 42 55 47 3d 22 72 65 61 6c 54 69 6d 65 44 65 62 75 67 22 2c 74 2e 52 45 50 4f 52 54 5f 56 49 45 57 5f 53 45 54 5f 54 4f 4b 45 4e 3d 22 73 65 74 54 6f 6b 65 6e 22 2c 74 2e 52 45 50 4f 52 54 5f 56 49 45
                                                                                                                                                                                                                        Data Ascii: dt_mainlogin_h5:"",dt_qq:"",dt_qqopenid:"",dt_wxopenid:"",dt_wbopenid:"",dt_mainlogin:""};!function(t){t.ENABLE_FEATURE="1"}(B||(B={})),function(t){t.REPORT_VIEW="reportView",t.REALTIME_DEBUG="realTimeDebug",t.REPORT_VIEW_SET_TOKEN="setToken",t.REPORT_VIE
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 2e 6b 65 79 50 61 74 68 2c 74 2e 6f 70 74 69 6f 6e 73 29 7d 29 29 7d 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 53 74 6f 72 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 74 26 26 28 74 3d 22 72 65 61 64 6f 6e 6c 79 22 29 2c 6e 75 6c 6c 3d 3d 3d 28 65 3d 74 68 69 73 2e 64 62 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 2e 74 72 61 6e 73 61 63 74 69 6f 6e 28 74 68 69 73 2e 73 74 6f 72 65 4e 61 6d 65 2c 74 29 2e 6f 62 6a 65 63 74 53 74 6f 72 65 28 74 68 69 73 2e 73 74 6f 72 65 4e 61 6d 65 29 7d 2c 74 7d 28 29 2c 6b 3d 22 65 76 65 6e 74 5f 74 61 62 6c 65 5f 76 33 22 2c 49 3d 22 65 76 65 6e 74 49 64 22 2c 53 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20
                                                                                                                                                                                                                        Data Ascii: .keyPath,t.options)}))}},t.prototype.getStore=function(t){var e;return void 0===t&&(t="readonly"),null===(e=this.db)||void 0===e?void 0:e.transaction(this.storeName,t).objectStore(this.storeName)},t}(),k="event_table_v3",I="eventId",S=function(){function
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 6f 72 28 22 36 30 34 22 2c 22 69 6e 73 65 72 74 45 76 65 6e 74 20 66 61 69 6c 21 22 29 7d 29 29 2e 63 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 2e 5f 6e 6f 72 6d 61 6c 4c 6f 67 50 69 70 65 6c 69 6e 65 28 72 2e 61 73 73 65 6d 62 6c 65 44 61 74 61 28 69 29 29 7d 29 29 7d 7d 7d 2c 72 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 6e 53 65 6e 64 42 65 61 63 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 69 66 28 74 68 69 73 2e 69 73 55 6e 64 65 72 49 45 29 74 68 69 73 2e 65 72 72 6f 72 52 65 70 6f 72 74 2e 72 65 70 6f 72 74 45 72 72 6f 72 28 22 36 30 35 22 2c 22 55 6e 64 65 72 49 45 22 29 3b 65 6c 73 65 7b 76 61 72 20 6e 3d 74 68 69 73 2e 61 73 73 65 6d 62 6c 65 44 61 74 61 28 74 68 69 73 2e 67 65 6e 65 72 61 74 65 44 61 74 61 28 74 2c 65 2c 21 30 29
                                                                                                                                                                                                                        Data Ascii: or("604","insertEvent fail!")})).catch((function(t){r._normalLogPipeline(r.assembleData(i))}))}}},r.prototype.onSendBeacon=function(t,e){if(this.isUnderIE)this.errorReport.reportError("605","UnderIE");else{var n=this.assembleData(this.generateData(t,e,!0)
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 2c 65 72 72 5f 6d 65 73 73 61 67 65 3a 74 7d 29 7d 29 29 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6c 75 73 68 52 65 70 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 63 68 61 6e 6e 65 6c 52 65 61 64 79 26 26 74 68 69 73 2e 76 69 73 69 62 69 6c 69 74 79 52 65 61 64 79 29 66 6f 72 28 76 61 72 20 74 3d 6e 75 6c 6c 3b 74 3d 74 68 69 73 2e 70 6f 6f 6c 2e 73 68 69 66 74 28 29 3b 29 74 2e 63 61 6c 6c 28 74 68 69 73 29 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 70 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 2c 6e 3d 74 2e 75 69 64 2c 72 3d 73 28 74 2c 5b 22 75 69 64 22 5d 29 2c 69 3d 61 28 7b 75 69 64 3a 6e 7d 2c 72 29 2c 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 2c 6e 2c 6f 3b 65 2e 63
                                                                                                                                                                                                                        Data Ascii: ,err_message:t})}))},e.prototype.flushReport=function(){if(this.channelReady&&this.visibilityReady)for(var t=null;t=this.pool.shift();)t.call(this)},e.prototype.report=function(t){var e=this,n=t.uid,r=s(t,["uid"]),i=a({uid:n},r),o=function(){var t,n,o;e.c
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 69 26 26 28 72 2e 65 6c 2e 5f 5f 72 65 63 68 61 73 68 3d 69 2c 72 2e 72 65 63 61 6c 63 28 29 2c 6e 2e 72 6f 6f 74 21 3d 3d 72 29 29 66 6f 72 28 76 61 72 20 6f 3d 72 2e 70 61 72 65 6e 74 3f 72 2e 70 61 72 65 6e 74 2e 63 68 69 6c 64 72 65 6e 3a 5b 5d 2c 61 3d 6f 2e 69 6e 64 65 78 4f 66 28 72 29 2c 73 3d 6f 2e 6c 65 6e 67 74 68 3b 61 3c 73 3b 29 7b 76 61 72 20 6c 3d 6f 5b 61 5d 3b 69 66 28 4e 74 28 6c 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 2c 6e 3d 74 3b 28 6e 75 6c 6c 3d 3d 6e 3f 76 6f 69 64 20 30 3a 6e 2e 65 6c 29 26 26 28 6e 75 6c 6c 3d 3d 3d 28 65 3d 6e 2e 65 6c 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 65 3f 76 6f 69 64 20 30 3a 65 2e 5f 5f 72 65 63 68 61 73 68 29 21 3d 3d 69 26 26 28 6e 2e 65 6c 2e 5f 5f 72 65 63 68 61 73 68 3d 69 2c 6e 2e
                                                                                                                                                                                                                        Data Ascii: i&&(r.el.__rechash=i,r.recalc(),n.root!==r))for(var o=r.parent?r.parent.children:[],a=o.indexOf(r),s=o.length;a<s;){var l=o[a];if(Nt(l,(function(t){var e,n=t;(null==n?void 0:n.el)&&(null===(e=n.el)||void 0===e?void 0:e.__rechash)!==i&&(n.el.__rechash=i,n.
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 4f 4e 45 5c 73 50 6c 75 73 29 2f 69 2c 2f 28 4d 31 29 5c 73 42 75 69 6c 64 2f 69 2c 2f 28 48 4d 5c 64 2b 29 2f 69 2c 2f 58 69 61 6f 6d 69 5b 5c 73 5f 5d 3f 28 5b 5c 77 5f 5d 2b 29 2f 69 5d 2c 5b 5b 59 74 2c 2f 5f 2f 67 2c 22 20 22 5d 2c 5b 74 65 2c 22 58 69 61 6f 6d 69 22 5d 2c 5b 58 74 2c 72 65 5d 5d 2c 5b 2f 61 6e 64 72 6f 69 64 2e 2b 28 6d 69 5b 5c 73 5c 2d 5f 5d 3f 28 3f 3a 70 61 64 29 28 3f 3a 5b 5c 73 5f 5d 3f 5b 5c 77 5c 73 5d 2b 29 29 28 3f 3a 5c 73 62 75 69 6c 64 7c 5c 29 29 2f 69 5d 2c 5b 5b 59 74 2c 2f 5f 2f 67 2c 22 20 22 5d 2c 5b 74 65 2c 22 58 69 61 6f 6d 69 22 5d 2c 5b 58 74 2c 69 65 5d 5d 2c 5b 2f 61 6e 64 72 6f 69 64 2e 2b 3b 5c 73 28 6d 5b 31 2d 35 5d 5c 73 6e 6f 74 65 29 5c 73 62 75 69 6c 64 2f 69 5d 2c 5b 59 74 2c 5b 74 65 2c 22 4d 65
                                                                                                                                                                                                                        Data Ascii: ONE\sPlus)/i,/(M1)\sBuild/i,/(HM\d+)/i,/Xiaomi[\s_]?([\w_]+)/i],[[Yt,/_/g," "],[te,"Xiaomi"],[Xt,re]],[/android.+(mi[\s\-_]?(?:pad)(?:[\s_]?[\w\s]+))(?:\sbuild|\))/i],[[Yt,/_/g," "],[te,"Xiaomi"],[Xt,ie]],[/android.+;\s(m[1-5]\snote)\sbuild/i],[Yt,[te,"Me
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 69 73 2e 6f 62 73 65 72 76 65 72 2e 72 65 70 6f 72 74 54 72 65 65 2e 64 65 74 61 63 68 44 6f 6d 28 6f 29 2c 74 68 69 73 2e 66 69 72 73 74 50 56 52 65 70 6f 72 74 4d 61 70 5b 69 5d 3d 6e 75 6c 6c 2c 74 68 69 73 29 3a 74 68 69 73 7d 2c 65 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 44 6f 6d 50 61 67 65 50 61 72 61 6d 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 3d 52 2e 70 61 72 73 65 28 6e 75 6c 6c 21 3d 3d 28 6e 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 74 2d 70 61 72 61 6d 73 22 29 29 26 26 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 3a 22 22 29 3b 69 66 28 6f 2e 72 65 66 5f 70 67 29 7b 76 61 72 20 73 3d 52 2e 70 61 72 73 65 28 6f 2e 72 65 66 5f 70 67 29 3b 6f 2e 72 65 66 5f 70 67 3d 73 2e 70 67 69 64 3f 73 3a 7b 7d
                                                                                                                                                                                                                        Data Ascii: is.observer.reportTree.detachDom(o),this.firstPVReportMap[i]=null,this):this},e.prototype.getDomPageParams=function(t,e){var n,r,i,o=R.parse(null!==(n=e.getAttribute("dt-params"))&&void 0!==n?n:"");if(o.ref_pg){var s=R.parse(o.ref_pg);o.ref_pg=s.pgid?s:{}
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 69 6f 6e 28 74 2c 65 2c 6e 29 7b 6e 28 31 37 30 33 29 3b 76 61 72 20 72 3d 6e 28 35 34 36 31 29 2c 69 3d 6e 28 34 32 38 38 29 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 74 29 7b 74 68 69 73 2e 6d 6f 64 65 3d 72 2e 4b 41 4e 4a 49 2c 74 68 69 73 2e 64 61 74 61 3d 74 7d 6f 2e 67 65 74 42 69 74 73 4c 65 6e 67 74 68 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 31 33 2a 74 7d 2c 6f 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 4c 65 6e 67 74 68 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 64 61 74 61 2e 6c 65 6e 67 74 68 7d 2c 6f 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 42 69 74 73 4c 65 6e 67 74 68 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 2e 67 65 74 42 69 74 73 4c 65 6e 67 74 68 28 74 68 69 73 2e 64 61 74 61
                                                                                                                                                                                                                        Data Ascii: ion(t,e,n){n(1703);var r=n(5461),i=n(4288);function o(t){this.mode=r.KANJI,this.data=t}o.getBitsLength=function(t){return 13*t},o.prototype.getLength=function(){return this.data.length},o.prototype.getBitsLength=function(){return o.getBitsLength(this.data


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        37192.168.2.749759119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC584OUTGET /im.qq.com_new/de9c920b/js/chunk-vendors.e3b9a42f.js HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC641INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:36 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 1023552
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:36 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 71fdca37897ccd769b1b5db4464c3c28
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 4f19d117-f750-4249-af99-1a154ccef499
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC15743INData Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 63 68 75 6e 6b 2d 76 65 6e 64 6f 72 73 2e 65 33 62 39 61 34 32 66 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 69 6d 5f 71 71 5f 63 6f 6d 5f 6e 65 77 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 39 39 38 5d 2c 7b 37 34 33 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 43 51 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 79 7d 2c 49 56 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 43 7d 2c 4c 4a 3a 66 75
                                                                                                                                                                                                                        Data Ascii: /*! For license information please see chunk-vendors.e3b9a42f.js.LICENSE.txt */(self.webpackChunkim_qq_com_new=self.webpackChunkim_qq_com_new||[]).push([[998],{7434:function(e,t,n){"use strict";n.d(t,{CQ:function(){return y},IV:function(){return C},LJ:fu
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6d 61 6a 6f 72 2b 22 2e 22 2b 74 68 69 73 2e 6d 69 6e 6f 72 2b 22 2e 22 2b 74 68 69 73 2e 70 61 74 63 68 7d 2c 65 7d 28 29 3b 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 72 65 74 75 72 6e 28 76 6f 69 64 20 30 3d 3d 3d 61 2e 64 65 66 61 75 6c 74 2e 6e 61 76 69 67 61 74 6f 72 7c 7c 21 61 2e 64 65 66 61 75 6c 74 2e 6e 61 76 69 67 61 74 6f 72 2e 74 65 73 74 4d 6f 63 6b 29 26 26 76 6f 69 64 20 30 21 3d 3d 61 2e 64 65 66 61 75 6c 74 2e 70 72 6f 63 65 73 73 26 26 6e 75 6c 6c 21 3d 3d 61 2e 64 65 66 61 75 6c 74 2e 70 72 6f 63 65 73 73 2e 76 65 72 73 69 6f 6e 73 26 26 76 6f 69 64 20 30 21 3d 3d 61 2e 64 65 66 61 75 6c 74 2e 70 72 6f 63 65 73 73 2e 76 65 72 73 69 6f 6e 73 2e 6e 6f 64 65 7d 66 75 6e 63 74 69 6f 6e 20 66 28 29
                                                                                                                                                                                                                        Data Ascii: (){return this.major+"."+this.minor+"."+this.patch},e}();function d(){return(void 0===a.default.navigator||!a.default.navigator.testMock)&&void 0!==a.default.process&&null!==a.default.process.versions&&void 0!==a.default.process.versions.node}function f()
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 2e 6d 69 64 64 6c 65 2c 66 3d 65 2e 76 65 72 74 69 63 61 6c 3b 69 66 28 72 26 26 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 72 29 2c 75 28 29 2c 21 65 2e 64 65 6c 61 79 26 26 21 64 26 26 21 66 26 26 22 51 51 22 3d 3d 3d 61 2e 67 65 74 43 6c 69 65 6e 74 28 29 26 26 77 69 6e 64 6f 77 2e 6d 71 71 29 72 65 74 75 72 6e 20 70 3d 22 73 75 63 63 22 3d 3d 3d 65 2e 69 63 6f 6e 54 79 70 65 3f 69 2e 73 75 63 63 3a 22 66 61 69 6c 22 3d 3d 3d 65 2e 69 63 6f 6e 54 79 70 65 3f 69 2e 66 61 69 6c 3a 69 2e 73 75 63 63 2c 76 6f 69 64 28 6e 75 6c 6c 3d 3d 3d 28 6e 3d 6e 75 6c 6c 3d 3d 3d 28 74 3d 77 69 6e 64 6f 77 2e 6d 71 71 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 75 69 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 6e 7c 7c 6e 2e 73 68 6f 77 54 69 70 73 28 7b
                                                                                                                                                                                                                        Data Ascii: .middle,f=e.vertical;if(r&&clearTimeout(r),u(),!e.delay&&!d&&!f&&"QQ"===a.getClient()&&window.mqq)return p="succ"===e.iconType?i.succ:"fail"===e.iconType?i.fail:i.succ,void(null===(n=null===(t=window.mqq)||void 0===t?void 0:t.ui)||void 0===n||n.showTips({
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 20 76 28 65 29 7b 76 61 72 20 74 3d 65 3b 72 65 74 75 72 6e 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 28 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 28 22 4c 6f 61 64 69 6e 67 20 63 6f 6e 66 69 67 75 72 61 74 69 6f 6e 20 66 72 6f 6d 20 22 2e 63 6f 6e 63 61 74 28 65 29 29 3b 74 72 79 7b 72 65 74 75 72 6e 20 4a 53 4f 4e 2e 70 61 72 73 65 28 6f 2e 72 65 61 64 46 69 6c 65 53 79 6e 63 28 65 2c 22 75 74 66 38 22 29 29 7d 63 61 74 63 68 28 74 29 7b 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 27 50 72 6f 62 6c 65 6d 20 72 65 61 64 69 6e 67 20 63 6f 6e 66 69 67 20 66 72 6f 6d 20 66 69 6c 65 20 22 27 2e 63 6f 6e 63 61 74 28 65 2c 27 22 2e 20 45 72 72 6f 72 20 77 61 73 20 27 29 2e 63 6f 6e 63 61 74 28 74 2e 6d 65 73 73 61 67 65 29 2c 74 29 7d
                                                                                                                                                                                                                        Data Ascii: v(e){var t=e;return"string"==typeof t&&(t=function(e){r("Loading configuration from ".concat(e));try{return JSON.parse(o.readFileSync(e,"utf8"))}catch(t){throw new Error('Problem reading config from file "'.concat(e,'". Error was ').concat(t.message),t)}
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 68 69 73 2e 64 61 74 61 5b 72 28 65 29 5d 7d 2c 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 3d 3d 74 68 69 73 2e 64 61 74 61 5b 72 28 65 29 5d 7d 2c 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 64 65 6c 65 74 65 20 74 68 69 73 2e 64 61 74 61 5b 72 28 65 29 5d 2c 74 68 69 73 2e 73 69 7a 65 2d 3d 31 7d 2c 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 64 61 74 61 3d 7b 7d 2c 74 68 69 73 2e 73 69 7a 65 3d 30 7d 2c 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 74 20 69 6e 20 74 68 69
                                                                                                                                                                                                                        Data Ascii: his.data[r(e)]},n.prototype.has=function(e){return void 0!==this.data[r(e)]},n.prototype.delete=function(e){delete this.data[r(e)],this.size-=1},n.prototype.clear=function(){this.data={},this.size=0},n.prototype.values=function(){var e=[];for(var t in thi
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 53 74 72 69 6e 67 28 29 7d 29 2c 72 2e 70 75 73 68 28 7b 74 6f 6b 65 6e 3a 22 3a 72 65 66 65 72 72 65 72 22 2c 72 65 70 6c 61 63 65 6d 65 6e 74 3a 65 2e 68 65 61 64 65 72 73 2e 72 65 66 65 72 65 72 7c 7c 65 2e 68 65 61 64 65 72 73 2e 72 65 66 65 72 72 65 72 7c 7c 22 22 7d 29 2c 72 2e 70 75 73 68 28 7b 74 6f 6b 65 6e 3a 22 3a 68 74 74 70 2d 76 65 72 73 69 6f 6e 22 2c 72 65 70 6c 61 63 65 6d 65 6e 74 3a 22 22 2e 63 6f 6e 63 61 74 28 65 2e 68 74 74 70 56 65 72 73 69 6f 6e 4d 61 6a 6f 72 2c 22 2e 22 29 2e 63 6f 6e 63 61 74 28 65 2e 68 74 74 70 56 65 72 73 69 6f 6e 4d 69 6e 6f 72 29 7d 29 2c 72 2e 70 75 73 68 28 7b 74 6f 6b 65 6e 3a 22 3a 72 65 6d 6f 74 65 2d 61 64 64 72 22 2c 72 65 70 6c 61 63 65 6d 65 6e 74 3a 65 2e 68 65 61 64 65 72 73 5b 22 78 2d 66 6f 72
                                                                                                                                                                                                                        Data Ascii: String()}),r.push({token:":referrer",replacement:e.headers.referer||e.headers.referrer||""}),r.push({token:":http-version",replacement:"".concat(e.httpVersionMajor,".").concat(e.httpVersionMinor)}),r.push({token:":remote-addr",replacement:e.headers["x-for
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 6c 6f 61 64 73 74 61 72 74 3d 22 6c 6f 61 64 73 74 61 72 74 22 2c 65 2e 74 69 6d 65 75 70 64 61 74 65 3d 22 74 69 6d 65 75 70 64 61 74 65 22 2c 65 2e 64 75 72 61 74 69 6f 6e 63 68 61 6e 67 65 3d 22 64 75 72 61 74 69 6f 6e 63 68 61 6e 67 65 22 2c 65 2e 76 6f 6c 75 6d 65 63 68 61 6e 67 65 3d 22 76 6f 6c 75 6d 65 63 68 61 6e 67 65 22 2c 65 2e 63 61 6e 70 6c 61 79 3d 22 63 61 6e 70 6c 61 79 22 2c 65 2e 70 6c 61 79 69 6e 67 3d 22 70 6c 61 79 69 6e 67 22 2c 65 2e 70 61 75 73 65 3d 22 70 61 75 73 65 22 2c 65 2e 77 61 69 74 69 6e 67 3d 22 77 61 69 74 69 6e 67 22 2c 65 2e 73 65 65 6b 69 6e 67 3d 22 73 65 65 6b 69 6e 67 22 2c 65 2e 73 65 65 6b 65 64 3d 22 73 65 65 6b 65 64 22 2c 65 2e 6c 6f 61 64 65 64 64 61 74 61 3d 22 6c 6f
                                                                                                                                                                                                                        Data Ascii: unction(e){e.loadstart="loadstart",e.timeupdate="timeupdate",e.durationchange="durationchange",e.volumechange="volumechange",e.canplay="canplay",e.playing="playing",e.pause="pause",e.waiting="waiting",e.seeking="seeking",e.seeked="seeked",e.loadeddata="lo
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 6c 76 65 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 65 2e 73 74 61 74 65 3d 22 66 75 6c 66 69 6c 6c 65 64 22 2c 74 28 6e 29 7d 2c 65 2e 72 65 6a 65 63 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 65 2e 73 74 61 74 65 3d 22 72 65 6a 65 63 74 65 64 22 2c 6e 28 74 29 7d 7d 29 29 7d 2c 43 65 3d 62 65 2c 77 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 75 6e 63 74 69 6f 6e 20 74 28 74 29 7b 76 61 72 20 6e 3d 65 2e 63 61 6c 6c 28 74 68 69 73 29 7c 7c 74 68 69 73 3b 72 65 74 75 72 6e 20 74 2e 74 69 6d 65 6f 75 74 4d 53 3e 30 26 26 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 2e 72 65 6a 65 63 74 28 29 7d 29 2c 74 2e 74 69 6d 65 6f 75 74 4d 53 29 2c 6e 7d 72 65 74 75 72 6e 20 49 65 28 74 2c 65 29 2c 74 7d 28 62 65 29 2c 53
                                                                                                                                                                                                                        Data Ascii: lve=function(n){e.state="fulfilled",t(n)},e.reject=function(t){e.state="rejected",n(t)}}))},Ce=be,we=function(e){function t(t){var n=e.call(this)||this;return t.timeoutMS>0&&setTimeout((function(){return n.reject()}),t.timeoutMS),n}return Ie(t,e),t}(be),S
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 67 74 68 2c 21 30 29 2c 69 2b 3d 34 3b 76 61 72 20 75 3d 6e 65 77 20 55 69 6e 74 31 36 41 72 72 61 79 28 61 2c 69 2c 72 2e 6c 65 6e 67 74 68 29 3b 72 65 74 75 72 6e 20 75 2e 73 65 74 28 72 29 2c 69 2b 3d 75 2e 62 79 74 65 4c 65 6e 67 74 68 2c 73 2e 73 65 74 55 69 6e 74 33 32 28 69 2c 6e 2e 62 79 74 65 4c 65 6e 67 74 68 2c 21 30 29 2c 69 2b 3d 34 2c 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 61 2c 69 2c 6e 2e 62 79 74 65 4c 65 6e 67 74 68 29 2e 73 65 74 28 6e 29 2c 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 61 2c 30 2c 61 2e 62 79 74 65 4c 65 6e 67 74 68 29 7d 66 75 6e 63 74 69 6f 6e 20 58 65 28 65 29 7b 76 61 72 20 74 2c 6e 2c 72 3b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 3d 28 72 3d 6e 75 6c 6c 3d 3d 3d 28 6e 3d 6e 75 6c 6c 3d 3d 3d 28 74 3d 41 74 2e
                                                                                                                                                                                                                        Data Ascii: gth,!0),i+=4;var u=new Uint16Array(a,i,r.length);return u.set(r),i+=u.byteLength,s.setUint32(i,n.byteLength,!0),i+=4,new Uint8Array(a,i,n.byteLength).set(n),new Uint8Array(a,0,a.byteLength)}function Xe(e){var t,n,r;return null===(r=null===(n=null===(t=At.
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 2e 6c 6f 67 67 65 72 2e 77 61 72 6e 28 22 6c 69 63 65 6e 73 65 20 72 65 71 75 65 73 74 20 65 72 72 6f 72 22 2c 65 29 2c 6e 2e 65 6d 69 74 28 75 74 2c 7b 63 6f 64 65 3a 59 65 2e 4c 49 43 45 4e 53 45 5f 52 45 51 55 45 53 54 5f 46 41 49 4c 45 44 2c 6d 65 73 73 61 67 65 3a 22 5c 75 38 62 63 31 5c 75 34 65 36 36 5c 75 38 62 66 37 5c 75 36 63 34 32 5c 75 35 39 33 31 5c 75 38 64 32 35 22 7d 29 7d 29 29 7d 2c 74 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 71 75 65 73 74 46 50 53 4d 65 64 69 61 4b 65 79 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 6e 65 77 20 77 69 6e 64 6f 77 2e 57 65 62 4b 69 74 4d 65 64 69 61 4b 65 79 73 28 74 74 2e 46 61 69 72 50 6c 61 79 57 65 62 4b 69 74 29 3b 72 65 74 75 72 6e 20 74 68
                                                                                                                                                                                                                        Data Ascii: h((function(e){n.logger.warn("license request error",e),n.emit(ut,{code:Ye.LICENSE_REQUEST_FAILED,message:"\u8bc1\u4e66\u8bf7\u6c42\u5931\u8d25"})}))},t.prototype.requestFPSMediaKeys=function(){var e=new window.WebKitMediaKeys(tt.FairPlayWebKit);return th


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        38192.168.2.749758119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC577OUTGET /im.qq.com_new/de9c920b/js/mobile.0d250445.js HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC484INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:36 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 46621
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:36 GMT
                                                                                                                                                                                                                        Last-Modified: Thu, 08 Feb 2024 02:14:34 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 9b9727ed-600a-4010-b9d7-aefd5b0bba7a
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC15900INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 2c 69 3d 7b 32 30 32 39 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 69 2c 6e 29 7b 6e 28 36 39 39 32 29 2c 6e 28 38 36 37 34 29 2c 6e 28 37 37 32 37 29 3b 76 61 72 20 74 2c 61 2c 73 2c 6f 3d 6e 28 35 30 31 30 29 2c 72 3d 28 6e 28 34 39 31 36 29 2c 6e 28 35 33 30 36 29 2c 6e 28 34 37 36 35 29 2c 6e 28 39 36 35 33 29 2c 6e 28 33 33 39 36 29 29 2c 6c 3d 6e 28 36 36 32 33 29 2c 63 3d 6e 28 34 38 37 30 29 2c 64 3d 6e 28 35 36 37 38 29 2c 75 3d 28 6e 28 32 32 32 32 29 2c 6e 28 37 31 33 39 29 29 2c 76 3d 6e 28 35 30 38 32 29 2c 70 3d 28 6e 28 31 35 33 39 29 2c 4a 53 4f 4e 2e 70 61 72 73 65 28 27 5b 7b 22 6e 61 6d 65 22 3a 22 5c 75 36 63 65 38 5c 75 35 31 38 63 22 2c 22 6c 69 6e 6b
                                                                                                                                                                                                                        Data Ascii: !function(){"use strict";var e,i={2029:function(e,i,n){n(6992),n(8674),n(7727);var t,a,s,o=n(5010),r=(n(4916),n(5306),n(4765),n(9653),n(3396)),l=n(6623),c=n(4870),d=n(5678),u=(n(2222),n(7139)),v=n(5082),p=(n(1539),JSON.parse('[{"name":"\u6ce8\u518c","link
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 30 29 7d 3b 72 65 74 75 72 6e 28 30 2c 72 2e 62 76 29 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 71 3d 76 2e 73 74 61 74 65 2e 76 69 64 65 6f 55 72 6c 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 28 73 3d 6e 65 77 20 78 2e 5a 50 28 7b 63 6f 6e 74 61 69 6e 65 72 3a 22 23 69 6e 74 72 6f 5f 5f 70 6c 61 79 65 72 22 2c 61 75 74 6f 50 6c 61 79 50 6f 6c 69 63 79 3a 78 2e 5a 71 2e 49 4e 5f 4d 55 54 45 44 2c 70 72 65 6c 6f 61 64 54 79 70 65 3a 78 2e 75 50 2e 4d 45 54 41 5f 44 41 54 41 2c 6c 6f 6f 70 3a 21 31 2c 6d 69 6e 46 69 6c 6c 42 6c 61 63 6b 42 6f 72 64 65 72 3a 30 2c 76 69 64 65 6f 45 6c 65 6d 65 6e 74 43 6f 6e 66 69 67 3a 7b 70 6c 61 79 73 69 6e 6c 69 6e 65 3a 21 30 2c 61 69 72 70 6c 61 79 3a 21 30 7d 2c 63 74 72 6c 43 6f 6e 66 69 67 3a 7b 69 73 4d 6f 62 69 6c 65 3a 21
                                                                                                                                                                                                                        Data Ascii: 0)};return(0,r.bv)((function(){q=v.state.videoUrl,function(){(s=new x.ZP({container:"#intro__player",autoPlayPolicy:x.Zq.IN_MUTED,preloadType:x.uP.META_DATA,loop:!1,minFillBlackBorder:0,videoElementConfig:{playsinline:!0,airplay:!0},ctrlConfig:{isMobile:!
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC14337INData Raw: 72 2e 77 67 29 28 29 2c 28 30 2c 72 2e 69 44 29 28 22 64 69 76 22 2c 6b 65 2c 45 65 29 7d 5d 5d 29 2c 53 65 3d 7b 63 6c 61 73 73 3a 22 69 6e 74 69 6d 61 74 65 2d 62 6f 64 79 2d 77 72 61 70 70 65 72 22 7d 2c 42 65 3d 5b 28 30 2c 72 2e 75 45 29 28 27 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 6f 73 65 2d 66 72 69 65 6e 64 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6c 6f 73 65 2d 66 72 69 65 6e 64 2d 6c 61 62 65 6c 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6d 70 74 79 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 76 65 63 74 6f 72 2d 69 63 6f 6e 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 6c 6f 73 65 2d 66 72 69 65 6e 64 2d 74 65 78 74 22 3e 5c 75 35 62 63 36
                                                                                                                                                                                                                        Data Ascii: r.wg)(),(0,r.iD)("div",ke,Ee)}]]),Se={class:"intimate-body-wrapper"},Be=[(0,r.uE)('<div class="close-friend-container"><div class="close-friend-label"><div class="empty-container"><div class="vector-icon"></div></div><span class="close-friend-text">\u5bc6


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        39192.168.2.749764119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC569OUTGET /im.qq.com_new/de9c920b/css/mobile.c220a045.css HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: style
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC585INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:36 GMT
                                                                                                                                                                                                                        Content-Type: text/css
                                                                                                                                                                                                                        Content-Length: 89643
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:36 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: bcd00139d743e24c469b62737919d5ee
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 2dddf1ec-0146-429a-b04f-32d4820bb8ee
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC15799INData Raw: 2e 68 65 61 64 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 68 65 69 67 68 74 3a 2e 37 36 72 65 6d 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 2e 30 31 72 65 6d 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 31 29 7d 2e 68 65 61 64 65 72 5f 5f 6c 6f 67 6f 7b 6d 61 72 67 69 6e 3a 2e 32 72 65 6d 20 61 75 74 6f 3b 77 69 64 74 68 3a 2e 36 37 35 72 65 6d 3b 68 65 69 67 68 74 3a 2e 33 36 72 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 61 75 74 6f 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64
                                                                                                                                                                                                                        Data Ascii: .header{position:relative;height:.76rem;z-index:1000;border-bottom:.01rem solid rgba(0,0,0,.1)}.header__logo{margin:.2rem auto;width:.675rem;height:.36rem;background-size:100% auto;background-repeat:no-repeat;background-position:50%;background-image:url(d
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 6c 6f 77 3a 68 69 64 64 65 6e 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 2e 69 6e 74 72 6f 5f 5f 6d 61 73 6b 2e 61 70 70 2d 73 74 6f 72 65 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 2e 69 6e 74 72 6f 5f 5f 63 6f 6e 74 72 6f 6c 73 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 32 30 3b 74 6f 70 3a 2e 39 35 72 65 6d 3b 72 69 67 68 74 3a 2e 33 32 72 65 6d 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 69 6e 74 72 6f 5f 5f 63 6f 6e 74 72 6f 6c 73 5f 5f 6d 61 78 69 6d 69 7a 65 2c 2e 69 6e 74 72 6f 5f 5f 63 6f 6e 74 72 6f 6c 73 5f 5f 6d 75 74 65 64 2c 2e 69 6e 74 72 6f 5f 5f 63 6f 6e 74 72 6f 6c 73 5f 5f 70 61 75 73 65 2c
                                                                                                                                                                                                                        Data Ascii: low:hidden;background-color:rgba(0,0,0,.2)}.intro__mask.app-store{height:100%}.intro__controls{position:absolute;z-index:20;top:.95rem;right:.32rem;display:flex;align-items:center}.intro__controls__maximize,.intro__controls__muted,.intro__controls__pause,
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 31 32 70 6b 43 73 32 68 51 44 38 70 76 39 53 43 73 6a 77 57 6c 49 46 76 2b 51 69 6a 73 73 63 70 47 4b 41 5a 6d 58 59 79 6d 54 72 57 38 6c 64 48 5a 44 59 4a 35 79 2b 42 32 63 79 35 73 50 61 6c 4f 52 53 4f 6f 6d 5a 4d 5a 2f 6d 68 49 42 49 4d 39 2b 35 50 45 68 6a 39 54 46 4d 73 54 47 4a 41 68 79 7a 62 37 75 6f 35 41 38 68 41 61 62 6d 5a 53 43 35 68 37 63 75 43 4c 4a 73 58 4a 39 78 74 42 44 42 6e 47 34 66 4a 6a 2f 47 2b 38 67 39 7a 54 43 58 6c 70 34 38 79 4d 74 31 64 76 64 37 44 2b 7a 6b 5a 59 44 4e 55 4a 51 4e 73 51 6b 31 6b 37 6f 69 38 66 35 65 6b 6d 54 78 47 52 6c 6c 44 2b 53 55 2b 63 79 6f 4e 59 6d 68 46 73 37 61 51 2b 76 50 38 63 69 74 72 78 6a 41 79 4e 7a 62 64 4d 43 68 47 61 6c 2b 36 49 4c 4e 46 54 34 62 57 4d 6f 33 4d 58 69 4f 5a 62 4e 5a 57 6a 72 56
                                                                                                                                                                                                                        Data Ascii: 12pkCs2hQD8pv9SCsjwWlIFv+QijsscpGKAZmXYymTrW8ldHZDYJ5y+B2cy5sPalORSOomZMZ/mhIBIM9+5PEhj9TFMsTGJAhyzb7uo5A8hAabmZSC5h7cuCLJsXJ9xtBDBnG4fJj/G+8g9zTCXlp48yMt1dvd7D+zkZYDNUJQNsQk1k7oi8f5ekmTxGRllD+SU+cyoNYmhFs7aQ+vP8citrxjAyNzbdMChGal+6ILNFT4bWMo3MXiOZbNZWjrV
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 4b 68 51 78 43 64 7a 30 39 31 62 57 55 57 75 73 54 76 42 56 42 71 6a 6c 46 66 49 58 41 6f 30 33 6f 77 31 30 48 70 6e 49 4d 6d 54 6e 6a 63 58 6f 35 36 37 4f 33 72 51 4c 55 49 6c 46 69 47 4f 6a 75 78 48 72 2f 39 2b 58 6d 6d 43 57 34 5a 34 6d 6b 6d 68 6c 32 5a 6f 6f 41 62 69 64 45 36 63 34 34 47 64 45 7a 77 55 6c 6a 35 33 35 38 6c 44 71 35 57 4c 38 37 47 35 57 7a 35 2f 6a 50 6f 75 6a 38 33 32 66 35 2b 4f 52 65 6f 38 75 4b 6d 61 54 45 30 56 44 56 70 2b 54 2b 53 78 51 65 2b 6a 53 64 56 72 6d 33 43 33 4e 4b 62 6a 36 59 4a 51 47 4c 52 63 37 50 33 41 73 36 58 7a 6c 72 70 38 65 66 6b 49 6f 6a 6b 76 51 61 42 57 4c 56 52 45 36 79 42 67 37 67 79 79 58 5a 6b 41 2b 66 48 2f 5a 78 69 2b 37 59 4a 30 4d 61 47 2b 5a 4f 37 39 50 59 42 6d 51 31 30 42 6f 63 62 67 48 2b 44 67
                                                                                                                                                                                                                        Data Ascii: KhQxCdz091bWUWusTvBVBqjlFfIXAo03ow10HpnIMmTnjcXo567O3rQLUIlFiGOjuxHr/9+XmmCW4Z4mkmhl2ZooAbidE6c44GdEzwUlj5358lDq5WL87G5Wz5/jPouj832f5+OReo8uKmaTE0VDVp+T+SxQe+jSdVrm3C3NKbj6YJQGLRc7P3As6Xzlrp8efkIojkvQaBWLVRE6yBg7gyyXZkA+fH/Zxi+7YJ0MaG+ZO79PYBmQ10BocbgH+Dg
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC16384INData Raw: 77 69 64 74 68 3a 33 2e 33 32 35 36 72 65 6d 3b 68 65 69 67 68 74 3a 37 2e 31 39 34 36 72 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 64 65 39 63 39 32 30 62 2f 69 6d 67 2f 66 65 61 74 75 72 65 2d 66 75 6c 6c 2d 67 72 6f 75 70 2d 73 77 69 74 63 68 2e 37 61 30 61 66 65 33 35 2e 70 6e 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 31 34 34 2e 37 32 25 2c 2d 35 30 25 29 3b 7a 2d 69 6e 64 65 78 3a 31 36 7d 2e 67 72 6f 75 70 2d 62 6f 64 79 2d 77 72 61 70 70 65 72 20 2e 66 65 61 74 75 72 65 2d 66 75 6c 6c 2d 67 72 6f 75 70 2d 73 77 69 74 63 68 2c 2e 67 72 6f 75 70 2d 62 6f 64 79 2d 77 72 61 70
                                                                                                                                                                                                                        Data Ascii: width:3.3256rem;height:7.1946rem;background-image:url(https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/feature-full-group-switch.7a0afe35.png);transform:translate(-144.72%,-50%);z-index:16}.group-body-wrapper .feature-full-group-switch,.group-body-wrap
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC8308INData Raw: 6e 2d 74 65 78 74 7b 6d 61 72 67 69 6e 3a 2e 30 36 72 65 6d 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 68 65 69 67 68 74 3a 2e 38 36 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 32 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 2e 34 32 38 33 72 65 6d 3b 63 6f 6c 6f 72 3a 23 61 35 61 35 61 35 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 63 6c 69 70 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 3b 7a 2d 69 6e 64 65 78 3a 33 7d 2e 6e 74 2d 62 6f 64 79 2d 77 72 61 70 70 65 72 20 2e 72 65 73 6f 75 72 63 65 2d 69 6d 61 67 65 2d 33 37 35 35 61 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 35 30 25 3b 6c 65 66 74 3a 35 30 25 3b 77 69
                                                                                                                                                                                                                        Data Ascii: n-text{margin:.06rem auto 0 auto;height:.86rem;font-size:.28rem;font-weight:500;line-height:.4283rem;color:#a5a5a5;overflow:hidden;text-overflow:clip;white-space:nowrap;z-index:3}.nt-body-wrapper .resource-image-3755a{position:absolute;top:50%;left:50%;wi


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        40192.168.2.749762119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC541OUTGET /library/latest/qqapi/qqapi.wk.js HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC481INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:36 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 70935
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=666
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 08:02:42 GMT
                                                                                                                                                                                                                        Last-Modified: Mon, 26 Jun 2023 09:39:25 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 81438632-79f2-4be7-80ee-b8aabad8fad7
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: false
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC15903INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3d 62 28 74 68 69 73 5b 61 5d 3d 74 68 69 73 5b 61 5d 7c 7c 7b 7d 29 3b 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 28 64 65 66 69 6e 65 2e 61 6d 64 7c 7c 64 65 66 69 6e 65 2e 63 6d 64 29 3f 64 65 66 69 6e 65 28 64 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 28 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 64 29 7d 28 22 6d 71 71 22 2c 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 63 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 3b 66 6f 72 28 64 20 69 6e 20 62 29 28 62 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 28 64 29 26 26 21 28 64 20 69 6e 20 61 29 7c 7c 63
                                                                                                                                                                                                                        Data Ascii: !function(a,b,c){var d=b(this[a]=this[a]||{});"function"==typeof define&&(define.amd||define.cmd)?define(d):"object"==typeof module&&(module.exports=d)}("mqq",function(a,b){"use strict";function c(a,b,c){var d;for(d in b)(b.hasOwnProperty(d)&&!(d in a)||c
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 72 42 75 73 69 6e 65 73 73 22 2c 7b 62 69 64 3a 61 2c 73 6f 75 72 63 65 49 64 3a 62 2c 63 61 6c 6c 62 61 63 6b 3a 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 63 29 7d 29 7d 2c 61 6e 64 72 6f 69 64 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 2c 21 30 29 3b 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 63 6f 75 70 6f 6e 22 2c 22 61 64 64 46 61 76 6f 75 72 42 75 73 69 6e 65 73 73 22 2c 61 2e 62 69 64 2c 61 2e 73 6f 75 72 63 65 49 64 2c 63 29 7d 2c 73 75 70 70 6f 72 74 49 6e 76 6f 6b 65 3a 21 30 2c 73 75 70 70 6f 72 74 3a 7b 69 4f 53 3a 22 34 2e 36 22 2c 61 6e 64 72 6f 69 64 3a 22 34 2e 36 22 7d 7d 29 2c 6d 71 71 2e 62 75 69 6c 64 28 22 6d 71 71 2e 63 6f 75 70 6f 6e 2e 67 6f 54 6f 43 6f 75 70 6f
                                                                                                                                                                                                                        Data Ascii: rBusiness",{bid:a,sourceId:b,callback:mqq.callback(c)})},android:function(a,b){var c=mqq.callback(b,!0);mqq.invokeClient("coupon","addFavourBusiness",a.bid,a.sourceId,c)},supportInvoke:!0,support:{iOS:"4.6",android:"4.6"}}),mqq.build("mqq.coupon.goToCoupo
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 63 61 6c 6c 62 61 63 6b 3a 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 61 29 7d 29 7d 2c 73 75 70 70 6f 72 74 49 6e 76 6f 6b 65 3a 21 30 2c 73 75 70 70 6f 72 74 3a 7b 69 4f 53 3a 22 34 2e 35 22 7d 7d 29 2c 6d 71 71 2e 62 75 69 6c 64 28 22 6d 71 71 2e 64 65 76 69 63 65 2e 67 65 74 44 65 76 69 63 65 49 6e 66 6f 22 2c 7b 69 4f 53 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 6d 71 71 2e 5f 5f 69 73 57 4b 57 65 62 56 69 65 77 29 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 64 65 76 69 63 65 22 2c 22 67 65 74 44 65 76 69 63 65 49 6e 66 6f 22 2c 7b 63 61 6c 6c 62 61 63 6b 3a 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 61 29 7d 29 3b 65 6c 73 65 7b 69 66 28 6d 71 71 2e 63 6f 6d 70 61 72 65 28 34 2e 37 29 3e 3d 30 29 72 65 74 75 72 6e 20 6d 71 71 2e 69 6e 76 6f
                                                                                                                                                                                                                        Data Ascii: callback:mqq.callback(a)})},supportInvoke:!0,support:{iOS:"4.5"}}),mqq.build("mqq.device.getDeviceInfo",{iOS:function(a){if(mqq.__isWKWebView)mqq.invokeClient("device","getDeviceInfo",{callback:mqq.callback(a)});else{if(mqq.compare(4.7)>=0)return mqq.invo
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC16384INData Raw: 5b 63 5b 64 5d 5d 29 72 65 74 75 72 6e 20 62 28 7b 63 6f 64 65 3a 2d 31 2c 65 72 72 6f 72 4d 65 73 73 61 67 65 3a 22 70 61 72 61 6d 73 20 69 6e 76 61 6c 69 64 22 7d 29 2c 62 3d 6e 75 6c 6c 2c 21 31 3b 6d 71 71 2e 72 65 64 70 6f 69 6e 74 2e 69 73 45 6e 74 65 72 46 72 6f 6d 52 65 64 50 6f 69 6e 74 28 7b 70 61 74 68 3a 61 2e 70 61 74 68 7d 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 30 3d 3d 63 2e 63 6f 64 65 26 26 31 3d 3d 63 2e 64 61 74 61 3f 28 62 26 26 28 61 2e 63 61 6c 6c 62 61 63 6b 3d 6d 71 71 2e 63 61 6c 6c 62 61 63 6b 28 62 2c 21 30 29 29 2c 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 72 65 64 70 6f 69 6e 74 22 2c 22 72 65 70 6f 72 74 42 75 73 69 6e 65 73 73 52 65 64 54 6f 75 63 68 22 2c 61 29 29 3a 28 62 28 7b 63 6f 64 65 3a 2d 31 2c 65 72 72
                                                                                                                                                                                                                        Data Ascii: [c[d]])return b({code:-1,errorMessage:"params invalid"}),b=null,!1;mqq.redpoint.isEnterFromRedPoint({path:a.path},function(c){0==c.code&&1==c.data?(b&&(a.callback=mqq.callback(b,!0)),mqq.invokeClient("redpoint","reportBusinessRedTouch",a)):(b({code:-1,err
                                                                                                                                                                                                                        2024-02-16 07:51:36 UTC5880INData Raw: 3b 6d 71 71 2e 61 70 70 2e 69 73 41 70 70 49 6e 73 74 61 6c 6c 65 64 28 22 63 6f 6d 2e 74 65 6e 63 65 6e 74 2e 6d 6d 22 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 62 3f 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 51 51 41 70 69 22 2c 22 73 68 61 72 65 4d 73 67 22 2c 61 29 3a 6d 71 71 2e 73 75 70 70 6f 72 74 28 22 6d 71 71 2e 75 69 2e 73 68 6f 77 54 69 70 73 22 29 3f 6d 71 71 2e 75 69 2e 73 68 6f 77 54 69 70 73 28 7b 74 65 78 74 3a 63 7d 29 3a 61 6c 65 72 74 28 63 29 7d 29 7d 65 6c 73 65 20 6d 71 71 2e 69 6e 76 6f 6b 65 43 6c 69 65 6e 74 28 22 51 51 41 70 69 22 2c 22 73 68 61 72 65 4d 73 67 22 2c 61 29 7d 2c 73 75 70 70 6f 72 74 49 6e 76 6f 6b 65 3a 21 30 2c 73 75 70 70 6f 72 74 3a 7b 69 4f 53 3a 22 34 2e 37 2e 32 22 2c 61 6e 64 72 6f 69 64 3a 22 34
                                                                                                                                                                                                                        Data Ascii: ;mqq.app.isAppInstalled("com.tencent.mm",function(b){b?mqq.invokeClient("QQApi","shareMsg",a):mqq.support("mqq.ui.showTips")?mqq.ui.showTips({text:c}):alert(c)})}else mqq.invokeClient("QQApi","shareMsg",a)},supportInvoke:!0,support:{iOS:"4.7.2",android:"4


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        41192.168.2.749766129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:37 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069896531&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:38 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:38 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:38 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        42192.168.2.749775211.152.148.324437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:38 UTC635OUTGET /qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp HTTP/1.1
                                                                                                                                                                                                                        Host: cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC538INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:39 GMT
                                                                                                                                                                                                                        Content-Type: image/webp
                                                                                                                                                                                                                        Content-Length: 40692
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:38 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Feb 2023 07:41:56 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 79791bae-116a-4f3f-94c3-6968cf916054
                                                                                                                                                                                                                        Vary: Accept
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC15846INData Raw: 52 49 46 46 ec 9e 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 a4 04 00 a3 04 00 41 4c 50 48 5b 00 00 00 01 0f 30 ff 11 11 42 41 db 46 0e 84 e3 8f f6 18 8c 9f 8e e8 ff 04 64 49 83 ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff 4e 02 00 56 50 38 20 6a 9e 00 00 10 2c 05 9d 01 2a a5 04 a4 04 3e 6d 32 96 49 24 25 af 2e a2 b0 49 d9 e0 0d 89 67 6e 73 bc 3a f1 fa bc 1a cb f9 6d b3 2d 3e 3e 39 bb 34 ef 74 f6 37 15 c5 c2 4d 0e 6e 0d ff f4 b8 a7 f7 4f fa 7c f0 b9 3b f3 7c 6f fd 87 fd c7 b0 3e 98 8f 97 a6 70 74 7d f4 19 fd 07 a5 4f fd be 93 7f a6 f4 f5 a0 bd c5 bb 7a e6 99 25 e5 1f 50 ef b5 ef b7 c9 de e2 f3 c6 7c
                                                                                                                                                                                                                        Data Ascii: RIFFWEBPVP8XALPH[0BAFdINVP8 j,*>m2I$%.Igns:m->>94t7MnO|;|o>pt}Oz%P|
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC16384INData Raw: 83 9d 3e 1e 3b 64 f0 19 f8 bc e5 af 95 6c 2d e2 1e 32 ad d6 b3 48 c2 cc bb d1 18 26 48 ec 3e ac 57 33 f0 95 e9 3f 79 bb 26 84 37 45 06 84 b8 43 fa 54 af 54 5c cc df 87 27 95 c2 8e cf 7c aa 38 3e 92 72 5c 91 ce 78 de 36 4d a0 41 0d b2 30 ea 11 70 08 a6 34 34 86 9e 7a 3c 9c c5 82 4b fe ba 2f f7 11 bf 49 b4 a1 89 7e 78 fe 8d 6a 2f 79 77 d7 9f 2b 61 70 2b 40 02 26 c4 60 53 e3 d6 59 90 c7 d2 64 fa 70 99 32 e1 30 44 14 28 40 00 bf de 28 10 92 63 f4 b0 93 a8 1b 3b 19 22 2f ff 7a 56 39 4b 18 97 dd f3 28 12 56 88 e5 72 77 79 31 04 56 c7 a9 32 be cc 4d a8 2e 6a a3 e3 ab a4 67 fb 0c c0 db 99 83 45 63 f4 8a d1 83 8c 0a 69 19 89 23 83 aa 94 05 1c 12 1f 62 a1 a2 ee 1b cc 64 4f 4f 55 6c aa 5e 39 63 ec 7d 0d 08 53 df 72 78 de b3 ad 26 a4 7e 1d 30 d9 67 62 fc b8 4b 33 b9
                                                                                                                                                                                                                        Data Ascii: >;dl-2H&H>W3?y&7ECTT\'|8>r\x6MA0p44z<K/I~xj/yw+ap+@&`SYdp20D(@(c;"/zV9K(Vrwy1V2M.jgEci#bdOOUl^9c}Srx&~0gbK3
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC8462INData Raw: 9f b8 e2 da 23 78 84 58 7b 6c 2c 7e 47 77 f8 a6 b2 76 2d 1e c6 63 84 69 bb d7 27 de 46 19 0a 09 6c a2 6f 91 4b c8 e1 12 55 db b5 59 56 cc c0 55 b3 99 35 87 d1 1c 0c 3f b9 40 36 78 cc 8c c3 d5 ac 15 4d b8 ce a0 74 fb c1 6b ce 02 46 2c 25 b2 32 47 1a 73 ce b7 9e ed ad b3 62 32 b3 83 10 60 c7 ea f1 39 d4 1d ed 76 d8 79 5c f7 dd c3 54 a6 f6 f6 31 fd 8c f2 74 9d 96 90 d1 30 db 00 1d 73 56 8a 39 34 19 42 d9 97 4f 75 64 b5 35 08 73 a2 36 5e 92 87 67 d6 09 64 d0 04 1b 39 f5 38 f2 c7 27 d3 b1 35 6f 72 f6 38 b8 40 70 54 3d b1 4d 3b de d5 71 c1 72 0a f0 f5 d6 a2 88 66 3e 86 7b 2e 35 27 ef d4 13 07 a2 42 6a 3a 2c ec b9 0a c1 58 84 69 ce 0d b0 8c 69 a5 41 f2 21 2b d9 5c b3 ae 19 d4 b0 24 cd 7d 6d 50 38 ad 0b f4 2e d0 e2 75 b2 92 60 14 96 92 ca cc 17 e2 ee 2c b7 e6 be
                                                                                                                                                                                                                        Data Ascii: #xX{l,~Gwv-ci'FloKUYVU5?@6xMtkF,%2Gsb2`9vy\T1t0sV94BOud5s6^gd98'5or8@pT=M;qrf>{.5'Bj:,XiiA!+\$}mP8.u`,


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        43192.168.2.74977043.129.115.2024437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:38 UTC732OUTGET / HTTP/1.1
                                                                                                                                                                                                                        Host: im.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                                                        Referer: https://im.qq.com/mobileqq/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=64fb0a5a1e6bde98b2cf602a7e28e948
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC315INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:39 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 271
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty/1.16.1.1
                                                                                                                                                                                                                        Last-Modified: Wed, 27 Dec 2023 08:43:33 GMT
                                                                                                                                                                                                                        ETag: "658be3b5-10f"
                                                                                                                                                                                                                        Cache-Control: max-age=600
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        x-request-time: 0.028
                                                                                                                                                                                                                        x-whistle-client-id: -,
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC271INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a 09 20 20 20 20 2f 2f 42 4a 5f 52 45 50 4f 52 54 2e 74 72 79 4a 73 28 29 2e 73 70 79 41 6c 6c 28 29 3b 0d 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6d 2e 71 71 2e 63 6f 6d 2f 69 6e 64 65 78 22 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a
                                                                                                                                                                                                                        Data Ascii: <!DOCTYPE html><html><head lang="en"> <meta charset="UTF-8"> <title></title> <script type="text/javascript"> //BJ_REPORT.tryJs().spyAll(); window.location.href="https://im.qq.com/index" </script></head><body>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        44192.168.2.749773119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC665OUTGET /im.qq.com_new/de9c920b/img/qq9.03144aa7.svg HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/mobile.c220a045.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        45192.168.2.749774119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC682OUTGET /im.qq.com_new/de9c920b/img/qq9_introduce_poster.afa30316.jpg HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/mobile.c220a045.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        46192.168.2.749771203.205.137.2364437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC704OUTGET /thumbplayer-offline-log.html?max_age=3600 HTTP/1.1
                                                                                                                                                                                                                        Host: v.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        47192.168.2.749772203.205.137.2364437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC718OUTGET /cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1 HTTP/1.1
                                                                                                                                                                                                                        Host: v.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        48192.168.2.749777101.33.21.914437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC537OUTGET /sdk/4.5.16/beacon_web.min.js HTTP/1.1
                                                                                                                                                                                                                        Host: beacon.cdn.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        49192.168.2.74976943.129.115.2024437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:39 UTC728OUTGET /index HTTP/1.1
                                                                                                                                                                                                                        Host: im.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=64fb0a5a1e6bde98b2cf602a7e28e948
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC247INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:39 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 169
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty/1.16.1.1
                                                                                                                                                                                                                        Location: http://im.qq.com/index/
                                                                                                                                                                                                                        x-request-time: 0.087
                                                                                                                                                                                                                        x-whistle-client-id: -,
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC169INData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 39 2e 39 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.19.9</center></body></html>


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        50192.168.2.749783211.152.148.454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC406OUTGET /qq-web/im.qq.com_new/e6f5fa0c/img/video-qq9-poster-mini.50cd77e7.png.webp HTTP/1.1
                                                                                                                                                                                                                        Host: cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC973INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:41 GMT
                                                                                                                                                                                                                        Content-Type: image/webp
                                                                                                                                                                                                                        Content-Length: 40692
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:40 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 15 Feb 2023 07:41:56 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 4715e605d5392b107868da49ec28e1aa
                                                                                                                                                                                                                        ETag: "2b17d75b6d85869e08d91fa63ad3a8c2"
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 13171790901348442466
                                                                                                                                                                                                                        x-cos-meta-source: ci-media
                                                                                                                                                                                                                        x-cos-request-id: NjVjZjE0MGRfYjQyZjJjMGJfOWUzZl83YTZlZWE4
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwNjc2MjY3OTI3MTY1NzU
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: f7d574cc-b231-4ce4-8138-8fcfc01d5879
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Miss
                                                                                                                                                                                                                        x-sername: cdn-go.cn
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Vary: Accept
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=4
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC15411INData Raw: 52 49 46 46 ec 9e 00 00 57 45 42 50 56 50 38 58 0a 00 00 00 10 00 00 00 a4 04 00 a3 04 00 41 4c 50 48 5b 00 00 00 01 0f 30 ff 11 11 42 41 db 46 0e 84 e3 8f f6 18 8c 9f 8e e8 ff 04 64 49 83 ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff f8 8f ff 4e 02 00 56 50 38 20 6a 9e 00 00 10 2c 05 9d 01 2a a5 04 a4 04 3e 6d 32 96 49 24 25 af 2e a2 b0 49 d9 e0 0d 89 67 6e 73 bc 3a f1 fa bc 1a cb f9 6d b3 2d 3e 3e 39 bb 34 ef 74 f6 37 15 c5 c2 4d 0e 6e 0d ff f4 b8 a7 f7 4f fa 7c f0 b9 3b f3 7c 6f fd 87 fd c7 b0 3e 98 8f 97 a6 70 74 7d f4 19 fd 07 a5 4f fd be 93 7f a6 f4 f5 a0 bd c5 bb 7a e6 99 25 e5 1f 50 ef b5 ef b7 c9 de e2 f3 c6 7c
                                                                                                                                                                                                                        Data Ascii: RIFFWEBPVP8XALPH[0BAFdINVP8 j,*>m2I$%.Igns:m->>94t7MnO|;|o>pt}Oz%P|
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC16384INData Raw: 3f 66 64 96 c2 54 c5 90 50 6d 65 c0 01 e7 c5 c4 5f 54 d9 cb f8 42 a0 4f 71 c5 8f db ed 45 c8 5d be ec c0 af 93 a1 1b 22 8c 0b 45 57 3d 81 b5 db ba 8e 17 d2 65 6e 0c 4f 3c 54 a0 ac ea 92 b7 a9 d2 13 61 0b 49 64 ee 0a f0 a6 87 d2 ae e6 11 d0 07 a5 79 13 d0 10 c9 0b a0 7d d7 3e c6 f6 d4 53 49 93 5d bf 87 31 fb 5f d7 48 49 44 c8 83 d5 d8 9d 32 0b 5e 96 d8 2b 46 96 52 24 46 e5 1f ab 97 60 1c 97 84 b9 04 29 4d 4c fb 43 39 9b 11 d6 7d 35 b7 0b 6c c7 59 f1 f0 cb 78 cb db 63 2b 29 a7 30 fb bb a8 39 2d a7 cb 2a 81 06 e9 53 52 12 6c d3 8c 85 24 7e eb c4 51 a4 35 81 a8 01 87 5c b5 cb e5 01 a2 89 ab 64 6f 9e c4 c8 1a 53 4a 53 ed c4 ae 0c e9 2f dd 97 95 cc 58 24 41 d8 45 7e ec 20 cc e9 f3 fa 3f 8e de bb 51 ef 6d 84 8e 42 43 4a 72 39 97 24 62 57 0a 74 8b 54 6f 69 51 33
                                                                                                                                                                                                                        Data Ascii: ?fdTPme_TBOqE]"EW=enO<TaIdy}>SI]1_HID2^+FR$F`)MLC9}5lYxc+)09-*SRl$~Q5\doSJS/X$AE~ ?QmBCJr9$bWtToiQ3
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC8897INData Raw: 82 77 da 8b 1c 66 d0 50 e5 bb c6 f8 e5 a6 53 2f f0 b1 f7 24 93 2c eb 39 7a db 32 4c a9 3f 69 93 ee b6 55 a1 ca cf 92 20 63 da 34 9f bb f7 23 94 76 05 cd a3 2d bd 77 8f d8 0e 25 0d 1e c1 f2 18 18 12 15 76 ca a1 30 b0 a8 3c f7 88 c0 4d 89 a2 09 cc f7 c4 0b 51 06 ae 07 ad d4 f4 6b 18 07 97 83 8a 0f 5a 6a 80 46 94 31 05 fc 3d 6e 88 aa 1c 74 e2 e2 b7 50 dc 4a 2e f0 00 02 1a 78 d9 50 f1 bc c0 06 d3 a6 53 18 1a 06 dd 27 ae 27 57 6f ff d5 d8 d6 cc bc e6 2f 53 ef 61 f5 2d fc f9 0d a3 a5 d0 a6 f1 f5 4b 65 c8 89 d1 ff e6 74 9a b6 e9 eb 81 0e 9d 9f 88 f6 be dd 48 63 2d 3d 1e a5 1a 5d 33 16 7d 59 b2 7a d5 37 83 6a 5f c7 10 07 59 88 73 83 02 d6 6b 4b 92 48 68 ba bc 76 ec 71 89 52 1e 17 96 f0 c0 d0 5e ab be e7 17 86 32 a1 94 4d cc d5 48 6e e1 7c 64 cc 0d b8 60 aa 6c 06
                                                                                                                                                                                                                        Data Ascii: wfPS/$,9z2L?iU c4#v-w%v0<MQkZjF1=ntPJ.xPS''Wo/Sa-KetHc-=]3}Yz7j_YskKHhvqR^2MHn|d`l


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        51192.168.2.749779129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:40 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=cc42f94c6f7fd389791138f95f3761c0; Expires=Fri, 16-Feb-2024 08:21:40 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        52192.168.2.749780129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:40 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=e9916ccef3fce24d07adeee8713f038a; Expires=Fri, 16-Feb-2024 08:21:40 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        53192.168.2.749778129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:40 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=25a01e3de5971878454511eaac9826d6; Expires=Fri, 16-Feb-2024 08:21:40 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        54192.168.2.749784129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:40 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069899531&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:41 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        55192.168.2.74978243.129.115.2024437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC699OUTGET /index/ HTTP/1.1
                                                                                                                                                                                                                        Host: im.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: document
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=64fb0a5a1e6bde98b2cf602a7e28e948
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC340INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:41 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 4374
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty/1.16.1.1
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        Last-Modified: Thu, 08 Feb 2024 02:14:31 GMT
                                                                                                                                                                                                                        ETag: "65c43907-1116"
                                                                                                                                                                                                                        Cache-Control: max-age=600
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        x-request-time: 0.026
                                                                                                                                                                                                                        x-whistle-client-id: -,
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC1079INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 43 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 54 65 6e 63 65 6e 74 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 51 51 32 30 32 33 e6 96 b0 e7 89 88 2c 51 51 32 30 32 33 e5 ae 98 e6 96 b9 e4 b8 8b e8 bd bd 2c 51 51 32 34 e5 91 a8 e5 b9 b4 2c 51 51 39 e9 a2 84 e7 ba a6 2c e6 89 8b e6 9c ba 51 51 e5 ae 98 e6 96 b9 e6 9c 80
                                                                                                                                                                                                                        Data Ascii: <!doctype html><html lang=""><head><meta charset="utf-8"/><meta name="Copyright" content="Tencent"/><meta http-equiv="X-UA-Compatible" content="ie=edge"/><meta name="keywords" content="QQ2023,QQ2023,QQ24,QQ9,QQ
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC3295INData Raw: 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 72 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 78 35 2d 70 61 67 65 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 70 74 70 61 67 65 22 2f 3e 3c 74 69 74 6c 65 3e 51 51 2d e8 bd bb e6 9d be e5 81 9a e8 87 aa e5 b7 b1 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74
                                                                                                                                                                                                                        Data Ascii: ype="image/x-icon"/><meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no,viewport-fit=cover"/><meta name="x5-pagetype" content="optpage"/><title>QQ-</title><meta name="format-det


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        56192.168.2.749788129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC644OUTPOST /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 1466
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC1466OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 30 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 39 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 5f 31 37 30 38 30 37 36 39 38 34 37 37 34 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"0","sdkId":"js","sdkVersion":"4.5.9-web","mainAppKey":"0WEB04SGH543EALS","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB04SGH543EALS_1708076984774","A1
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:41 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de; Expires=Fri, 16-Feb-2024 08:21:41 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 30 31 39 36 31 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069901961", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        57192.168.2.749792211.152.148.324437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:41 UTC587OUTGET /aegis/aegis-sdk/latest/aegis.min.js HTTP/1.1
                                                                                                                                                                                                                        Host: cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        If-Modified-Since: Thu, 18 Jan 2024 04:18:18 GMT
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC383INHTTP/1.1 304 Not Modified
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:42 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=666
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 08:02:47 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 635da270-89fb-4e75-ad1f-5b0fc1af2761
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: false
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Timing-Allow-Origin: *


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        58192.168.2.749791119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC565OUTGET /im.qq.com_new/de9c920b/css/pc.de353407.css HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: style
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:42 GMT
                                                                                                                                                                                                                        Content-Type: text/css
                                                                                                                                                                                                                        Content-Length: 357269
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:42 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 38b3d8f2889e7430bdd0ae10cd0046e7
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 463835c4-13ad-437b-89cc-f67d206dbcd0
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC15758INData Raw: 2e 6d 61 78 31 36 30 30 7b 6d 61 78 2d 77 69 64 74 68 3a 31 36 30 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 37 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 2e 74 6f 70 62 61 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 30 3b 74 6f 70 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 7a 2d 69 6e 64 65 78 3a 39 30 30 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 68 73 6c 61 28 30 2c 30 25 2c 31 30 30 25 2c 2e 30 38 29 7d 2e 74 6f 70 62 61 72 2c 2e 74 6f 70 70 69 63 7b 68 65 69 67 68 74 3a 36 34 70 78 7d 2e 74 6f 70 70 69 63 20 61 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 74 6f 70 70 69 63 20 61 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 30 39 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6f 70 61 63 69 74 79
                                                                                                                                                                                                                        Data Ascii: .max1600{max-width:1600px;min-width:1007px;margin:0 auto}.topbar{position:absolute;left:0;top:0;width:100%;z-index:900;border:1px solid hsla(0,0%,100%,.08)}.topbar,.toppic{height:64px}.toppic a{color:#fff}.toppic a:hover{color:#09f;font-weight:500;opacity
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC16384INData Raw: 67 64 7a 33 34 41 41 41 41 43 58 42 49 57 58 4d 41 41 41 73 54 41 41 41 4c 45 77 45 41 6d 70 77 59 41 41 41 41 41 58 4e 53 52 30 49 41 72 73 34 63 36 51 41 41 41 41 52 6e 51 55 31 42 41 41 43 78 6a 77 76 38 59 51 55 41 41 41 45 6a 53 55 52 42 56 48 67 42 35 56 54 52 44 59 4a 41 44 43 33 47 41 52 6a 42 45 52 78 42 4e 33 41 44 32 55 42 47 77 41 6c 67 41 33 55 43 52 73 41 4e 5a 49 4e 7a 41 39 32 67 76 6a 4d 39 55 37 45 59 44 4f 63 58 4c 33 6b 35 72 72 52 39 62 57 6b 67 6d 69 53 59 4f 66 4f 6b 32 45 44 53 46 43 78 5a 51 44 47 42 66 41 76 51 73 51 4c 46 41 6e 4c 74 77 4a 76 6b 64 64 45 45 75 69 4d 42 4b 72 46 39 43 45 69 48 6a 54 2b 31 50 64 48 4a 63 47 52 67 71 74 35 76 51 52 39 77 42 2f 64 4a 6b 6c 54 69 2b 30 79 4f 75 34 36 76 63 57 7a 41 4d 38 78 72 71 39
                                                                                                                                                                                                                        Data Ascii: gdz34AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAEjSURBVHgB5VTRDYJADC3GARjBERxBN3AD2UBGwAlgA3UCRsANZINzA92gvjM9U7EYDOcXL3k5rrR9bWkgmiSYOfOk2EDSFCxZQDGBfAvQsQLFAnLtwJvkddEEuiMBKrF9CEiHjT+1PdHJcGRgqt5vQR9wB/dJklTi+0yOu46vcWzAM8xrq9
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC16384INData Raw: 76 6f 43 47 2f 30 48 48 74 41 74 64 35 65 65 78 2f 54 4f 45 44 4e 6f 65 73 34 43 65 49 55 4e 2f 77 76 50 79 4f 6a 62 59 4b 4d 62 52 45 58 61 41 72 77 31 6d 32 54 34 50 62 44 68 6c 7a 4e 46 79 77 79 51 4b 67 64 6d 6c 34 61 59 59 31 51 62 48 2b 51 4e 58 39 41 79 36 58 6d 41 6e 57 44 66 6b 58 45 6e 6c 31 36 72 63 49 61 57 53 55 2b 41 48 7a 69 69 78 30 6d 74 61 79 4d 51 49 4b 30 68 36 49 31 35 51 59 2f 33 61 6c 36 74 38 56 69 64 6f 32 58 53 45 65 43 4e 6d 61 44 41 79 39 72 58 4b 2b 77 67 41 74 49 52 6f 43 69 48 6e 72 70 4d 61 59 49 2b 51 77 53 6b 49 63 43 2b 65 55 43 50 6f 39 72 58 46 33 69 46 70 30 6f 6a 41 74 49 49 52 52 79 61 54 37 54 71 47 64 65 38 57 75 4f 4a 75 6f 46 49 36 4c 34 48 48 4a 72 78 53 73 59 76 63 41 63 52 30 58 30 42 54 4d 30 6c 35 39 7a 34
                                                                                                                                                                                                                        Data Ascii: voCG/0HHtAtd5eex/TOEDNoes4CeIUN/wvPyOjbYKMbREXaArw1m2T4PbDhlzNFywyQKgdml4aYY1QbH+QNX9Ay6XmAnWDfkXEnl16rcIaWSU+AHziix0mtayMQIK0h6I15QY/3al6t8Vido2XSEeCNmaDAy9rXK+wgAtIRoCiHnrpMaYI+QwSkIcC+eUCPo9rXF3iFp0ojAtIIRRyaT7TqGde8WuOJuoFI6L4HHJrxSsYvcAcR0X0BTM0l59z4
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC16384INData Raw: 61 6c 65 28 32 29 3b 6f 70 61 63 69 74 79 3a 31 7d 7d 2e 73 63 65 6e 65 2d 67 75 69 6c 64 7b 68 65 69 67 68 74 3a 37 37 2e 39 32 32 30 37 37 39 32 76 77 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 37 37 2e 39 32 32 30 37 37 39 32 76 77 7d 2e 73 63 65 6e 65 2d 67 75 69 6c 64 20 2e 62 61 73 65 2d 69 6e 66 6f 7b 7a 2d 69 6e 64 65 78 3a 31 30 7d 2e 73 63 65 6e 65 2d 67 75 69 6c 64 20 2e 62 61 73 65 2d 69 6e 66 6f 20 2e 62 72 61 6e 64 20 2e 62 72 61 6e 64 2d 6c 6f 67 6f 7b 77 69 64 74 68 3a 36 2e 37 30 31 32 39 38 37 76 77 3b 68 65 69 67 68 74 3a 31 2e 36 36 32 33 33 37 36 36 76 77 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52
                                                                                                                                                                                                                        Data Ascii: ale(2);opacity:1}}.scene-guild{height:77.92207792vw;min-height:77.92207792vw}.scene-guild .base-info{z-index:10}.scene-guild .base-info .brand .brand-logo{width:6.7012987vw;height:1.66233766vw;display:block;background-image:url(data:image/png;base64,iVBOR
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC16384INData Raw: 46 34 6d 6f 77 53 6b 2b 77 50 68 57 2f 2f 49 72 76 6c 56 72 41 6f 34 4d 4d 41 41 4f 50 65 78 55 41 6f 48 54 65 4d 59 37 46 62 77 4d 61 51 36 4a 52 2b 47 55 61 70 57 53 35 56 43 50 69 4e 4f 55 6d 4d 7a 63 77 74 6b 57 73 53 58 2f 43 50 48 5a 69 36 4f 77 4e 53 4d 47 4d 51 6b 72 36 6e 66 2f 2b 6c 54 31 64 58 56 54 33 32 79 62 56 72 39 7a 46 6c 74 68 54 46 4f 49 4f 4c 7a 34 55 4d 77 41 45 72 49 68 35 30 4d 59 30 63 2b 48 45 56 45 63 33 31 41 52 6a 4b 50 67 62 58 71 35 47 65 50 50 4a 67 37 59 54 69 46 45 6d 37 46 56 6b 52 46 44 6a 65 50 2b 65 58 42 73 66 76 47 66 37 6b 6d 4c 63 4b 70 6f 4e 56 4a 53 53 6f 61 6b 38 41 65 2f 46 4a 2b 66 4b 78 65 31 67 64 6b 6d 58 6d 47 50 47 33 79 76 4d 6f 4b 54 6b 41 53 41 6f 33 41 4c 56 4b 72 31 57 67 30 38 59 53 42 45 74 68 4b
                                                                                                                                                                                                                        Data Ascii: F4mowSk+wPhW//IrvlVrAo4MMAAOPexUAoHTeMY7FbwMaQ6JR+GUapWS5VCPiNOUmMzcwtkWsSX/CPHZi6OwNSMGMQkr6nf/+lT1dXVT32ybVr9zFlthTFOIOLz4UMwAErIh50MY0c+HEVEc31ARjKPgbXq5GePPJg7YTiFEm7FVkRFDjeP+eXBsfvGf7kmLcKpoNVJSSoak8Ae/FJ+fKxe1gdkmXmGPG3yvMoKTkASAo3ALVKr1Wg08YSBEthK
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC16384INData Raw: 64 36 54 37 58 41 34 61 48 48 39 44 69 6f 4c 74 73 48 46 43 6a 66 30 39 6a 61 38 66 77 46 37 78 34 36 7a 65 34 6d 6d 39 59 62 4d 36 49 55 6b 73 31 44 66 6b 6a 77 76 38 4b 36 70 6a 6b 6f 50 2b 6d 4d 52 51 52 4c 59 66 69 4c 59 5a 73 4f 38 34 4a 79 61 4b 79 42 72 6e 61 37 47 42 73 54 46 4d 69 68 58 48 63 53 62 63 43 51 53 2b 75 5a 6d 71 39 4d 42 2b 2f 32 4c 46 36 32 72 64 2b 7a 59 75 78 65 31 47 54 32 4e 30 37 4b 73 55 73 6d 71 55 72 70 62 5a 47 65 36 30 54 38 64 39 79 58 73 56 6f 76 44 43 47 51 57 6a 56 58 2f 2b 4e 79 4a 55 68 34 2f 62 67 44 72 64 46 72 39 31 63 75 58 75 34 64 70 76 70 31 36 52 68 39 61 76 65 4d 61 36 45 32 37 49 49 4f 65 56 70 51 44 6d 55 65 46 51 75 35 6a 70 41 68 50 42 6a 78 5a 69 4d 75 6c 2f 52 4c 75 42 67 43 54 37 44 50 62 56 6d 46 51
                                                                                                                                                                                                                        Data Ascii: d6T7XA4aHH9DioLtsHFCjf09ja8fwF7x46ze4mm9YbM6IUks1Dfkjwv8K6pjkoP+mMRQRLYfiLYZsO84JyaKyBrna7GBsTFMihXHcSbcCQS+uZmq9MB+/2LF62rd+zYuxe1GT2N07KsUsmqUrpbZGe60T8d9yXsVovDCGQWjVX/+NyJUh4/bgDrdFr91cuXu4dpvp16Rh9aveMa6E27IIOeVpQDmUeFQu5jpAhPBjxZiMul/RLuBgCT7DPbVmFQ
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC16384INData Raw: 52 50 38 58 64 35 33 5a 56 5a 56 31 72 39 47 46 35 74 75 4c 4a 58 2b 52 6f 63 34 57 61 38 6b 76 65 31 56 79 57 74 48 2f 37 55 55 35 66 63 50 46 74 6b 39 53 54 4e 2f 33 43 72 76 36 79 62 50 2b 57 4c 64 64 31 38 75 52 35 46 38 2f 65 56 6b 32 65 64 4a 72 44 2f 45 56 35 39 76 41 57 69 50 50 79 37 4c 46 52 7a 44 33 61 72 5a 59 38 6d 36 42 5a 58 43 59 33 52 30 64 48 6f 77 39 31 63 68 6d 7a 48 4c 46 49 4c 58 6b 6d 61 65 46 4d 72 62 4c 6b 33 47 34 32 71 57 58 78 55 56 6d 36 30 63 54 52 78 41 36 31 35 42 71 4b 70 4c 6e 50 73 75 52 38 50 55 47 61 43 66 30 72 57 62 72 4a 52 46 64 52 51 33 61 56 35 43 78 6a 72 75 4c 75 79 35 4b 4c 52 6e 77 51 6d 63 58 79 58 5a 43 30 6d 42 6c 6d 6a 55 72 79 4d 47 4d 6b 77 32 48 5a 58 72 6b 58 38 6b 4f 45 30 71 67 30 32 73 49 6b 78 55
                                                                                                                                                                                                                        Data Ascii: RP8Xd53ZVZV1r9GF5tuLJX+Roc4Wa8kve1VyWtH/7UU5fcPFtk9STN/3Crv6ybP+WLdd18uR5F8/eVk2edJrD/EV59vAWiPPy7LFRzD3arZY8m6BZXCY3R0dHow91chmzHLFILXkmaeFMrbLk3G42qWXxUVm60cTRxA615BqKpLnPsuR8PUGaCf0rWbrJRFdRQ3aV5CxjruLuy5KLRnwQmcXyXZC0mBlmjUryMGMkw2HZXrkX8kOE0qg02sIkxU
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC16384INData Raw: 74 44 69 5a 54 41 44 76 42 39 75 52 52 36 78 4f 39 65 70 33 64 73 39 4f 7a 2b 64 6b 5a 68 38 33 53 37 51 36 56 4e 55 46 50 71 42 51 6c 71 52 4f 71 38 6f 53 48 4b 41 68 62 51 56 31 36 71 7a 4c 4a 5a 6c 37 6c 4f 4a 6f 30 66 79 78 65 45 70 6d 4e 63 37 52 62 6e 7a 78 6e 34 71 4c 62 33 33 77 4a 42 69 35 74 66 78 58 72 77 4a 4c 64 67 46 51 50 64 61 61 6b 44 4b 47 4a 51 58 73 58 6d 4b 59 43 34 57 76 44 50 75 77 59 30 48 6d 79 50 41 55 55 52 33 57 63 32 63 6f 69 43 6d 2f 72 79 34 66 6d 63 35 6e 70 51 35 72 56 36 5a 77 52 76 55 31 4e 34 65 4f 7a 44 61 43 6f 54 57 7a 77 70 47 4d 61 38 47 52 75 41 79 4c 4d 46 7a 2b 2f 2f 51 70 4d 4c 67 64 35 32 69 54 5a 53 41 34 43 78 70 65 41 70 4d 4f 7a 31 78 4b 6f 4a 35 75 6c 65 69 44 73 34 4f 4c 43 51 41 4e 6d 55 6e 42 31 67 46
                                                                                                                                                                                                                        Data Ascii: tDiZTADvB9uRR6xO9ep3ds9Oz+dkZh83S7Q6VNUFPqBQlqROq8oSHKAhbQV16qzLJZl7lOJo0fyxeEpmNc7Rbnzxn4qLb33wJBi5tfxXrwJLdgFQPdaakDKGJQXsXmKYC4WvDPuwY0HmyPAUUR3Wc2coiCm/ry4fmc5npQ5rV6ZwRvU1N4eOzDaCoTWzwpGMa8GRuAyLMFz+//QpMLgd52iTZSA4CxpeApMOz1xKoJ5uleiDs4OLCQANmUnB1gF
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC16384INData Raw: 32 6a 6e 4e 2b 65 51 2b 6e 30 66 6d 6d 59 6a 52 37 74 64 6c 76 79 55 58 30 51 39 6c 4c 30 34 53 67 32 4d 72 4a 6f 63 58 36 37 50 78 43 4d 42 77 45 71 45 30 4f 4c 66 62 4a 73 6d 2b 4c 70 6c 69 55 67 70 57 54 53 30 75 68 55 4a 47 74 62 6a 6d 5a 68 68 49 64 61 75 33 46 49 49 38 57 72 42 72 56 44 43 62 54 74 44 72 54 78 57 41 77 57 4f 62 51 6b 70 35 39 34 30 38 41 54 42 62 54 36 51 49 53 35 46 75 63 52 34 75 2b 70 30 47 2b 4c 41 63 57 71 4c 34 45 2b 62 51 55 6a 6c 55 43 7a 65 64 50 50 79 61 41 4c 44 39 39 44 76 4a 71 53 54 76 4e 54 61 6d 51 79 35 52 50 75 70 53 54 35 55 4a 4f 6b 37 34 74 59 59 34 63 4b 75 51 33 38 72 61 45 42 2f 63 38 55 79 54 48 79 36 56 61 74 56 6f 72 6c 59 38 58 31 6c 6c 6e 6e 58 58 57 57 57 63 64 7a 53 2f 4f 45 4b 74 37 76 2f 76 52 7a 51
                                                                                                                                                                                                                        Data Ascii: 2jnN+eQ+n0fmmYjR7tdlvyUX0Q9lL04Sg2MrJocX67PxCMBwEqE0OLfbJsm+LpliUgpWTS0uhUJGtbjmZhhIdau3FII8WrBrVDCbTtDrTxWAwWObQkp59408ATBbT6QIS5FucR4u+p0G+LAcWqL4E+bQUjlUCzedPPyaALD99DvJqSTvNTamQy5RPupST5UJOk74tYY4cKuQ38raEB/c8UyTHy6VatVorlY8X1llnnXXWWWcdzS/OEKt7v/vRzQ
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC16384INData Raw: 37 70 35 4c 77 64 69 4c 4a 77 6d 46 32 2b 66 4d 46 45 52 46 53 42 31 4a 79 79 2f 47 68 53 79 34 31 4e 65 64 63 56 55 66 36 6d 43 74 2b 54 66 4a 50 6b 77 39 4f 6f 46 2b 54 77 2f 46 39 34 70 4c 32 39 2f 62 4a 4a 30 6f 51 45 6c 31 39 6a 77 58 77 2f 72 79 76 66 69 4b 4c 63 70 6e 4b 6a 67 6b 55 52 56 65 6e 34 70 65 72 74 4b 30 68 69 33 79 79 42 66 38 72 63 75 6e 55 45 61 64 63 59 45 31 53 47 5a 46 55 30 4f 56 5a 42 4b 46 32 62 75 72 71 32 62 38 2f 37 67 34 4c 7a 4c 39 43 55 5a 77 49 4a 4b 74 54 43 6c 38 70 45 59 61 72 50 61 6d 35 4a 6a 6a 69 56 75 6d 43 36 7a 4b 49 38 56 46 34 67 58 57 71 35 64 69 30 2f 36 75 30 70 56 62 47 71 54 70 6a 38 70 72 62 35 6b 77 4b 31 38 4c 48 73 57 4d 7a 4a 6b 79 66 50 61 38 34 69 69 72 4b 71 64 6e 61 56 73 76 77 55 49 78 44 4e 76
                                                                                                                                                                                                                        Data Ascii: 7p5LwdiLJwmF2+fMFERFSB1Jyy/GhSy41NedcVUf6mCt+TfJPkw9OoF+Tw/F94pL29/bJJ0oQEl19jwXw/ryvfiKLcpnKjgkURVen4pertK0hi3yyBf8rcunUEadcYE1SGZFU0OVZBKF2burq2b8/7g4LzL9CUZwIJKtTCl8pEYarPam5JjjiVumC6zKI8VF4gXWq5di0/6u0pVbGqTpj8prb5kwK18LHsWMzJkyfPa84iirKqdnaVsvwUIxDNv


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        59192.168.2.749790119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC573OUTGET /im.qq.com_new/de9c920b/js/pc.5c234203.js HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC484INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:42 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 62187
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:42 GMT
                                                                                                                                                                                                                        Last-Modified: Thu, 08 Feb 2024 02:14:34 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b36cad81-1a26-49b1-9329-2af7f9c64d9a
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC15900INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 2c 6e 3d 7b 33 33 33 34 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 2c 69 29 7b 69 28 36 39 39 32 29 2c 69 28 38 36 37 34 29 2c 69 28 37 37 32 37 29 3b 76 61 72 20 61 2c 6f 2c 74 2c 73 3d 69 28 35 30 31 30 29 2c 63 3d 28 69 28 31 35 33 39 29 2c 69 28 34 37 34 37 29 2c 69 28 33 33 39 36 29 29 2c 6c 3d 69 28 36 36 32 33 29 2c 72 3d 28 69 28 34 39 31 36 29 2c 69 28 35 30 38 32 29 29 2c 64 3d 28 69 28 35 33 30 36 29 2c 69 28 35 33 32 32 29 29 2c 75 3d 69 28 35 36 37 38 29 3b 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 50 47 49 4e 3d 22 64 74 5f 70 67 69 6e 22 2c 65 2e 50 47 4f 55 54 3d 22 64 74 5f 70 67 6f 75 74 22 2c 65 2e 49 4d 50 3d 22 64 74 5f 69 6d 70 22 2c 65 2e 49 4d
                                                                                                                                                                                                                        Data Ascii: !function(){"use strict";var e,n={3334:function(e,n,i){i(6992),i(8674),i(7727);var a,o,t,s=i(5010),c=(i(1539),i(4747),i(3396)),l=i(6623),r=(i(4916),i(5082)),d=(i(5306),i(5322)),u=i(5678);!function(e){e.PGIN="dt_pgin",e.PGOUT="dt_pgout",e.IMP="dt_imp",e.IM
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC16384INData Raw: 6e 65 72 48 65 69 67 68 74 3b 70 2e 76 61 6c 75 65 3d 65 3e 3d 6e 2f 32 7d 2c 45 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 73 63 72 6f 6c 6c 54 6f 70 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 63 72 6f 6c 6c 54 6f 70 2c 6e 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 63 6c 69 65 6e 74 48 65 69 67 68 74 2c 69 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 73 63 72 6f 6c 6c 48 65 69 67 68 74 7c 7c 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 63 72 6f 6c 6c 48 65 69 67 68 74 3b 72 28 65 2b 6e 3e 3d 69 3f 31 3a 30 29 7d
                                                                                                                                                                                                                        Data Ascii: nerHeight;p.value=e>=n/2},E=function(){var e=document.documentElement.scrollTop||document.body.scrollTop,n=document.documentElement.clientHeight||document.body.clientHeight,i=document.documentElement.scrollHeight||document.body.scrollHeight;r(e+n>=i?1:0)}
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC16384INData Raw: 2e 63 6f 6e 63 61 74 28 36 2a 2d 28 6d 2d 2e 39 34 29 2c 22 73 22 29 7d 29 29 2c 6e 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 2e 63 6f 6e 63 61 74 28 32 2a 2d 6d 2c 22 73 22 29 2c 72 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 2e 63 6f 6e 63 61 74 28 32 2a 2d 6d 2c 22 73 22 29 2c 63 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 2e 63 6f 6e 63 61 74 28 32 2a 2d 6d 2c 22 73 22 29 2c 6c 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 2e 63 6f 6e 63 61 74 28 32 2a 2d 6d 2c 22 73 22 29 2c 70 2e 73 74 79 6c 65 2e 61 6e 69 6d 61 74 69 6f 6e 44 65 6c 61 79 3d 22 22 2e 63 6f 6e 63 61 74 28 32 2a 2d 6d 2c 22 73 22 29 2c 76 2e 73 74 79 6c 65 2e 61 6e 69 6d 61
                                                                                                                                                                                                                        Data Ascii: .concat(6*-(m-.94),"s")})),n.style.animationDelay="".concat(2*-m,"s"),r.style.animationDelay="".concat(2*-m,"s"),c.style.animationDelay="".concat(2*-m,"s"),l.style.animationDelay="".concat(2*-m,"s"),p.style.animationDelay="".concat(2*-m,"s"),v.style.anima
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC13519INData Raw: 6f 6e 28 48 2e 55 64 2e 56 49 44 45 4f 5f 56 4f 4c 55 4d 45 5f 43 48 41 4e 47 45 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 64 61 74 61 2e 76 6f 6c 75 6d 65 3b 6f 2e 76 61 6c 75 65 3d 21 6e 7d 29 29 2c 6e 2e 6f 6e 28 48 2e 55 64 2e 56 49 44 45 4f 5f 50 4c 41 59 49 4e 47 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 76 61 6c 75 65 3d 21 30 7d 29 29 2c 6e 2e 6f 6e 28 48 2e 55 64 2e 56 49 44 45 4f 5f 50 41 55 53 45 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 76 61 6c 75 65 3d 21 31 2c 76 28 7b 70 67 69 64 3a 22 70 67 5f 62 61 73 5f 6f 66 66 69 63 69 61 6c 5f 77 65 62 73 69 74 65 5f 68 6f 6d 65 5f 70 61 67 65 22 2c 65 76 65 6e 74 4e 61 6d 65 3a 22 65 76 5f 62 61 73 5f 6f 66 66 69 63 69 61 6c 5f 77 65 62 73 69 74 65 5f 76 69 64 65 6f 5f
                                                                                                                                                                                                                        Data Ascii: on(H.Ud.VIDEO_VOLUME_CHANGE,(function(e){var n=e.data.volume;o.value=!n})),n.on(H.Ud.VIDEO_PLAYING,(function(){a.value=!0})),n.on(H.Ud.VIDEO_PAUSE,(function(){a.value=!1,v({pgid:"pg_bas_official_website_home_page",eventName:"ev_bas_official_website_video_


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        60192.168.2.74978743.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:42 UTC863OUTPOST /speed/webvitals?FCP=9072.399999999994&LCP=9500.100000000006&FID=-1&CLS=-1&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1280%20*%20907&sr=1280%20*%201024&sessionId=session-1708076982979&from=https%3A%2F%2Fim.qq.com%2Fmobileqq%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC134INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:42 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        61192.168.2.749793129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069902540&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:44 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        62192.168.2.74976743.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:43 UTC774OUTGET /collect/pv?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC404INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:44 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,POST,OPTIONS
                                                                                                                                                                                                                        Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
                                                                                                                                                                                                                        Access-Control-Max-Age: 86400
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        63192.168.2.74976843.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC781OUTGET /collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC258INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:44 GMT
                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                        Content-Length: 58
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        X-Powered-By: Express
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        ETag: W/"3a-Mq+Z0YrSSADKAkwAZ0tpR8ztW14"
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC58INData Raw: 7b 22 72 65 74 63 6f 64 65 22 3a 30 2c 22 72 65 73 75 6c 74 22 3a 7b 22 69 73 5f 69 6e 5f 77 68 69 74 65 5f 6c 69 73 74 22 3a 66 61 6c 73 65 2c 22 72 61 74 65 22 3a 31 7d 7d
                                                                                                                                                                                                                        Data Ascii: {"retcode":0,"result":{"is_in_white_list":false,"rate":1}}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        64192.168.2.749798119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC668OUTGET /im.qq.com_new/de9c920b/img/scene-bg-x.6a1a9834.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:45 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 181293
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:44 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 81f71c6a-6aa8-4ebd-9511-b76e5272260c
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 80 00 00 04 38 08 06 00 00 00 e8 d3 c1 43 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDR8CpHYseiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 5e b9 0b cf 22 fc b6 d8 78 9f b3 5a 9c 92 d3 0a bf 7b 36 0d 3d db d9 c6 20 c2 af 23 95 5e 4d f9 bd 49 1c b7 b1 da 29 00 78 85 87 58 61 2f b1 bb 2c 38 a9 a0 51 c5 60 86 d1 3e 5e d1 c0 b3 33 9b 70 6a 7c 4f c9 92 38 1d be 02 95 20 00 03 00 00 44 02 d1 2b 01 71 1b 09 e1 17 24 19 6a 8a e7 2b ed 23 6f da 44 6d 4d b7 fd 43 bb 2e b2 88 cb 35 82 f0 52 c2 6f cd 1b 82 5e a2 d5 c5 5f 84 5f 41 8a 45 3e 75 dd e0 ae f5 7c 72 5c f4 ea b0 77 f8 64 77 24 38 a9 37 91 c4 d7 68 c2 f4 19 1e f5 66 2d 04 af 22 cc cf 24 d0 5a 1d 6f cd f2 f6 4a e5 fd 75 a0 0c 02 30 00 00 9c 42 14 30 a8 41 68 a1 18 b3 0c 51 a6 9a 38 34 35 45 69 78 1d d1 77 5a b2 08 b3 5e 36 8a b3 b7 30 85 d8 3c e8 e1 5e 5d f4 cd 94 a6 66 ba 92 d8 e7 b1 7d a2 48 b9 16 2d a0 9e b0 47 18 e3 63 39 70 ec 33 d1 c4 d7 2c
                                                                                                                                                                                                                        Data Ascii: ^"xZ{6= #^MI)xXa/,8Q`>^3pj|O8 D+q$j+#oDmMC.5Ro^__AE>u|r\wdw$87hf-"$ZoJu0B0AhQ845EixwZ^60<^]f}H-Gc9p3,
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 5c a2 73 73 44 70 f5 87 d5 92 48 8f f7 32 9f 6e 9b d1 c8 d9 da 38 63 79 11 80 01 00 00 c2 81 f8 2b 60 75 1b 22 5b f4 6f 4c b3 fb 54 66 46 3b cf 56 e2 af 45 8a 21 c5 5f e7 4c a5 eb f3 89 04 2b 9d 34 8f 85 e1 48 6d 29 95 97 f2 f1 cb 96 e7 b8 dd 0a cc 84 df da 2f dd f4 ea 4a 22 dd 3d 47 67 5b ba 75 1d 49 ac 0e 7e 12 2a 19 3c 64 0d 5e e4 f0 a2 ef d5 17 c2 b7 87 9e 08 bc 57 67 aa d5 91 a6 ce eb e9 de aa 4c 5c 17 a1 84 60 81 71 d2 65 77 22 3c a2 74 2d ec 21 04 cf 8f 77 3d ac d6 0e 83 97 ee 21 41 00 06 00 00 08 c5 5c e2 af 2a 55 61 11 7d e9 a6 ab aa 83 c6 45 f8 ad 24 55 d4 6f f3 47 54 29 97 2f d8 92 76 9a 3b c8 b8 86 c0 92 45 50 fe 4e 77 47 c9 73 42 52 e8 bb 7c 33 a9 87 45 ba 1f 88 09 ee 0a 8e 73 95 71 24 e2 61 fb 2c ac 5a bb 64 ea b3 07 75 9b 56 f4 3d 4a 24 b3
                                                                                                                                                                                                                        Data Ascii: \ssDpH2n8cy+`u"[oLTfF;VE!_L+4Hm)/J"=Gg[uI~*<d^WgL\`qew"<t-!w=!A\*Ua}E$UoGT)/v;EPNwGsBR|3Esq$a,ZduV=J$
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: be 5f ec 67 92 00 2b 5e 11 65 2d 7d cf b3 47 18 29 72 65 17 4c b6 20 ec a8 db 03 cd 29 2f 9f 95 c5 8e 62 85 4d 74 be ef 4c 02 ef 7f 96 72 e7 45 78 7a 95 c3 3d 72 c0 26 af 1c 6f 72 f8 16 32 78 68 53 48 02 b3 74 4e 84 2d de fa 0a 37 24 82 1d 83 e6 ac be 6a ef 8d b8 76 f4 fc f7 03 ff 60 ad d2 fb 83 3b 07 b2 94 c5 22 80 17 16 16 d2 60 ed 16 5e b0 af 3a cb 13 84 ef fe a5 fe 01 12 c9 6a 6d 32 05 e0 ab 50 47 f5 b9 74 8f 05 bf e9 7d bf ef 64 66 d7 48 74 18 66 cb b3 8a 3d 81 f0 dd 43 4c d0 60 93 9a e5 32 cb 20 30 7d 88 0a 86 84 f8 1a 4b fc c0 f6 26 36 ab 9a 5b 90 bf 67 23 15 02 c2 a2 4e 2a 14 d3 7f 6f 97 23 87 03 01 64 20 4a 5f 6b 77 a9 eb 14 4e 18 23 b3 41 e5 4e 60 51 0c 18 79 82 dc 10 f2 22 26 43 fb da 59 24 70 a9 9f 8e ca fb 13 48 e0 f7 a1 37 ee b8 2a 72 c7 72
                                                                                                                                                                                                                        Data Ascii: _g+^e-}G)reL )/bMtLrExz=r&or2xhSHtN-7$jv`;"`^:jm2PGt}dfHtf=CL`2 0}K&6[g#N*o#d J_kwN#AN`Qy"&CY$pH7*rr
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 11 8d a5 ad 93 b4 0e ec 25 5e 21 80 8f 57 b5 03 c1 24 f0 0f 5a ef ad 4d 09 2f b2 0d 5c cd 3f 8a 15 75 dd 6d f7 67 4d d2 23 df 60 64 f4 f1 d2 ed 38 2d e7 e8 d4 0a 3a 45 46 db f7 68 16 28 bd 48 5d 55 7d c1 7d 72 0f e8 bc b6 f4 17 67 3b 35 9b 91 44 b0 a3 89 8b ad c4 d4 ac da 52 d1 5a 9b d0 96 66 d4 e9 6f c0 ff fd f7 ef 7f 65 61 61 21 0c 6e 17 65 a9 ae f6 a8 24 be fc 74 02 35 fe cd c7 22 7f 0b a6 28 6e 51 a5 17 f9 eb 20 9a c6 02 1b 24 3a 2c d6 33 15 70 62 1b 0b 52 9f 34 27 0f 95 41 e0 a7 5b d9 ff 83 e9 2d 72 3c 4d 46 8b ac fe 89 c9 df d1 f9 9f 77 db be fe 65 86 c4 bb 73 7e b4 65 a9 1a 27 c0 6d 98 63 f2 df 0f be 61 c4 a3 ba b9 75 46 dd 96 0c 81 a4 d7 7f c7 83 b1 1d ac ca 12 b1 0e 0d cf 34 25 54 15 bb 6d 9d 54 27 7d f0 2e 5a f8 95 27 7d 3e d2 01 9e d7 9e 21 7f
                                                                                                                                                                                                                        Data Ascii: %^!W$ZM/\?umgM#`d8-:EFh(H]U}}rg;5DRZfoeaa!ne$t5"(nQ $:,3pbR4'A[-r<MFwes~e'mcauF4%TmT'}.Z'}>!
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 96 f6 50 17 d3 98 6b 8c 0c ba 4a 99 d5 32 da b8 e4 b1 eb 28 2f 17 1e 3d 40 b6 32 45 e7 31 b4 d7 74 30 16 e9 ff ac b6 34 b3 0d 23 c7 10 95 dd 09 d2 4f c7 ff 5b 44 ef c2 3c c4 54 be af a9 e3 8b f8 45 2a f0 c3 54 f2 57 47 ec 1d 34 80 89 25 9e ba bb 92 bf 13 75 94 bf 47 b7 a8 55 79 93 bf 1a dc be 8f 0b ca 00 ac 4d 14 21 fc c8 df 58 10 24 09 1e e6 de d2 c4 5f 67 24 65 3d 80 ee cb 24 ea 42 e2 d5 33 e2 b0 30 f3 14 10 eb cc c6 27 2f 2b d2 3b 35 2e a0 d6 41 8f c7 f3 ed 8c f1 88 11 7a 7d 2a 58 b0 0d 40 ca d6 ce 55 48 1d 58 9d de f9 de 4b 44 e3 44 75 c9 97 7e e8 23 ad 05 24 88 c8 a0 c3 23 a1 4d 73 5f 47 42 d3 2a df 26 62 a9 a0 49 e0 b0 f1 68 c3 d8 fa ab f3 86 77 1b 03 ec a7 27 81 4b 31 3f 12 7a 91 c0 46 3d 02 7f 0a 57 97 d3 38 ee 8d 6a 1e bb 79 19 67 34 3d 09 9c a8
                                                                                                                                                                                                                        Data Ascii: PkJ2(/=@2E1t04#O[D<TE*TWG4%uGUyM!X$_g$e=$B30'/+;5.Az}*X@UHXKDDu~#$#Ms_GB*&bIhw'K1?zF=W8jyg4=
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 27 df 98 09 89 79 23 bb 1a 24 fa 09 94 06 0d 7d 1d 5f 2f 39 21 fd 2b 73 35 0b 8f 53 a0 1c 91 6d 1f 03 ff 1a b2 a3 c1 b2 91 0e d2 02 09 c5 6d bc ac b7 e4 d4 71 ec 1d c6 dc fb b5 f5 fa 36 07 47 c3 36 8c 5c 7d ef e3 c4 3b fa eb ef 6f 1f 77 df 7c 7c 94 5b 8c 37 c2 25 1a ff 36 e7 ff ca bd bb 77 9b f9 e7 ff c9 44 ac 2a 93 85 38 df 88 11 e7 b5 f2 95 27 9c ae 45 06 32 bf 28 24 ac f1 b3 35 05 c4 32 bd d6 41 51 44 f0 2f 09 fc ad 74 a9 83 cd 78 85 7c 18 cd 24 ea c0 4f ff 64 9a 25 db e0 5c 7f ac d2 25 bb e0 0e f1 24 f0 b5 43 66 f0 29 0b 49 65 98 c1 75 47 38 2d 57 c5 3e 5c 81 ed 7c 62 c6 fa bb 83 b5 fc f7 af 80 a6 b7 9f c6 b8 e8 fa e3 a1 c9 df 7c a4 d8 87 57 fa a8 d3 bf c4 be e8 0f 90 da a8 6f 61 f1 d2 23 76 d9 17 19 e8 f0 57 56 7a 2f 48 eb 04 42 dc 22 64 38 93 bf 1e
                                                                                                                                                                                                                        Data Ascii: 'y#$}_/9!+s5Smmq6G6\};ow||[7%6wD*8'E2($52AQD/tx|$Od%\%$Cf)IeuG8-W>\|b|Woa#vWVz/HB"d8
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 92 4a 17 7c 95 59 ed be 37 f3 45 99 0c 76 5b 6d 26 4b 79 bf c0 ce ff 96 c1 58 57 bf 52 af bb 4f 95 2c 84 1c 48 33 dc 06 92 55 9e aa 4d 1e 64 37 ca d9 09 5c 40 b2 2a 02 e5 a7 aa fa 02 15 c3 da 13 5b e1 12 e7 cb 0b 5d 08 33 6c 32 36 e3 d3 13 18 b8 59 fb a4 41 ea af 49 de 7c f4 09 e0 59 e1 be 93 e0 ae 60 7c b4 8b 8a 20 91 fc 9d e9 9d 1c 83 e0 f6 49 cc e9 31 46 21 c3 be ff 2b de 51 5c e4 2e 1c 8e e9 24 b3 88 46 3c 32 c8 df 8e 89 38 ec 0e 8b d2 eb c2 72 58 09 b3 11 af 8f c3 db 69 db f2 75 51 ec 1d 8d 87 e6 d0 6d 36 b9 9f df 14 99 c9 db c5 86 d3 07 0a b4 32 ec e2 60 85 52 89 31 e8 b6 9e aa cd 68 b3 96 53 ef b5 82 b7 06 6a 7c 17 98 00 29 ac 19 9c e5 20 64 3d 7c 3f c5 d8 5d e9 f3 ee 07 9d 65 66 f4 d6 f9 c2 9a 47 79 a8 cc c0 6c af 4d 1e 01 4d fe d6 40 13 c0 33 a2
                                                                                                                                                                                                                        Data Ascii: J|Y7Ev[m&KyXWRO,H3UMd7\@*[]3l26YAI|Y`| I1F!+Q\.$F<28rXiuQm62`R1hSj|) d=|?]efGylMM@3
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: bf e8 d3 c0 e1 48 b7 dd d8 16 e1 4f ea 2d 72 4c 3c d1 70 1d c1 55 84 76 e4 91 b3 65 5a 68 dd 88 70 ff 08 27 69 77 4a 9d 4f c4 df ca 66 96 1d 25 e7 16 c4 be e8 8f 13 b5 e2 d3 bf 74 24 c3 0e 54 dc 54 26 d5 47 3e 05 6c 81 3f f9 6b 2b 6c d6 ea fb e9 64 6c a3 2e 10 ab ff 4f 02 98 41 1a 36 af c8 45 7b 69 58 24 90 66 7d fa b7 28 ba 19 eb 11 ee bb 62 ef 33 24 c5 2d e0 c6 5d 95 d0 b5 9c d8 e6 95 01 34 75 0e 79 9d f3 aa cc e7 83 4b ff f6 8a 64 03 10 e1 36 9a 4f 3b 06 0a a2 2b a5 f1 0f 9e 6f f8 a8 f0 f0 89 58 a8 f3 06 85 ab 4f 68 19 9f 88 e7 22 e1 4d 32 ac 11 bc ba ef 03 ec f3 7e cd 26 fa 95 a5 a1 ed e5 e9 fb 01 55 4e 41 df c8 79 dc e9 5f 4f 64 c5 7c bf 85 f1 16 b3 af 04 e0 e5 63 8e 4f 4f f9 e6 6f 45 f4 01 9f 73 20 63 73 4f 00 b7 d3 81 48 3e f9 db 68 70 d0 b1 72 0a
                                                                                                                                                                                                                        Data Ascii: HO-rL<pUveZhp'iwJOf%t$TT&G>l?k+ldl.OA6E{iX$f}(b3$-]4uyKd6O;+oXOh"M2~&UNAy_Od|cOOoEs csOH>hpr
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 23 a1 1b 85 60 a9 2f 4b 5e 63 63 8f 08 f6 c6 8e 41 b4 fa 0b 64 ad 38 3f a2 cd af 65 51 31 d8 74 15 58 ed 91 65 4f ad dc 9c e0 6f 0d af eb e0 6f 0c fe c6 c4 3c ad 3c c7 65 89 fc 0c 1d 66 ef e3 fb c6 a0 18 74 00 f8 6a e8 d9 dd 84 e8 4a bb 33 7a ac db 43 f1 76 21 56 cf bf 3c a1 13 27 87 e2 78 eb ef f6 2e 40 27 50 64 e4 91 25 53 c4 34 24 3a b2 52 3a 05 81 43 79 08 92 44 86 92 2b 88 8f 88 32 f0 32 19 bd d8 4c a3 6e 20 f8 b4 33 eb 79 65 e3 0d 17 98 6c b2 8a b0 0a 04 87 cc 89 b2 82 98 05 70 bd c5 3a da 3c f2 fd d1 ec 4c 9a a8 1b 46 4f 13 6a 4e d7 68 e3 1b 3b cb 69 b2 10 1b 2a 84 64 05 23 3c 91 1d bc cd ca 1f 9d 6f 76 20 7d 1f c9 83 e0 f2 e8 73 32 f3 23 38 2a 04 7e 1b 8d ea e8 00 f0 65 b0 ea 76 ba f7 69 68 91 e4 3b 1d 04 d5 22 b8 c2 0a cd a2 a9 c2 4c 53 88 a5 52
                                                                                                                                                                                                                        Data Ascii: #`/K^ccAd8?eQ1tXeOoo<<eftjJ3zCv!V<'x.@'Pd%S4$:R:CyD+22Ln 3yelp:<LFOjNh;i*d#<ov }s2#8*~evih;"LSR


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        65192.168.2.749794119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC661OUTGET /im.qq.com_new/de9c920b/img/qq9.03144aa7.svg HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:45 GMT
                                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                                        Content-Length: 9409
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:44 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: fa2cd465-ff56-4b49-b292-1a9fd3498a72
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC9409INData Raw: 20 3c 73 76 67 20 77 69 64 74 68 3d 22 39 37 31 22 20 68 65 69 67 68 74 3d 22 32 39 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 20 20 3c 70 61 74 68 0a 20 20 20 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 0a 20 20 20 20 64 3d 22 4d 31 30 35 2e 37 35 36 20 32 36 34 2e 37 35 37 43 31 33 30 2e 30 31 33 20 32 38 30 2e 36 34 31 20 31 35 38 2e 35 34 20 32 38 39 2e 31 33 32 20 31 38 37 2e 37 33 20 32 38 39 2e 31 35 37 48 33 35 31 2e 34 39 38 56 32 34 39 2e 39 36 48 32 38 38 2e 38 37 35 43 33 30 31 2e 38 33 38 20 32 33 38 2e 30 37 34 20 33 31 32 2e 35 32 36 20 32 32 33 2e 39 36 37 20 33 32 30 2e 33 38 39 20 32 30 38 2e 32 39 38 43 33 33 30 2e 33 30 38 20 31 38 38 2e 35 33 20
                                                                                                                                                                                                                        Data Ascii: <svg width="971" height="292" xmlns="http://www.w3.org/2000/svg"> <path clip-rule="evenodd" d="M105.756 264.757C130.013 280.641 158.54 289.132 187.73 289.157H351.498V249.96H288.875C301.838 238.074 312.526 223.967 320.389 208.298C330.308 188.53


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        66192.168.2.749796119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC665OUTGET /im.qq.com_new/de9c920b/img/qq9logo.2a076d03.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:45 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 14758
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:44 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: efb08563-d208-4f6c-a6fc-ed44a8abdb52
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC14758INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 43 00 00 00 6c 08 06 00 00 00 f0 be d0 50 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRClPpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        67192.168.2.749797119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC663OUTGET /im.qq.com_new/de9c920b/img/phone.55b5179d.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:45 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 73157
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:44 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 49d726e1-905e-4b4e-9968-ec9cda2ddff1
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 73 00 00 05 4c 08 03 00 00 00 63 e5 ee ca 00 00 03 00 50 4c 54 45 f2 f2 f7 f5 f5 f8 f5 f7 ff f4 f9 ff f5 f7 fe f7 f7 ff f7 f9 ff f3 f3 f7 f3 f7 ff f5 f6 ff fa f5 ff ff f4 ff f6 f6 ff f4 f5 fb ff f3 ff 00 9c ff f4 f6 fd ff f5 fb ff f7 f9 ff f8 f7 ff f9 f4 ff f9 f1 ff f6 fc ee ee ff 00 00 00 ff ff ff ed f8 ff dc d7 d5 f1 f1 f5 00 79 ed da d5 d2 d8 d2 d0 e5 e5 e9 5c c8 ff 87 d3 ff d4 ce cc 98 98 9a e2 e1 e6 e6 e2 e0 e3 df dd ec e9 e8 1f 1e 20 d2 cb c9 8b 8b 8c ed ed f2 d0 c9 c6 e7 c5 c1 e1 dc da e8 e5 e4 4c 4c 4c e8 ed f0 f8 f6 f6 3d 3d 3e df db d8 b6 b6 b9 27 89 ef e8 e8 ed e6 bb b8 69 a8 f3 f8 f1 ff ee ec eb e5 c1 bd 4a 99 f2 de d9 d7 cc cb cf cb c3 c0 7a 7a 7d bd 9e b4 94 c0 f6 eb ca c7 bc d5 f5 fa
                                                                                                                                                                                                                        Data Ascii: PNGIHDRsLcPLTEy\ LLL==>'iJzz}
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 19 af 31 d5 46 5d 7a f7 98 eb 0c 73 0f 37 e6 6f 0d 73 34 fc ba 9d 93 35 6f f7 13 cf ed 3f be 79 83 05 b1 55 e3 e0 47 14 de 84 d2 82 65 d0 fe da b1 23 0a 38 b5 22 ee b7 11 cc 7d 6d b0 3b c2 43 62 c7 5a ea d2 2a cc 9d cc 75 0f f8 e6 04 71 5f b2 20 b0 04 04 6c 75 9e a3 6c 9a 8a 1d c3 dc ae eb 4d b7 8e 06 35 af 55 e1 b9 97 c6 73 f9 46 77 98 91 3e 05 f7 0d 72 1b df e6 24 e0 a0 c8 7b 58 74 2e 6b 50 68 cb 6f 52 f5 09 9b 93 24 2e e2 1d 89 4e 3a af 1a 11 27 1c 18 ca 6a 6d 49 0e 83 0e 9c c1 40 ef ee 72 05 e9 2e b0 21 dc 3c 08 22 60 bb 04 b9 83 fb dc b3 de d5 ec b7 fd 61 ee 92 61 8e ca e9 fd 9f 80 2e e5 cd 65 d5 aa 34 77 64 b4 d5 f1 1a 8f b5 a9 4a f4 61 0a a8 54 0e 33 e0 1a 63 34 85 9a f7 cf ad 45 5c 68 ce 48 46 98 ab d5 7f bc b0 6d 6b 3a 11 d6 ff 6c 4c e6 90 95 db
                                                                                                                                                                                                                        Data Ascii: 1F]zs7os45o?yUGe#8"}m;CbZ*uq_ lulM5UsFw>r${Xt.kPhoR$.N:'jmI@r.!<"`aa.e4wdJaT3c4E\hHFmk:lL
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 93 9f 44 22 94 4e 00 6c 1c 57 68 79 18 62 9c a6 c1 25 6b 79 2a 67 3f f5 4f 9b 23 a7 15 5c e6 20 a5 42 67 5c fe 6d 7e 02 a1 01 0f e1 a8 22 0b 17 cd a8 76 9e 60 16 06 1f 7d 83 b1 30 87 c0 60 c6 c9 54 4e 21 83 08 22 c0 9c 36 bb b9 06 32 07 ca 90 82 d3 02 08 a7 aa 76 4a 23 4c 3d 9a a5 71 d4 6c e7 8c 5c 9c f6 63 24 ab c9 7f 0a 74 0b 61 4e 84 ee 7c bd 7e 3d 31 b7 16 e6 1a aa 8b 85 be 77 e4 5a 17 b0 d6 fb 55 1a 9e c3 97 6a 3b d5 02 64 e3 aa ba bf bc dc 6f c7 2e 84 c0 83 28 76 17 77 2f 9e 46 df 92 d9 dd 67 cc 76 35 dd bb 41 bd ec 07 80 12 df f9 fc 1d 60 c4 8d fe 67 0c cd a6 0e a1 1c 2b 48 c2 c8 4c 54 f9 8b 93 cf 4b 7d 24 56 e6 a0 70 28 3b fc 0f 69 b9 99 39 66 8f 42 cc 45 18 a7 4d 8c 5c 8c 5f 52 b4 29 de 75 79 2e cc 49 48 cb 59 e1 99 39 56 2e 5a af 35 ae db 4d 75
                                                                                                                                                                                                                        Data Ascii: D"NlWhyb%ky*g?O#\ Bg\m~"v`}0`TN!"62vJ#L=ql\c$taN|~=1wZUj;do.(vw/Fgv5A`g+HLTK}$Vp(;i9fBEM\_R)uy.IHY9V.Z5Mu
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 31 be 59 91 6f b2 34 d1 9c bf c7 ae 4a 36 6b ca 5f 8b 92 70 5e 79 8d 97 cc 21 83 a8 47 ea 9c e5 53 a7 3b 41 60 49 a1 ef 5f 43 bf 9c 7a c8 9d dc 2a 00 99 db ca 2d 2f 6d f2 aa ba 1e 13 c5 9e 87 02 4b 0f e7 b8 d2 49 43 09 df 67 8e 67 07 da 38 31 78 b7 b2 42 a9 78 ac a7 13 5c 0e f5 44 c7 29 71 38 8d c5 71 f7 49 da df fd 9b 6d d5 95 35 3c 2a 71 f3 e8 95 cb 6b c2 74 cc 80 e2 18 b4 dc 82 ce a9 81 10 50 16 9c 15 d6 a9 5c 38 da aa b7 37 1c f7 37 76 c4 fe da c4 a4 04 57 6c 3d e7 88 93 14 16 a8 a7 04 55 08 1f b2 ec 59 7e f2 10 13 7b 87 e8 03 c5 bf ab 39 aa 84 11 05 35 38 ea 0c 6c bd a9 17 90 4e 0f 77 3b 7d 89 b3 3c d7 ae 79 1f 12 94 a0 6f b8 0f 4f 8e 6a d4 a0 4d e4 4c a4 c6 b7 40 52 7d 20 40 22 12 42 53 12 34 50 f1 1b b1 92 a9 a2 cc 94 34 3d 2d 68 5b 35 fb a0 ac 80
                                                                                                                                                                                                                        Data Ascii: 1Yo4J6k_p^y!GS;A`I_Cz*-/mKICgg81xBx\D)q8qIm5<*qktP\877vWl=UY~{958lNw;}<yoOjML@R} @"BS4P4=-h[5
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC8091INData Raw: 0e 65 bc 93 44 43 3d 4a 9a 18 3e b8 fc 8c 01 cf 46 19 82 99 86 c8 9c 63 0f db 6c 49 11 fb f4 63 a1 2f 57 e7 5a ad fc 2d 07 22 6a 5d 8b 6d f6 91 c7 5b b0 fc 7c 03 de a7 ce 8d c2 fc f3 8b bf ff d5 39 71 1f cd 64 ed 58 62 1f f7 04 d9 27 ce c8 e1 99 ea dc 20 cc 3f 24 54 b0 d7 af b3 83 57 b2 ef 68 83 10 93 a7 0f e7 fa 0b 79 51 2b 89 1a 5f a5 52 b5 c2 93 67 41 fe 37 d5 b9 51 98 c5 47 09 42 be 2e 05 a5 1c 52 0d 9e 4a 0f cb 51 e4 1c af 7a 99 7d f4 47 3c 92 15 cd b9 5b c0 9c 93 a6 c9 7a 1f 6d 32 d8 7e bd 31 44 6a f9 eb 99 73 22 1f 1b b2 c4 76 bb 41 3c b2 b3 5c 73 6e 7c de 99 73 94 48 d8 71 ac 48 df e4 ec ab 38 27 b5 e1 e3 64 9a 89 61 55 e6 5c 1f 87 9a 73 43 73 35 e7 e4 d5 af 7c 13 7a b5 9c 2b 50 1b 6a d6 eb c5 a6 90 8a 72 0a ed 64 ce a9 73 e3 70 39 e7 58 3d cf 39
                                                                                                                                                                                                                        Data Ascii: eDC=J>FclIc/WZ-"j]m[|9qdXb' ?$TWhyQ+_RgA7QGB.RJQz}G<[zm2~1Djs"vA<\sn|sHqH8'daU\sCs5|z+Pjrdsp9X=9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        68192.168.2.749795119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC664OUTGET /im.qq.com_new/de9c920b/img/poster.712f34ab.jpg HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC472INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:45 GMT
                                                                                                                                                                                                                        Content-Type: image/jpeg
                                                                                                                                                                                                                        Content-Length: 108197
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:44 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: bf0be4c5-daad-4178-9058-6b4864df5624
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC15912INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 28 00 00 ff e1 03 31 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 37 2e 32 2d 63 30 30 30 20 37 39 2e 31 62 36 35 61 37 39 62 34 2c 20 32 30 32 32 2f 30 36 2f 31 33 2d 32 32 3a 30 31 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46
                                                                                                                                                                                                                        Data Ascii: ExifII*Ducky(1http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: b7 33 89 23 5b 70 dd db 5d 37 56 bc d1 f5 8e df 2a ed 60 fc 11 f2 4d 83 fd e8 3e 4d 1f 57 ed 6e bb 3b 6f c1 1d b4 e1 e7 f7 b5 b1 a2 2b 1a 26 9c 12 7d 25 65 93 c8 ac e9 a7 0e 3b f2 84 25 08 69 86 2e ef f2 51 e7 7e 33 d1 77 7f 92 8f 3b f1 9e 6b cb dd a7 d5 ea 76 8b fd bc 3c 8b 8a b6 7f db c3 c8 b8 f4 4e 1e 2d b9 a1 42 0d 80 a6 90 08 12 50 00 42 50 94 02 10 20 02 02 81 20 00 24 20 00 8b 30 93 8a 20 e6 fd c1 f2 a2 70 19 e8 3e e0 f9 51 3c fb 3c bb 72 fa 1e bf ac 44 68 d9 7f 75 6f cc ce 8d 1b 3c 37 10 7e 23 5e 63 5b fd 6f f0 f5 0b 22 02 39 20 9e a7 cd 42 10 29 14 18 96 40 54 86 58 19 ad ea b6 2c 6d 48 a7 50 75 18 c3 79 5b a9 13 52 2b 4c 28 8b 93 d4 35 14 20 1a 92 a0 a9 2a 05 3b cf ed e7 e4 73 f6 dd 28 e8 6f 31 b1 35 e0 73 f6 fd 28 e7 79 75 d7 87 4e c3 f4 16 54
                                                                                                                                                                                                                        Data Ascii: 3#[p]7V*`M>MWn;o+&}%e;%i.Q~3w;kv<N-BPBP $ 0 p>Q<<rDhuo<7~#^c[o"9 B)@TX,mHPuy[R+L(5 *;s(o15s(yuNT
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 33 76 91 bd 74 da f6 76 7e dc d9 ab 76 54 a4 b1 91 e8 f6 f0 d3 4f 03 07 6e b5 18 25 14 b2 3b 36 2d 45 a3 9f 37 2e b7 a3 55 a7 e9 47 37 ee 55 17 d9 b7 6e 59 7b 6c e9 a5 45 43 8f f7 64 b4 f6 1d db e7 0a 7e 66 b1 d6 7f 2c e5 f3 1d b2 ac a2 6e 4a 8d a5 91 93 69 1c 62 6c 92 95 6b 95 71 44 db 93 4e 01 11 81 05 99 79 b6 e5 13 0d 01 11 c3 25 a0 94 c4 b7 48 ae 21 06 28 66 48 a0 b2 51 5b cc 65 90 8f 31 d6 40 57 3c ca a4 59 3c ca 99 54 af 21 ec da d4 ea f2 10 d1 69 51 22 d5 3f b3 0c a8 2c ec 43 91 63 78 95 dc 9f a8 9d 57 20 92 4a 88 2b 32 70 0c 42 23 14 2c 01 16 5b 1c 4b 63 56 8c 80 b2 ab 85 95 a9 55 c0 b1 55 cc 80 b2 0c f2 15 64 69 a3 10 08 2c 2c 6d d8 4f 06 8d 8a 47 37 63 3a 49 9b b5 18 b3 ab d5 eb b9 d6 2d d4 65 de cf d0 5b ac cb 7f f7 25 e0 22 7b 6f f6 e3 e5 90
                                                                                                                                                                                                                        Data Ascii: 3vtv~vTOn%;6-E7.UG7UnY{lECd~f,nJiblkqDNy%H!(fHQ[e1@W<Y<T!iQ"?,CcxW J+2pB#,[KcVUUdi,,mOG7c:I-e[%"{o
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: c6 f7 12 b7 a4 cd 85 97 53 f3 20 65 d4 fc c0 8d 32 28 e8 76 d9 52 66 03 5e c6 54 91 a8 95 dc 84 8b 23 23 35 b9 e0 59 19 1a 67 0b ea 5f 60 cd 19 54 d1 b7 cc df af ed 1a d3 ed 17 d0 94 09 0f 4b d0 14 20 68 06 05 77 ae 2b 76 dc 9f 03 cc ee ef bb b7 5c f8 3c 8e 9f 79 dd 51 7b 11 78 bc 59 c5 78 b3 c5 ef df 3b 63 b4 6a 15 82 83 b4 4a 33 82 e1 5f b6 d8 ca da e2 87 5a b9 05 26 45 c1 54 12 c8 b2 28 89 0f 14 50 62 68 b6 53 14 5d 01 91 74 19 7c 0a 20 5d 00 55 b1 2c 89 5c 4b 22 56 4e 86 42 8d 10 86 19 0b 11 90 04 84 41 08 84 22 c8 85 10 28 01 2c 66 b6 d8 96 ab 6b 9a 2c 33 6d 65 8b 46 9a 9e ed 2e 75 95 10 61 6a 4a 9a 0c 11 6a 4a 80 42 2d 43 50 08 45 a9 2a 14 c4 16 a4 aa 08 62 0b 50 d4 06 08 9a 91 35 00 e1 2b f7 09 ac 0b 02 55 ee 13 dc 02 d2 14 fb a1 f7 41 85 d5 05 4c
                                                                                                                                                                                                                        Data Ascii: S e2(vRf^T##5Yg_`TK hw+v\<yQ{xYx;cjJ3_Z&ET(PbhS]t| ]U,\K"VNBA"(,fk,3meF.uajJjJB-CPE*bP5+UAL
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 27 af 69 50 e6 6f 76 ca db d7 0e 99 70 f1 33 ec df 79 3a 3a fa f6 9c 57 17 e9 77 2f 3a 44 7b 7d b9 cb 19 dc 7f 81 b1 8d 6f a5 9e 7b ec de f3 5d 70 c8 fb 7d 84 b1 ab f3 22 db d9 82 c2 28 d7 23 3c cc 5b 7b d2 28 dc 46 31 b4 de 46 17 2a a2 ee ed 29 c7 63 37 0e ae 07 9f 84 7b a5 ce 88 b6 75 f5 5f ed 6a ed 23 a9 3b 90 b6 9c a4 d1 9e ff 00 dc 1b 77 05 08 5b ab 4b 33 24 bb 4f 77 bd d7 16 48 fd bb be f8 ad b3 5b 6b 9e 59 fd 97 b3 3d fe e5 72 eb 6d 25 1f 04 66 96 e6 ec 8e b4 7b 05 f8 f5 5a 65 8b b5 4a 1d 56 9f e4 4f 19 3b 2f 96 d7 fc a4 70 27 ef 4d f1 24 7e aa 3d 35 3b eb 69 05 f0 87 e9 a1 fa 4b 9f c1 e1 73 9f 2a e1 46 7b b4 f8 8e bd f9 3f 51 da fa 68 7e 92 7d 3c 39 0c fe 17 c7 f3 6b 94 a1 3e 40 fa 66 dd 4e b7 b1 1e 42 bb 0b 90 cd 4f 08 e7 2d bb 1d 5b 94 4d 72 b1
                                                                                                                                                                                                                        Data Ascii: 'iPovp3y::Ww/:D{}o{]p}"(#<[{(F1F*)c7{u_j#;w[K3$OwH[kY=rm%f{ZeJVO;/p'M$~=5;iKs*F{?Qh~}<9k>@fNBO-[Mr
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 1a d0 28 4a 30 be 30 7d c5 c8 9e e2 e4 24 9c 23 d5 24 8a a5 ba b2 b0 55 63 0d 4d 3e 22 ff 00 71 13 dc 46 59 6e e3 c2 22 3d e4 f8 44 2f ea bf 0d be e2 06 b3 0f d5 dd 7f 09 3e aa f7 24 0f d3 5b bd c4 4f 71 71 30 fd 4d ee 48 8b 73 77 8a 4c 1f a6 b7 ab b1 0f b9 0e 66 0f aa 97 e9 44 fa c5 fa 41 fa 6f c3 a0 a7 17 93 1a 33 7f a8 e7 2d e4 38 a6 86 5b ab 4f 8b 45 4b ea bf 0e 87 b9 2e 64 ac 9f 13 14 2f 5b 79 48 b6 37 25 c2 41 9b a5 8d 15 64 d5 22 8f 72 e7 81 3d d9 84 f1 ad 1a d9 35 f3 45 2a ef 34 32 b9 07 c4 26 2a dd 48 a6 77 60 f0 4c 17 2e 2a 52 39 b2 ad 12 79 62 4b b4 9c b5 35 58 94 39 91 db 81 53 83 59 a6 2d 18 95 70 bf da 42 dc 84 21 1a cb 01 35 4f 99 8b 71 b8 b9 39 b8 ea f4 ae 02 d6 b4 d6 da 79 ce 73 6d 43 04 b8 95 3b 33 af a9 b6 24 77 13 8b c4 69 ee 9b 79 11
                                                                                                                                                                                                                        Data Ascii: (J00}$#$UcM>"qFYn"=D/>$[Oqq0MHswLfDAo3-8[OEK.d/[yH7%Ad"r=5E*42&*Hw`L.*R9ybK5X9SY-pB!5Oq9ysmC;3$wiy
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC10365INData Raw: 45 73 08 b6 8c 57 7e dc dd 7c 12 a9 65 87 8d 73 25 bc 9c 62 fd 6c e7 dd dc dd 9b e1 4e 0a 87 62 e7 db bd c3 f4 d4 a2 5f 6f ef d7 f4 99 65 8c d9 5c 7a 48 94 91 d6 7d 87 b8 7f a4 c3 1e c1 bf 6e 8e db 46 b3 3e 53 15 c8 d2 d9 65 a9 4e 0f 0a 7e 38 9d 98 7d b7 ba f8 a2 ff 00 03 55 9e c1 a7 aa dc 9b f1 26 61 8a e6 6c f7 57 b5 e1 6a 0e 99 3d 39 1e 83 6f dc f7 94 5a e3 1c b9 02 cf 69 71 e9 b6 6b b7 da ef 3e 06 6e 2b 53 30 f6 7b b4 ff 00 a9 0f c8 df 67 75 0b aa b1 fc 8c b0 ed 0f e2 66 cb 5b 48 da 5e 26 70 d4 ab 6a 9f 02 24 32 88 74 d4 8a 5a 12 81 d0 c3 a6 45 0b a5 03 4f 88 e9 06 88 04 a3 25 3c 07 49 07 48 c1 95 74 44 2c f6 c3 a1 f2 18 08 93 1d 54 8a 0c 65 1a 66 8a 86 4c d1 0a 51 14 41 2d 54 2f 8e 45 4a b1 22 51 81 54 28 a8 35 a7 02 56 a4 41 00 54 35 03 44 a0 06 a4
                                                                                                                                                                                                                        Data Ascii: EsW~|es%blNb_oe\zH}nF>SeN~8}U&alWj=9oZiqk>n+S0{guf[H^&pj$2tZEO%<IHtD,TefLQA-T/EJ"QT(5VAT5D


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        69192.168.2.749799203.205.137.2364437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC704OUTGET /thumbplayer-offline-log.html?max_age=3600 HTTP/1.1
                                                                                                                                                                                                                        Host: v.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                        Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:45 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 31545
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: NWS_UGC_HY
                                                                                                                                                                                                                        Cache-Control: max-age=3600
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 08:51:44 GMT
                                                                                                                                                                                                                        Last-Modified: Fri, 16 Feb 2024 07:00:00 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b3cf60fb-dedf-4a23-a731-29bf2d65d29e
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Client-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Server-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Upstream-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: Date
                                                                                                                                                                                                                        X-Client-Ip: 191.96.227.222
                                                                                                                                                                                                                        X-Server-Ip: 203.205.137.236
                                                                                                                                                                                                                        X-UA-Compatible: IE=Edge
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC15758INData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 3c 74 69 74 6c 65 3e 54 68 75 6d 62 70 6c 61 79 65 72 20 e7 a6 bb e7 ba bf e6 97 a5 e5 bf 97 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 2e 6e 6f 6e 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 72 65 70 6f 72 74 2d
                                                                                                                                                                                                                        Data Ascii: <!doctype html><html lang="en"><head><meta charset="UTF-8"/><meta http-equiv="X-UA-Compatible" content="IE=edge"/><meta name="viewport" content="width=device-width,initial-scale=1"/><title>Thumbplayer </title><style>.none{display:none}.report-
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC15787INData Raw: 65 78 74 22 3d 3d 3d 74 68 69 73 2e 6d 65 74 68 6f 64 26 26 28 74 68 69 73 2e 61 72 67 3d 76 6f 69 64 20 30 29 2c 6c 7d 7d 2c 74 7d 66 75 6e 63 74 69 6f 6e 20 78 28 74 2c 65 2c 6e 2c 72 2c 6f 2c 69 2c 73 29 7b 74 72 79 7b 76 61 72 20 61 3d 74 5b 69 5d 28 73 29 2c 63 3d 61 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 74 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 6e 28 74 29 7d 61 2e 64 6f 6e 65 3f 65 28 63 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 63 29 2e 74 68 65 6e 28 72 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 50 28 74 2c 65 29 7b 76 61 72 20 6e 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 26 26 76 6f 69 64 20 30 21 3d 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 3f 61 72 67 75 6d 65 6e 74 73 5b 32 5d 3a 7b 7d 2c 72 3d 6e 2e 62 6c 6f 63 6b 65
                                                                                                                                                                                                                        Data Ascii: ext"===this.method&&(this.arg=void 0),l}},t}function x(t,e,n,r,o,i,s){try{var a=t[i](s),c=a.value}catch(t){return void n(t)}a.done?e(c):Promise.resolve(c).then(r,o)}function P(t,e){var n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{},r=n.blocke


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        70192.168.2.74978943.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC882OUTPOST /speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1280%20*%20907&sr=1280%20*%201024&sessionId=session-1708076982979&from=https%3A%2F%2Fim.qq.com%2Fmobileqq%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 3060
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryMm7AfrBrhDsbSIBw
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC3060OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 4d 6d 37 41 66 72 42 72 68 44 73 62 53 49 42 77 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 61 79 6c 6f 61 64 22 0d 0a 0d 0a 7b 22 64 75 72 61 74 69 6f 6e 22 3a 7b 22 66 65 74 63 68 22 3a 5b 5d 2c 22 73 74 61 74 69 63 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 64 65 39 63 39 32 30 62 2f 6a 73 2f 76 75 65 2d 63 68 75 6e 6b 2e 62 63 39 63 32 35 38 35 2e 6a 73 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 22 2c 22 64 75 72 61 74 69 6f 6e 22 3a 32 32 38 36 2e 38 2c 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22
                                                                                                                                                                                                                        Data Ascii: ------WebKitFormBoundaryMm7AfrBrhDsbSIBwContent-Disposition: form-data; name="payload"{"duration":{"fetch":[],"static":[{"url":"https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/vue-chunk.bc9c2585.js","method":"get","duration":2286.8,"status":200,"
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC134INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:45 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        71192.168.2.74977643.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC876OUTPOST /speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 2259
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarygTCh4ZECLce1rpy9
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:44 UTC2259OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 67 54 43 68 34 5a 45 43 4c 63 65 31 72 70 79 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 61 79 6c 6f 61 64 22 0d 0a 0d 0a 7b 22 64 75 72 61 74 69 6f 6e 22 3a 7b 22 66 65 74 63 68 22 3a 5b 5d 2c 22 73 74 61 74 69 63 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 64 65 39 63 39 32 30 62 2f 6a 73 2f 76 75 65 2d 63 68 75 6e 6b 2e 62 63 39 63 32 35 38 35 2e 6a 73 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 22 2c 22 64 75 72 61 74 69 6f 6e 22 3a 30 2c 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 74 79 70 65 22
                                                                                                                                                                                                                        Data Ascii: ------WebKitFormBoundarygTCh4ZECLce1rpy9Content-Disposition: form-data; name="payload"{"duration":{"fetch":[],"static":[{"url":"https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/js/vue-chunk.bc9c2585.js","method":"get","duration":0,"status":200,"type"
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC134INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:45 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        72192.168.2.749801211.152.148.324437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC610OUTGET /web/im.qq.com/qq9_introduction_poster.jpg HTTP/1.1
                                                                                                                                                                                                                        Host: static-res.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC536INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:45 GMT
                                                                                                                                                                                                                        Content-Type: image/jpeg
                                                                                                                                                                                                                        Content-Length: 81925
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=600
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 08:01:45 GMT
                                                                                                                                                                                                                        Last-Modified: Fri, 19 Jan 2024 04:35:45 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: c571ca56-045d-4dce-84b6-4422e7d44ae8
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC15848INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 44 00 00 ff e1 03 2e 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                                                                                                                                                                                                        Data Ascii: ExifII*DuckyD.http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xm
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: a6 00 02 01 14 c0 00 00 00 0c 0c 00 00 00 00 00 02 00 20 00 00 08 00 00 00 91 28 19 0a 85 74 09 00 04 a8 8f d5 4a 74 62 90 89 bb 54 00 cf ad af 29 53 5b 64 80 ab 4c 25 51 3f 84 13 74 dc 62 c4 75 a5 66 a3 ad 2b 29 ad 44 ac da 61 35 59 ac ab 48 8b a5 62 b2 ed a8 c5 45 69 96 5d fe b5 19 ac ae db 73 67 d2 c6 6b 2a db 0c ba 6a 33 59 5f d6 92 b2 ad 31 58 f6 dc 65 87 71 b8 c7 4c 7a 98 99 6d cd 8f 4d 45 ac fa 6a 33 63 1e a3 6e 78 cb b9 f5 a9 59 c6 3d 46 e3 35 97 4d 46 58 75 1b 8c 58 cb a6 91 9f 4d 41 cd de dd 63 15 8f 71 a8 c5 8c 7a 8d c6 6c 61 dc 6e 56 2c 65 d7 fd 6b 71 cf f8 c6 cb 86 a2 30 ef 38 6a 31 d7 c6 1d e5 d2 38 dd 65 d4 db 69 e5 97 53 ff 00 f4 d1 8c fa 98 69 33 19 f5 1a 89 8c d5 a4 77 b6 a3 15 9d d5 52 17 e2 b5 3e 22 ac 2a 2b 49 12 28 ba 1a 4f e5 55 9f
                                                                                                                                                                                                                        Data Ascii: (tJtbT)S[dL%Q?tbuf+)Da5YHbEi]sgk*j3Y_1XeqLzmMEj3cnxY=F5MFXuXMAcqzlanV,ekq08j18eiSi3wR>"*+I(OU
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: 2b 51 2a 3a 58 c2 3a 8d 44 65 d3 51 9a 8b 15 13 54 65 db 51 8a c6 b6 ca 2c fa d2 62 2e d6 23 2e b6 d4 66 b3 b3 eb 4c 58 cb a6 a0 ce c6 93 11 64 5d 62 f2 ca e9 b6 19 dd 2a b3 eb f5 a8 95 9d 91 a7 3b 19 f4 a3 3e e7 c6 a5 66 c6 7d 7e 35 18 ac fa 91 a8 8c ec 8d 15 9f 7c b5 2b 36 32 f3 5a d6 70 ac 54 63 77 5a 44 75 23 51 8b 19 d6 99 b1 18 8a ce 22 c8 b0 c4 5e 67 f1 75 9b 19 f5 c6 26 9a 95 31 17 9f 9a 6b 4c 65 d7 37 f3 6d 4a c7 5b 11 d7 3d 63 ea ca e7 76 a2 f3 86 b5 9b ca 2f 2b a9 e6 95 e7 fa 2e 54 77 cc 6a 52 c4 62 2a 62 6f 33 2b a9 62 2f ca ac e9 29 a3 10 6b 07 98 69 88 c4 56 70 62 06 17 95 d3 13 88 a8 31 00 5f 82 ca 59 17 46 43 46 43 46 43 46 43 46 43 46 43 46 43 46 43 40 6d 5f 99 13 52 e9 08 39 92 d8 55 8b bc 49 f5 35 70 b1 3f 86 8a e6 7f 84 d2 43 c0 9a 04
                                                                                                                                                                                                                        Data Ascii: +Q*:X:DeQTeQ,b.#.fLXd]b*;>f}~5|+62ZpTcwZDu#Q"^gu&1kLe7mJ[=cv/+.TwjRb*bo3+b/)kiVpb1_YFCFCFCFCFCFCFCFC@m_R9UI5p?C
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: a4 5e a6 47 3a 5e a2 a6 8f 50 35 28 69 e4 34 7a 56 a7 49 eb a9 3e d2 42 d4 ff 00 e9 cb 5e 58 d1 ff 00 a4 64 d1 ff 00 a4 0d 2b d4 ba 59 04 e6 2f 90 5e a4 3c 83 30 f2 0c c3 c8 33 0f 21 66 34 83 20 32 07 98 28 f5 0c 34 7a 86 1a 3d 43 0d 1e a1 86 8f 50 c3 47 a8 61 a7 3a 31 47 a4 c0 e5 16 2a 75 12 c5 3f 51 30 39 d1 8b 29 cb 4c 6b 4f d2 62 ea 91 55 91 55 ea 26 35 28 96 65 17 55 2c ca 0a c8 aa 95 15 52 a2 aa 75 13 15 52 ca 96 2c 39 62 0a 97 f8 2c 39 d7 cf a9 8d ea e5 45 8a ca 34 79 16 1f a4 0f 20 79 45 87 91 4f 28 b0 f2 28 03 14 01 a3 a0 00 05 d5 fc 12 a6 04 50 a9 f5 20 1e 60 22 c0 1e a0 15 ab 04 fa 8a 0b 66 00 b3 17 10 ba bf 04 43 4a 2d c0 27 ab 2e 9a 4a 81 9b 4a ab 36 95 b2 0c 89 60 b0 7e 91 53 67 d5 09 59 2a 09 f5 14 26 99 42 a2 6f c1 9a 14 4d 02 aa 95 2a c8
                                                                                                                                                                                                                        Data Ascii: ^G:^P5(i4zVI>B^Xd+Y/^<03!f4 2(4z=CPGa:1G*u?Q09)LkObUU&5(eU,RuR,9b,9E4y yEO((P `"fCJ-'.JJ6`~SgY*&BoM*
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC16384INData Raw: d3 51 8e 93 5b 65 9d 58 c7 48 ad 39 fe b3 bb 69 11 d3 51 9a ce ab 28 e9 a8 cf 4c 9a 61 15 52 b3 a3 15 9f 4d 46 19 56 d8 67 de 9a 89 d3 2e fe 46 a3 0c ad ce da 66 b3 eb e8 e7 59 f5 3e 3a 44 ac ae da 65 1d b5 cb 9f 6c ad fe b6 ca 68 33 19 ac fa b6 3a 48 c3 2e 9a 42 56 19 f4 a3 2f 55 62 54 5d 3a 38 b3 ba 51 1e a8 b1 3d db 85 67 a6 77 ab 76 b1 cf 51 d5 b2 36 8c ed b5 50 81 1d fe 2a 33 eb ab 2e 1a 95 8e af ea 73 96 d9 67 6d cd fa a8 42 80 67 9b fd 6f 19 2a a8 95 13 9a 20 cd 02 eb e4 51 12 dc ec 07 57 e0 24 52 ea d8 d4 4a 52 d5 b1 05 ff 00 24 4c 4a 98 10 c0 a6 00 c1 9a 8a 79 a0 59 a0 57 4a 95 13 ae 8c 4d 54 b7 f4 c5 d3 f5 0c 34 4b 93 03 45 19 c0 1e 68 ba a9 7f a8 e8 a9 72 28 01 9a 26 aa 5b 86 5a 8a 94 55 20 01 a7 2c d6 f9 69 11 d3 93 88 a7 36 82 d1 b3 80 a9 b4
                                                                                                                                                                                                                        Data Ascii: Q[eXH9iQ(LaRMFVg.FfY>:Delh3:H.BV/UbT]:8Q=gwvQ6P*3.sgmBgo* QW$RJR$LJyYWJMT4KEhr(&[ZU ,i6
                                                                                                                                                                                                                        2024-02-16 07:51:45 UTC541INData Raw: e3 51 cd 97 6a 95 87 6e 91 8e 98 f5 86 a3 87 4c 6e db 8c d6 5d ee b7 19 ac ba 6a 33 58 f4 dc 71 ac ae 30 d3 17 58 5f d6 e3 8b 3b aa d4 46 37 55 b6 59 75 aa d4 2f c6 55 a7 34 75 a6 a2 56 1f ec 6e 39 76 cb a6 a3 0c be 34 cf e2 3a c2 c3 f1 9f 58 cb 51 cf ac d6 7d 63 2d 46 7f 19 75 ba d4 4a 8b a6 a2 22 ed 58 fe a2 ed a0 ba fc 12 a3 a5 82 6e 96 25 f8 ce e9 a6 11 f3 28 1d d7 c1 50 ac 9a 80 6d 0a 89 eb 60 1a 87 e9 2b 34 07 e1 5d a3 70 ff 00 06 2e 1a 36 00 00 00 00 00 33 69 80 0b e7 48 dc 31 7f 0e 6f e0 45 7f fa ff 00 08 b3 47 ff 00 af f0 35 fa b9 af a8 d7 e9 a0 01 7c e7 09 5a 9a a4 55 4c a3 73 55 33 84 6a 6a a2 2a a0 ab 9f 8c b7 17 11 a5 cc b2 d9 fd 4a 2f 9d 32 da f9 d0 b1 73 38 46 95 ce d2 b5 ca e2 3a 45 f2 cd 69 a4 65 a8 a9 94 6d 73 28 aa 99 c2 0a 99 c2 55 fd
                                                                                                                                                                                                                        Data Ascii: QjnLn]j3Xq0X_;F7UYu/U4uVn9v4:XQ}c-FuJ"Xn%(Pm`+4]p.63iH1oEG5|ZULsU3jj*J/2s8F:Eiems(U


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        73192.168.2.749804129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC676OUTPOST /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 578
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC578OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 39 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 5f 31 37 30 38 30 37 36 39 38 34 37 37 34 22 2c 22 41 31 30
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.9-web","mainAppKey":"0WEB04SGH543EALS","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB04SGH543EALS_1708076984774","A10
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:46 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=998b0a6be85a9de4c3e3a75f3c7be40b; Expires=Fri, 16-Feb-2024 08:21:46 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 30 36 36 34 37 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069906647", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        74192.168.2.749805129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC677OUTPOST /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 1230
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC1230OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 39 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 5f 31 37 30 38 30 37 36 39 38 34 37 37 34 22 2c 22 41 31 30
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.9-web","mainAppKey":"0WEB04SGH543EALS","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB04SGH543EALS_1708076984774","A10
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:46 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=4f0fd495321bb18cf3456ab6fd56319c; Expires=Fri, 16-Feb-2024 08:21:46 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 30 36 36 34 35 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069906645", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        75192.168.2.749807211.152.148.324437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC382OUTGET /web/im.qq.com/qq9_introduction_poster.jpg HTTP/1.1
                                                                                                                                                                                                                        Host: static-res.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC500INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:46 GMT
                                                                                                                                                                                                                        Content-Type: image/jpeg
                                                                                                                                                                                                                        Content-Length: 81925
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=600
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 08:01:45 GMT
                                                                                                                                                                                                                        Last-Modified: Fri, 19 Jan 2024 04:35:45 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8d2b9ddd-64d1-443f-a51a-c9db1f852933
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC15884INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 44 00 00 ff e1 03 2e 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 36 2e 30 2d 63 30 30 36 20 37 39 2e 31 36 34 37 35 33 2c 20 32 30 32 31 2f 30 32 2f 31 35 2d 31 31 3a 35 32 3a 31 33 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d
                                                                                                                                                                                                                        Data Ascii: ExifII*DuckyD.http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xm
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC16384INData Raw: d5 4a 74 62 90 89 bb 54 00 cf ad af 29 53 5b 64 80 ab 4c 25 51 3f 84 13 74 dc 62 c4 75 a5 66 a3 ad 2b 29 ad 44 ac da 61 35 59 ac ab 48 8b a5 62 b2 ed a8 c5 45 69 96 5d fe b5 19 ac ae db 73 67 d2 c6 6b 2a db 0c ba 6a 33 59 5f d6 92 b2 ad 31 58 f6 dc 65 87 71 b8 c7 4c 7a 98 99 6d cd 8f 4d 45 ac fa 6a 33 63 1e a3 6e 78 cb b9 f5 a9 59 c6 3d 46 e3 35 97 4d 46 58 75 1b 8c 58 cb a6 91 9f 4d 41 cd de dd 63 15 8f 71 a8 c5 8c 7a 8d c6 6c 61 dc 6e 56 2c 65 d7 fd 6b 71 cf f8 c6 cb 86 a2 30 ef 38 6a 31 d7 c6 1d e5 d2 38 dd 65 d4 db 69 e5 97 53 ff 00 f4 d1 8c fa 98 69 33 19 f5 1a 89 8c d5 a4 77 b6 a3 15 9d d5 52 17 e2 b5 3e 22 ac 2a 2b 49 12 28 ba 1a 4f e5 55 9f 10 a1 5d ac 68 86 e1 59 90 4a b2 55 62 96 15 4a aa c2 ba 15 38 aa 80 00 26 c5 52 46 c0 0f c1 62 40 35 00 00
                                                                                                                                                                                                                        Data Ascii: JtbT)S[dL%Q?tbuf+)Da5YHbEi]sgk*j3Y_1XeqLzmMEj3cnxY=F5MFXuXMAcqzlanV,ekq08j18eiSi3wR>"*+I(OU]hYJUbJ8&RFb@5
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC16384INData Raw: b3 eb 4c 58 cb a6 a0 ce c6 93 11 64 5d 62 f2 ca e9 b6 19 dd 2a b3 eb f5 a8 95 9d 91 a7 3b 19 f4 a3 3e e7 c6 a5 66 c6 7d 7e 35 18 ac fa 91 a8 8c ec 8d 15 9f 7c b5 2b 36 32 f3 5a d6 70 ac 54 63 77 5a 44 75 23 51 8b 19 d6 99 b1 18 8a ce 22 c8 b0 c4 5e 67 f1 75 9b 19 f5 c6 26 9a 95 31 17 9f 9a 6b 4c 65 d7 37 f3 6d 4a c7 5b 11 d7 3d 63 ea ca e7 76 a2 f3 86 b5 9b ca 2f 2b a9 e6 95 e7 fa 2e 54 77 cc 6a 52 c4 62 2a 62 6f 33 2b a9 62 2f ca ac e9 29 a3 10 6b 07 98 69 88 c4 56 70 62 06 17 95 d3 13 88 a8 31 00 5f 82 ca 59 17 46 43 46 43 46 43 46 43 46 43 46 43 46 43 46 43 40 6d 5f 99 13 52 e9 08 39 92 d8 55 8b bc 49 f5 35 70 b1 3f 86 8a e6 7f 84 d2 43 c0 9a 04 a0 4c 5f 32 63 ec 66 d5 c5 62 20 be 66 22 56 a1 cd a2 ab cc 4d 3c c5 f3 cc 4b 53 4e 73 32 6a 2b 11 06 93 6c
                                                                                                                                                                                                                        Data Ascii: LXd]b*;>f}~5|+62ZpTcwZDu#Q"^gu&1kLe7mJ[=cv/+.TwjRb*bo3+b/)kiVpb1_YFCFCFCFCFCFCFCFC@m_R9UI5p?CL_2cfb f"VM<KSNs2j+l
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC16384INData Raw: d1 ff 00 a4 0d 2b d4 ba 59 04 e6 2f 90 5e a4 3c 83 30 f2 0c c3 c8 33 0f 21 66 34 83 20 32 07 98 28 f5 0c 34 7a 86 1a 3d 43 0d 1e a1 86 8f 50 c3 47 a8 61 a7 3a 31 47 a4 c0 e5 16 2a 75 12 c5 3f 51 30 39 d1 8b 29 cb 4c 6b 4f d2 62 ea 91 55 91 55 ea 26 35 28 96 65 17 55 2c ca 0a c8 aa 95 15 52 a2 aa 75 13 15 52 ca 96 2c 39 62 0a 97 f8 2c 39 d7 cf a9 8d ea e5 45 8a ca 34 79 16 1f a4 0f 20 79 45 87 91 4f 28 b0 f2 28 03 14 01 a3 a0 00 05 d5 fc 12 a6 04 50 a9 f5 20 1e 60 22 c0 1e a0 15 ab 04 fa 8a 0b 66 00 b3 17 10 ba bf 04 43 4a 2d c0 27 ab 2e 9a 4a 81 9b 4a ab 36 95 b2 0c 89 60 b0 7e 91 53 67 d5 09 59 2a 09 f5 14 26 99 42 a2 6f c1 9a 14 4d 02 aa 95 2a c8 02 a0 4a 84 21 58 a1 60 4c 2b 14 21 00 27 15 51 3e 2a e9 83 c5 34 c2 c5 13 06 00 ac 50 b0 05 65 18 ea 0c 2b
                                                                                                                                                                                                                        Data Ascii: +Y/^<03!f4 2(4z=CPGa:1G*u?Q09)LkObUU&5(eU,RuR,9b,9E4y yEO((P `"fCJ-'.JJ6`~SgY*&BoM*J!X`L+!'Q>*4Pe+
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC16384INData Raw: 46 19 56 d8 67 de 9a 89 d3 2e fe 46 a3 0c ad ce da 66 b3 eb e8 e7 59 f5 3e 3a 44 ac ae da 65 1d b5 cb 9f 6c ad fe b6 ca 68 33 19 ac fa b6 3a 48 c3 2e 9a 42 56 19 f4 a3 2f 55 62 54 5d 3a 38 b3 ba 51 1e a8 b1 3d db 85 67 a6 77 ab 76 b1 cf 51 d5 b2 36 8c ed b5 50 81 1d fe 2a 33 eb ab 2e 1a 95 8e af ea 73 96 d9 67 6d cd fa a8 42 80 67 9b fd 6f 19 2a a8 95 13 9a 20 cd 02 eb e4 51 12 dc ec 07 57 e0 24 52 ea d8 d4 4a 52 d5 b1 05 ff 00 24 4c 4a 98 10 c0 a6 00 c1 9a 8a 79 a0 59 a0 57 4a 95 13 ae 8c 4d 54 b7 f4 c5 d3 f5 0c 34 4b 93 03 45 19 c0 1e 68 ba a9 7f a8 e8 a9 72 28 01 9a 26 aa 5b 86 5a 8a 94 55 20 01 a7 2c d6 f9 69 11 d3 93 88 a7 36 82 d1 b3 80 a9 b4 17 19 74 5c 46 95 94 55 4b 70 8b 15 11 57 2f c4 6a 34 9a 65 d6 4f c3 88 58 ae 52 91 aa 3a e1 e5 1a 8a e6 fe
                                                                                                                                                                                                                        Data Ascii: FVg.FfY>:Delh3:H.BV/UbT]:8Q=gwvQ6P*3.sgmBgo* QW$RJR$LJyYWJMT4KEhr(&[ZU ,i6t\FUKpW/j4eOXR:
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC505INData Raw: 17 58 5f d6 e3 8b 3b aa d4 46 37 55 b6 59 75 aa d4 2f c6 55 a7 34 75 a6 a2 56 1f ec 6e 39 76 cb a6 a3 0c be 34 cf e2 3a c2 c3 f1 9f 58 cb 51 cf ac d6 7d 63 2d 46 7f 19 75 ba d4 4a 8b a6 a2 22 ed 58 fe a2 ed a0 ba fc 12 a3 a5 82 6e 96 25 f8 ce e9 a6 11 f3 28 1d d7 c1 50 ac 9a 80 6d 0a 89 eb 60 1a 87 e9 2b 34 07 e1 5d a3 70 ff 00 06 2e 1a 36 00 00 00 00 00 33 69 80 0b e7 48 dc 31 7f 0e 6f e0 45 7f fa ff 00 08 b3 47 ff 00 af f0 35 fa b9 af a8 d7 e9 a0 01 7c e7 09 5a 9a a4 55 4c a3 73 55 33 84 6a 6a a2 2a a0 ab 9f 8c b7 17 11 a5 cc b2 d9 fd 4a 2f 9d 32 da f9 d0 b1 73 38 46 95 ce d2 b5 ca e2 3a 45 f2 cd 69 a4 65 a8 a9 94 6d 73 28 aa 99 c2 0a 99 c2 55 fd 54 ce 51 a9 ab 99 47 49 aa 99 46 bf 55 32 82 e6 7f 51 62 a2 36 a4 55 4c a3 4a 99 46 a1 fd 1a 1f 41 5f 50 3f
                                                                                                                                                                                                                        Data Ascii: X_;F7UYu/U4uVn9v4:XQ}c-FuJ"Xn%(Pm`+4]p.63iH1oEG5|ZULsU3jj*J/2s8F:Eiems(UTQGIFU2Qb6ULJFA_P?


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        76192.168.2.74980343.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC958OUTGET /collect/events?payload=%5B%7B%22name%22%3A%22QQ%E6%96%B0%E7%89%88%E5%AE%98%E7%BD%91%E9%A6%96%E9%A1%B5%E6%9B%9D%E5%85%89%22%2C%22ext1%22%3A%22%22%2C%22ext2%22%3A%22%22%2C%22ext3%22%3A%22%22%7D%5D&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC404INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:46 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,POST,OPTIONS
                                                                                                                                                                                                                        Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
                                                                                                                                                                                                                        Access-Control-Max-Age: 86400
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        77192.168.2.749813129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC678OUTPOST /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 16276
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC16276OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 39 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 34 53 47 48 35 34 33 45 41 4c 53 5f 31 37 30 38 30 37 36 39 38 34 37 37 34 22 2c 22 41 31 30
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.9-web","mainAppKey":"0WEB04SGH543EALS","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB04SGH543EALS_1708076984774","A10
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:47 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=b2fdb5fd6c7302e090747e0c94600844; Expires=Fri, 16-Feb-2024 08:21:47 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 30 37 33 38 33 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069907383", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        78192.168.2.749814129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:46 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069905601&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:47 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        79192.168.2.749810203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC383OUTGET /im.qq.com_new/de9c920b/img/qq9.03144aa7.svg HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC541INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:47 GMT
                                                                                                                                                                                                                        Content-Type: image/svg+xml
                                                                                                                                                                                                                        Content-Length: 9409
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:47 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 829f5bca-c02a-471c-b55a-68ea1d611e7e
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC9409INData Raw: 20 3c 73 76 67 20 77 69 64 74 68 3d 22 39 37 31 22 20 68 65 69 67 68 74 3d 22 32 39 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 20 20 3c 70 61 74 68 0a 20 20 20 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 0a 20 20 20 20 64 3d 22 4d 31 30 35 2e 37 35 36 20 32 36 34 2e 37 35 37 43 31 33 30 2e 30 31 33 20 32 38 30 2e 36 34 31 20 31 35 38 2e 35 34 20 32 38 39 2e 31 33 32 20 31 38 37 2e 37 33 20 32 38 39 2e 31 35 37 48 33 35 31 2e 34 39 38 56 32 34 39 2e 39 36 48 32 38 38 2e 38 37 35 43 33 30 31 2e 38 33 38 20 32 33 38 2e 30 37 34 20 33 31 32 2e 35 32 36 20 32 32 33 2e 39 36 37 20 33 32 30 2e 33 38 39 20 32 30 38 2e 32 39 38 43 33 33 30 2e 33 30 38 20 31 38 38 2e 35 33 20
                                                                                                                                                                                                                        Data Ascii: <svg width="971" height="292" xmlns="http://www.w3.org/2000/svg"> <path clip-rule="evenodd" d="M105.756 264.757C130.013 280.641 158.54 289.132 187.73 289.157H351.498V249.96H288.875C301.838 238.074 312.526 223.967 320.389 208.298C330.308 188.53


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        80192.168.2.749812203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC387OUTGET /im.qq.com_new/de9c920b/img/qq9logo.2a076d03.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:47 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 14758
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:46 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b33f5d17-b2cb-4e51-bf8b-08a7a03dac59
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC14758INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 43 00 00 00 6c 08 06 00 00 00 f0 be d0 50 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRClPpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        81192.168.2.749809203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC385OUTGET /im.qq.com_new/de9c920b/img/phone.55b5179d.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC585INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:47 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 73157
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:46 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: eda07d5ff3bb9adfdb965512ac2ae54a
                                                                                                                                                                                                                        X-NWS-LOG-UUID: f91ce929-390b-4964-a8e4-13c3d3d292a3
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC15799INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 73 00 00 05 4c 08 03 00 00 00 63 e5 ee ca 00 00 03 00 50 4c 54 45 f2 f2 f7 f5 f5 f8 f5 f7 ff f4 f9 ff f5 f7 fe f7 f7 ff f7 f9 ff f3 f3 f7 f3 f7 ff f5 f6 ff fa f5 ff ff f4 ff f6 f6 ff f4 f5 fb ff f3 ff 00 9c ff f4 f6 fd ff f5 fb ff f7 f9 ff f8 f7 ff f9 f4 ff f9 f1 ff f6 fc ee ee ff 00 00 00 ff ff ff ed f8 ff dc d7 d5 f1 f1 f5 00 79 ed da d5 d2 d8 d2 d0 e5 e5 e9 5c c8 ff 87 d3 ff d4 ce cc 98 98 9a e2 e1 e6 e6 e2 e0 e3 df dd ec e9 e8 1f 1e 20 d2 cb c9 8b 8b 8c ed ed f2 d0 c9 c6 e7 c5 c1 e1 dc da e8 e5 e4 4c 4c 4c e8 ed f0 f8 f6 f6 3d 3d 3e df db d8 b6 b6 b9 27 89 ef e8 e8 ed e6 bb b8 69 a8 f3 f8 f1 ff ee ec eb e5 c1 bd 4a 99 f2 de d9 d7 cc cb cf cb c3 c0 7a 7a 7d bd 9e b4 94 c0 f6 eb ca c7 bc d5 f5 fa
                                                                                                                                                                                                                        Data Ascii: PNGIHDRsLcPLTEy\ LLL==>'iJzz}
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: 31 d4 c5 33 49 6c cf 60 93 1e 73 64 ca 0d 36 99 15 1f ad e4 06 97 f3 e6 ce fc 45 4e 73 3d 13 e4 5e 4f c6 ed b7 49 c6 4a 41 e1 6d ba cf dd de c7 f9 f7 96 38 f7 47 66 ba cc 72 89 e6 fe aa 38 49 e2 1d 98 e0 b6 f0 65 2e cc 72 34 88 68 14 72 23 cc c6 01 cc 11 cd 07 75 c1 78 57 9d eb f4 16 17 43 1c 3a 96 f2 2e 78 6e 80 ec fa a1 07 06 0a 36 3d 7a cc 19 af 31 d5 46 5d 7a f7 98 eb 0c 73 0f 37 e6 6f 0d 73 34 fc ba 9d 93 35 6f f7 13 cf ed 3f be 79 83 05 b1 55 e3 e0 47 14 de 84 d2 82 65 d0 fe da b1 23 0a 38 b5 22 ee b7 11 cc 7d 6d b0 3b c2 43 62 c7 5a ea d2 2a cc 9d cc 75 0f f8 e6 04 71 5f b2 20 b0 04 04 6c 75 9e a3 6c 9a 8a 1d c3 dc ae eb 4d b7 8e 06 35 af 55 e1 b9 97 c6 73 f9 46 77 98 91 3e 05 f7 0d 72 1b df e6 24 e0 a0 c8 7b 58 74 2e 6b 50 68 cb 6f 52 f5 09 9b 93
                                                                                                                                                                                                                        Data Ascii: 13Il`sd6ENs=^OIJAm8Gfr8Ie.r4hr#uxWC:.xn6=z1F]zs7os45o?yUGe#8"}m;CbZ*uq_ lulM5UsFw>r${Xt.kPhoR
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: 5c e8 c2 0d 73 e9 ea fb fa 51 48 9c 19 50 6e 4f 35 c7 6d d9 ec ca 0d c8 64 7f 27 94 16 6b 32 b2 4c b0 91 db 8c 53 9a ea 0f 9d 43 0f 30 be f8 5b bf 4c 4f c8 a3 00 32 6d 76 8f 74 82 d3 ca 1c 90 94 0b 90 2b e6 44 32 9f 95 30 b3 0b ba 87 79 e9 b5 ec 0f fb 2e c6 d8 9c cf 33 21 56 a9 f9 9c a3 8b b3 d3 b3 13 71 ae 12 b7 52 c9 d5 11 77 3e d4 9e 99 63 93 9f 44 22 94 4e 00 6c 1c 57 68 79 18 62 9c a6 c1 25 6b 79 2a 67 3f f5 4f 9b 23 a7 15 5c e6 20 a5 42 67 5c fe 6d 7e 02 a1 01 0f e1 a8 22 0b 17 cd a8 76 9e 60 16 06 1f 7d 83 b1 30 87 c0 60 c6 c9 54 4e 21 83 08 22 c0 9c 36 bb b9 06 32 07 ca 90 82 d3 02 08 a7 aa 76 4a 23 4c 3d 9a a5 71 d4 6c e7 8c 5c 9c f6 63 24 ab c9 7f 0a 74 0b 61 4e 84 ee 7c bd 7e 3d 31 b7 16 e6 1a aa 8b 85 be 77 e4 5a 17 b0 d6 fb 55 1a 9e c3 97 6a
                                                                                                                                                                                                                        Data Ascii: \sQHPnO5md'k2LSC0[LO2mvt+D20y.3!VqRw>cD"NlWhyb%ky*g?O#\ Bg\m~"v`}0`TN!"62vJ#L=ql\c$taN|~=1wZUj
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: f4 3c 87 b0 1c 61 ab 0a f3 4c bb 0c ab e3 5a e8 dc ec a2 41 a0 13 79 fb c8 c1 3c 70 f4 f3 e1 ef 6b a0 f4 f8 71 b5 ed 98 5e 06 eb fc 5a 3b f3 0b cf 1f 41 a0 3c 0b 84 da 75 13 8a 8c a3 d6 bc a6 ef b2 63 77 bd 07 50 90 d6 22 ec 8b 4d e2 19 62 a3 30 be c4 84 a7 2b 46 d4 79 80 ab 15 cb 47 d4 20 c5 54 49 9c 8f 68 ac 6a 21 36 76 32 35 ea e2 91 a8 83 31 be 59 91 6f b2 34 d1 9c bf c7 ae 4a 36 6b ca 5f 8b 92 70 5e 79 8d 97 cc 21 83 a8 47 ea 9c e5 53 a7 3b 41 60 49 a1 ef 5f 43 bf 9c 7a c8 9d dc 2a 00 99 db ca 2d 2f 6d f2 aa ba 1e 13 c5 9e 87 02 4b 0f e7 b8 d2 49 43 09 df 67 8e 67 07 da 38 31 78 b7 b2 42 a9 78 ac a7 13 5c 0e f5 44 c7 29 71 38 8d c5 71 f7 49 da df fd 9b 6d d5 95 35 3c 2a 71 f3 e8 95 cb 6b c2 74 cc 80 e2 18 b4 dc 82 ce a9 81 10 50 16 9c 15 d6 a9 5c 38
                                                                                                                                                                                                                        Data Ascii: <aLZAy<pkq^Z;A<ucwP"Mb0+FyG TIhj!6v251Yo4J6k_p^y!GS;A`I_Cz*-/mKICgg81xBx\D)q8qIm5<*qktP\8
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC8206INData Raw: 8b fe 57 a7 1e 33 b8 f4 dd 32 77 5f ec d1 6d 3a e7 33 69 a7 56 c0 d3 69 b3 f6 ad 92 af 31 81 66 8f 45 63 22 a9 1a e7 27 ef 1e 6f bb 17 f6 26 84 28 74 8e 16 ca 72 1d 5f 75 f1 46 43 a7 e9 d2 b9 e1 85 dc 0d 32 46 15 b5 14 a8 c4 bd 67 ef dc 71 e3 86 a1 28 5a a6 0a 58 5f 6e 23 db 51 a5 8a 3d 37 c1 46 dc 05 a1 96 bd 36 97 21 87 ca 15 fd 30 91 2d 38 0e 65 bc 93 44 43 3d 4a 9a 18 3e b8 fc 8c 01 cf 46 19 82 99 86 c8 9c 63 0f db 6c 49 11 fb f4 63 a1 2f 57 e7 5a ad fc 2d 07 22 6a 5d 8b 6d f6 91 c7 5b b0 fc 7c 03 de a7 ce 8d c2 fc f3 8b bf ff d5 39 71 1f cd 64 ed 58 62 1f f7 04 d9 27 ce c8 e1 99 ea dc 20 cc 3f 24 54 b0 d7 af b3 83 57 b2 ef 68 83 10 93 a7 0f e7 fa 0b 79 51 2b 89 1a 5f a5 52 b5 c2 93 67 41 fe 37 d5 b9 51 98 c5 47 09 42 be 2e 05 a5 1c 52 0d 9e 4a 0f cb
                                                                                                                                                                                                                        Data Ascii: W32w_m:3iVi1fEc"'o&(tr_uFC2Fgq(ZX_n#Q=7F6!0-8eDC=J>FclIc/WZ-"j]m[|9qdXb' ?$TWhyQ+_RgA7QGB.RJ


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        82192.168.2.749811203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC386OUTGET /im.qq.com_new/de9c920b/img/poster.712f34ab.jpg HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC535INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:47 GMT
                                                                                                                                                                                                                        Content-Type: image/jpeg
                                                                                                                                                                                                                        Content-Length: 108197
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:47 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 6d210904-e01c-4c61-89d0-33cf09f6370b
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC15849INData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 28 00 00 ff e1 03 31 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 37 2e 32 2d 63 30 30 30 20 37 39 2e 31 62 36 35 61 37 39 62 34 2c 20 32 30 32 32 2f 30 36 2f 31 33 2d 32 32 3a 30 31 3a 30 31 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46
                                                                                                                                                                                                                        Data Ascii: ExifII*Ducky(1http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: 5c ba 51 6b 3a 7d 68 3f 96 c1 6b a4 2f e5 b0 5a c8 9d 9b ef fd 0b 1e b2 cb ca b6 98 9f d4 a1 65 df 94 fc 82 63 fb 6a 8d b6 66 bb 9d 28 c7 b6 cc db 73 e5 a1 79 34 fa 8a e9 42 cf 34 34 7a 50 b7 33 89 23 5b 70 dd db 5d 37 56 bc d1 f5 8e df 2a ed 60 fc 11 f2 4d 83 fd e8 3e 4d 1f 57 ed 6e bb 3b 6f c1 1d b4 e1 e7 f7 b5 b1 a2 2b 1a 26 9c 12 7d 25 65 93 c8 ac e9 a7 0e 3b f2 84 25 08 69 86 2e ef f2 51 e7 7e 33 d1 77 7f 92 8f 3b f1 9e 6b cb dd a7 d5 ea 76 8b fd bc 3c 8b 8a b6 7f db c3 c8 b8 f4 4e 1e 2d b9 a1 42 0d 80 a6 90 08 12 50 00 42 50 94 02 10 20 02 02 81 20 00 24 20 00 8b 30 93 8a 20 e6 fd c1 f2 a2 70 19 e8 3e e0 f9 51 3c fb 3c bb 72 fa 1e bf ac 44 68 d9 7f 75 6f cc ce 8d 1b 3c 37 10 7e 23 5e 63 5b fd 6f f0 f5 0b 22 02 39 20 9e a7 cd 42 10 29 14 18 96 40 54
                                                                                                                                                                                                                        Data Ascii: \Qk:}h?k/Zecjf(sy4B44zP3#[p]7V*`M>MWn;o+&}%e;%i.Q~3w;kv<N-BPBP $ 0 p>Q<<rDhuo<7~#^c[o"9 B)@T
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: 2b 79 9d 9d b6 c3 db db de dc 5f f4 e8 58 79 9c 69 ba b6 cd eb b4 b9 c7 67 1d f5 ba e3 3d ca 06 14 88 69 82 8c 91 02 93 65 11 22 c8 45 b6 92 e2 34 2c 4e 4f 2a 9d 7e dd d9 e4 e4 ae 5c c3 92 33 76 91 bd 74 da f6 76 7e dc d9 ab 76 54 a4 b1 91 e8 f6 f0 d3 4f 03 07 6e b5 18 25 14 b2 3b 36 2d 45 a3 9f 37 2e b7 a3 55 a7 e9 47 37 ee 55 17 d9 b7 6e 59 7b 6c e9 a5 45 43 8f f7 64 b4 f6 1d db e7 0a 7e 66 b1 d6 7f 2c e5 f3 1d b2 ac a2 6e 4a 8d a5 91 93 69 1c 62 6c 92 95 6b 95 71 44 db 93 4e 01 11 81 05 99 79 b6 e5 13 0d 01 11 c3 25 a0 94 c4 b7 48 ae 21 06 28 66 48 a0 b2 51 5b cc 65 90 8f 31 d6 40 57 3c ca a4 59 3c ca 99 54 af 21 ec da d4 ea f2 10 d1 69 51 22 d5 3f b3 0c a8 2c ec 43 91 63 78 95 dc 9f a8 9d 57 20 92 4a 88 2b 32 70 0c 42 23 14 2c 01 16 5b 1c 4b 63 56 8c
                                                                                                                                                                                                                        Data Ascii: +y_Xyig=ie"E4,NO*~\3vtv~vTOn%;6-E7.UG7UnY{lECd~f,nJiblkqDNy%H!(fHQ[e1@W<Y<T!iQ"?,CcxW J+2pB#,[KcV
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: 54 66 bb 1a 7a 96 68 e5 c6 ce 9f 6d 7f 86 a6 81 42 42 7a e2 9f e6 13 b4 72 a1 42 34 12 15 92 30 0c c5 65 42 b6 2b 61 62 b2 08 98 6a 22 61 a8 0c c5 6c 35 03 01 58 61 d4 bc c0 c7 b4 bd 4b cc c6 f7 12 b7 a4 cd 85 97 53 f3 20 65 d4 fc c0 8d 32 28 e8 76 d9 52 66 03 5e c6 54 91 a8 95 dc 84 8b 23 23 35 b9 e0 59 19 1a 67 0b ea 5f 60 cd 19 54 d1 b7 cc df af ed 1a d3 ed 17 d0 94 09 0f 4b d0 14 20 68 06 05 77 ae 2b 76 dc 9f 03 cc ee ef bb b7 5c f8 3c 8e 9f 79 dd 51 7b 11 78 bc 59 c5 78 b3 c5 ef df 3b 63 b4 6a 15 82 83 b4 4a 33 82 e1 5f b6 d8 ca da e2 87 5a b9 05 26 45 c1 54 12 c8 b2 28 89 0f 14 50 62 68 b6 53 14 5d 01 91 74 19 7c 0a 20 5d 00 55 b1 2c 89 5c 4b 22 56 4e 86 42 8d 10 86 19 0b 11 90 04 84 41 08 84 22 c8 85 10 28 01 2c 66 b6 d8 96 ab 6b 9a 2c 33 6d 65 8b
                                                                                                                                                                                                                        Data Ascii: TfzhmBBzrB40eB+abj"al5XaKS e2(vRf^T##5Yg_`TK hw+v\<yQ{xYx;cjJ3_Z&ET(PbhS]t| ]U,\K"VNBA"(,fk,3me
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: 3a b7 15 92 a1 1c 57 0e 25 ea db 0f b7 55 e4 30 99 66 d2 34 60 5d ed f8 0c a2 51 52 b4 49 59 52 4e 32 5a a2 f8 32 fd 28 94 03 85 dc 3b 5b b5 17 7a c2 6e 2b aa 0b 35 e4 73 14 6f cb 2b 6e 9e 27 af 69 50 e6 6f 76 ca db d7 0e 99 70 f1 33 ec df 79 3a 3a fa f6 9c 57 17 e9 77 2f 3a 44 7b 7d b9 cb 19 dc 7f 81 b1 8d 6f a5 9e 7b ec de f3 5d 70 c8 fb 7d 84 b1 ab f3 22 db d9 82 c2 28 d7 23 3c cc 5b 7b d2 28 dc 46 31 b4 de 46 17 2a a2 ee ed 29 c7 63 37 0e ae 07 9f 84 7b a5 ce 88 b6 75 f5 5f ed 6a ed 23 a9 3b 90 b6 9c a4 d1 9e ff 00 dc 1b 77 05 08 5b ab 4b 33 24 bb 4f 77 bd d7 16 48 fd bb be f8 ad b3 5b 6b 9e 59 fd 97 b3 3d fe e5 72 eb 6d 25 1f 04 66 96 e6 ec 8e b4 7b 05 f8 f5 5a 65 8b b5 4a 1d 56 9f e4 4f 19 3b 2f 96 d7 fc a4 70 27 ef 4d f1 24 7e aa 3d 35 3b eb 69 05
                                                                                                                                                                                                                        Data Ascii: :W%U0f4`]QRIYRN2Z2(;[zn+5so+n'iPovp3y::Ww/:D{}o{]p}"(#<[{(F1F*)c7{u_j#;w[K3$OwH[kY=rm%f{ZeJVO;/p'M$~=5;i
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 75 a1 57 b8 b5 55 e3 c9 16 db c7 16 a9 e6 06 9b 77 55 b8 d1 24 df 36 49 6e 2e 3c 16 0b c0 ac 2a 85 42 b7 27 9b 06 86 3b 92 4a ac ae 57 1b c8 2c 88 e2 0f 4f 30 3a bc d8 34 a0 b8 33 94 79 d4 1a d0 28 4a 30 be 30 7d c5 c8 9e e2 e4 24 9c 23 d5 24 8a a5 ba b2 b0 55 63 0d 4d 3e 22 ff 00 71 13 dc 46 59 6e e3 c2 22 3d e4 f8 44 2f ea bf 0d be e2 06 b3 0f d5 dd 7f 09 3e aa f7 24 0f d3 5b bd c4 4f 71 71 30 fd 4d ee 48 8b 73 77 8a 4c 1f a6 b7 ab b1 0f b9 0e 66 0f aa 97 e9 44 fa c5 fa 41 fa 6f c3 a0 a7 17 93 1a 33 7f a8 e7 2d e4 38 a6 86 5b ab 4f 8b 45 4b ea bf 0e 87 b9 2e 64 ac 9f 13 14 2f 5b 79 48 b6 37 25 c2 41 9b a5 8d 15 64 d5 22 8f 72 e7 81 3d d9 84 f1 ad 1a d9 35 f3 45 2a ef 34 32 b9 07 c4 26 2a dd 48 a6 77 60 f0 4c 17 2e 2a 52 39 b2 ad 12 79 62 4b b4 9c b5 35
                                                                                                                                                                                                                        Data Ascii: uWUwU$6In.<*B';JW,O0:43y(J00}$#$UcM>"qFYn"=D/>$[Oqq0MHswLfDAo3-8[OEK.d/[yH7%Ad"r=5E*42&*Hw`L.*R9ybK5
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC10428INData Raw: c3 ed 96 56 d1 7f 62 7e b7 85 86 b8 bc b0 f2 3a 3b 2d d6 e6 49 c6 33 a5 32 4f 23 d3 cb b4 d8 ff 00 4d 09 fc 2e da ba 94 28 fc 07 9c f8 3c 2b 81 b8 bb b9 c2 4e 5f 91 4b dd 5d e2 d9 e8 2f f6 45 73 08 b6 8c 57 7e dc dd 7c 12 a9 65 87 8d 73 25 bc 9c 62 fd 6c e7 dd dc dd 9b e1 4e 0a 87 62 e7 db bd c3 f4 d4 a2 5f 6f ef d7 f4 99 65 8c d9 5c 7a 48 94 91 d6 7d 87 b8 7f a4 c3 1e c1 bf 6e 8e db 46 b3 3e 53 15 c8 d2 d9 65 a9 4e 0f 0a 7e 38 9d 98 7d b7 ba f8 a2 ff 00 03 55 9e c1 a7 aa dc 9b f1 26 61 8a e6 6c f7 57 b5 e1 6a 0e 99 3d 39 1e 83 6f dc f7 94 5a e3 1c b9 02 cf 69 71 e9 b6 6b b7 da ef 3e 06 6e 2b 53 30 f6 7b b4 ff 00 a9 0f c8 df 67 75 0b aa b1 fc 8c b0 ed 0f e2 66 cb 5b 48 da 5e 26 70 d4 ab 6a 9f 02 24 32 88 74 d4 8a 5a 12 81 d0 c3 a6 45 0b a5 03 4f 88 e9 06
                                                                                                                                                                                                                        Data Ascii: Vb~:;-I32O#M.(<+N_K]/EsW~|es%blNb_oe\zH}nF>SeN~8}U&alWj=9oZiqk>n+S0{guf[H^&pj$2tZEO


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        83192.168.2.749808203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC390OUTGET /im.qq.com_new/de9c920b/img/scene-bg-x.6a1a9834.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC574INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:47 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 181293
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:46 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: d6fea2b2-2a42-4609-a4ac-84cc2cf53fd5
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC15810INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 07 80 00 00 04 38 08 06 00 00 00 e8 d3 c1 43 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDR8CpHYseiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: c1 57 ad bf 50 c2 af 86 ed 27 e3 12 8e c8 d4 c2 6f a5 91 e2 e0 b0 cd 06 c2 af 12 67 89 77 f6 cb fe 7d 4a 4e 21 b8 ea 68 78 3c c4 e6 44 9c e7 5a f2 74 db fb f2 c2 51 9e 99 c5 60 cb a6 f3 3a 16 fa 0e d3 dc 38 44 03 e7 43 61 1b 05 46 20 00 03 00 c0 21 b7 7f 3b ea 82 02 03 b0 43 ec 71 81 f8 0b 52 a4 6b 86 40 19 5e b9 0b cf 22 fc b6 d8 78 9f b3 5a 9c 92 d3 0a bf 7b 36 0d 3d db d9 c6 20 c2 af 23 95 5e 4d f9 bd 49 1c b7 b1 da 29 00 78 85 87 58 61 2f b1 bb 2c 38 a9 a0 51 c5 60 86 d1 3e 5e d1 c0 b3 33 9b 70 6a 7c 4f c9 92 38 1d be 02 95 20 00 03 00 00 44 02 d1 2b 01 71 1b 09 e1 17 24 19 6a 8a e7 2b ed 23 6f da 44 6d 4d b7 fd 43 bb 2e b2 88 cb 35 82 f0 52 c2 6f cd 1b 82 5e a2 d5 c5 5f 84 5f 41 8a 45 3e 75 dd e0 ae f5 7c 72 5c f4 ea b0 77 f8 64 77 24 38 a9 37 91 c4
                                                                                                                                                                                                                        Data Ascii: WP'ogw}JN!hx<DZtQ`:8DCaF !;CqRk@^"xZ{6= #^MI)xXa/,8Q`>^3pj|O8 D+q$j+#oDmMC.5Ro^__AE>u|r\wdw$87
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: a1 8f 8a c0 53 ea 5e 7b 21 e8 71 aa 3e 69 f6 09 c3 d1 46 65 57 7e f6 fa 4e 82 88 f3 11 cc c4 ed 9d 28 e1 ae 74 3a 19 49 f3 cc 89 5b bf aa b7 75 a4 e1 fe 1b f8 d9 bb bf 0c 7a 50 a3 94 a9 6a 6d 4d e1 c5 3c e8 e9 67 03 20 2a c9 f2 5c db 97 bb 8a 94 b1 fd 4e 18 9c 36 06 ec 5e 08 b2 4a f5 bc 9a 10 6c 29 98 6e db 5c a2 73 73 44 70 f5 87 d5 92 48 8f f7 32 9f 6e 9b d1 c8 d9 da 38 63 79 11 80 01 00 00 c2 81 f8 2b 60 75 1b 22 5b f4 6f 4c b3 fb 54 66 46 3b cf 56 e2 af 45 8a 21 c5 5f e7 4c a5 eb f3 89 04 2b 9d 34 8f 85 e1 48 6d 29 95 97 f2 f1 cb 96 e7 b8 dd 0a cc 84 df da 2f dd f4 ea 4a 22 dd 3d 47 67 5b ba 75 1d 49 ac 0e 7e 12 2a 19 3c 64 0d 5e e4 f0 a2 ef d5 17 c2 b7 87 9e 08 bc 57 67 aa d5 91 a6 ce eb e9 de aa 4c 5c 17 a1 84 60 81 71 d2 65 77 22 3c a2 74 2d ec 21
                                                                                                                                                                                                                        Data Ascii: S^{!q>iFeW~N(t:I[uzPjmM<g *\N6^Jl)n\ssDpH2n8cy+`u"[oLTfF;VE!_L+4Hm)/J"=Gg[uI~*<d^WgL\`qew"<t-!
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: cd 45 04 e3 30 23 a6 4f 06 67 1e 13 11 eb 45 00 2f 2c 2c 4c c1 7a 7c f4 c2 1c b8 2c 53 c9 41 a6 d3 41 70 f6 e2 a6 e4 af 6c 31 9a 9f 38 2b f9 9b 8a f9 10 da 8b 33 69 b7 34 9b f4 d5 de 1f 62 38 7d 4b dc 2d 4f 2e 84 1d 47 d6 18 28 aa 7c fb 41 7d 9a b8 31 f4 20 7c 99 ab 03 a9 a7 a9 7c b0 b1 4f ab 56 94 70 e7 03 be 5f ec 67 92 00 2b 5e 11 65 2d 7d cf b3 47 18 29 72 65 17 4c b6 20 ec a8 db 03 cd 29 2f 9f 95 c5 8e 62 85 4d 74 be ef 4c 02 ef 7f 96 72 e7 45 78 7a 95 c3 3d 72 c0 26 af 1c 6f 72 f8 16 32 78 68 53 48 02 b3 74 4e 84 2d de fa 0a 37 24 82 1d 83 e6 ac be 6a ef 8d b8 76 f4 fc f7 03 ff 60 ad d2 fb 83 3b 07 b2 94 c5 22 80 17 16 16 d2 60 ed 16 5e b0 af 3a cb 13 84 ef fe a5 fe 01 12 c9 6a 6d 32 05 e0 ab 50 47 f5 b9 74 8f 05 bf e9 7d bf ef 64 66 d7 48 74 18 66
                                                                                                                                                                                                                        Data Ascii: E0#OgE/,,Lz|,SAApl18+3i4b8}K-O.G(|A}1 ||OVp_g+^e-}G)reL )/bMtLrExz=r&or2xhSHtN-7$jv`;"`^:jm2PGt}dfHtf
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC16384INData Raw: 36 72 0b 43 8e 42 00 d2 f3 59 fc 2b 87 2f 06 65 20 04 12 db d6 6a 29 16 41 85 19 55 6e 2a e3 2e c9 d3 cb 74 f5 01 15 de 35 06 b3 ed 68 6d f1 64 48 98 be 25 cd 4c df a9 50 35 d2 34 2b f9 3b 92 79 e7 13 95 27 b6 5c 65 95 26 e4 66 8d f3 5c 44 bc 1b 5a 39 03 ec c4 b9 2b c7 4e fc ca 17 64 b7 31 fd d3 39 81 04 16 11 8d a5 ad 93 b4 0e ec 25 5e 21 80 8f 57 b5 03 c1 24 f0 0f 5a ef ad 4d 09 2f b2 0d 5c cd 3f 8a 15 75 dd 6d f7 67 4d d2 23 df 60 64 f4 f1 d2 ed 38 2d e7 e8 d4 0a 3a 45 46 db f7 68 16 28 bd 48 5d 55 7d c1 7d 72 0f e8 bc b6 f4 17 67 3b 35 9b 91 44 b0 a3 89 8b ad c4 d4 ac da 52 d1 5a 9b d0 96 66 d4 e9 6f c0 ff fd f7 ef 7f 65 61 61 21 0c 6e 17 65 a9 ae f6 a8 24 be fc 74 02 35 fe cd c7 22 7f 0b a6 28 6e 51 a5 17 f9 eb 20 9a c6 02 1b 24 3a 2c d6 33 15 70 62
                                                                                                                                                                                                                        Data Ascii: 6rCBY+/e j)AUn*.t5hmdH%LP54+;y'\e&f\DZ9+Nd19%^!W$ZM/\?umgM#`d8-:EFh(H]U}}rg;5DRZfoeaa!ne$t5"(nQ $:,3pb
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 77 2c 21 d3 a1 ed b6 a5 2a 8f a9 14 96 41 64 d5 ba 2c e8 38 ed a8 b5 80 65 ef 27 91 63 1c 7b 1b 0a b5 76 0e b1 b7 ee 5a 1d 09 20 76 ec 1a 75 0e 89 95 52 00 fd d1 4e 91 b5 4e 18 e2 66 7d 9f b0 a9 4e 18 77 bf 72 76 02 77 c7 1b f5 0e e6 b1 ac ac ee 03 2a be 12 c1 1b 90 d9 f8 44 04 d4 27 b8 ec 04 6e 1e ec 9e 80 96 f6 50 17 d3 98 6b 8c 0c ba 4a 99 d5 32 da b8 e4 b1 eb 28 2f 17 1e 3d 40 b6 32 45 e7 31 b4 d7 74 30 16 e9 ff ac b6 34 b3 0d 23 c7 10 95 dd 09 d2 4f c7 ff 5b 44 ef c2 3c c4 54 be af a9 e3 8b f8 45 2a f0 c3 54 f2 57 47 ec 1d 34 80 89 25 9e ba bb 92 bf 13 75 94 bf 47 b7 a8 55 79 93 bf 1a dc be 8f 0b ca 00 ac 4d 14 21 fc c8 df 58 10 24 09 1e e6 de d2 c4 5f 67 24 65 3d 80 ee cb 24 ea 42 e2 d5 33 e2 b0 30 f3 14 10 eb cc c6 27 2f 2b d2 3b 35 2e a0 d6 41 8f
                                                                                                                                                                                                                        Data Ascii: w,!*Ad,8e'c{vZ vuRNNf}Nwrvw*D'nPkJ2(/=@2E1t04#O[D<TE*TWG4%uGUyM!X$_g$e=$B30'/+;5.A
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: aa b5 c9 37 70 c7 99 52 28 ee d3 5b 20 fa fa c6 63 f0 f4 70 41 95 5f 4e 00 87 cf 22 1b 50 74 fd f1 10 ea a7 a4 4a 69 e2 f7 40 57 21 a7 58 4c c9 2a 06 1d 5d 12 1a 83 b2 1d 22 87 62 9f 84 bf 4d 9f 50 b1 74 7b 41 74 db 9c 7e 59 c4 4f c0 a7 7f eb f7 5b c0 ef 3f 86 fc c6 24 d0 58 4e 78 a8 83 58 97 a0 78 0a d1 0b 27 df 98 09 89 79 23 bb 1a 24 fa 09 94 06 0d 7d 1d 5f 2f 39 21 fd 2b 73 35 0b 8f 53 a0 1c 91 6d 1f 03 ff 1a b2 a3 c1 b2 91 0e d2 02 09 c5 6d bc ac b7 e4 d4 71 ec 1d c6 dc fb b5 f5 fa 36 07 47 c3 36 8c 5c 7d ef e3 c4 3b fa eb ef 6f 1f 77 df 7c 7c 94 5b 8c 37 c2 25 1a ff 36 e7 ff ca bd bb 77 9b f9 e7 ff c9 44 ac 2a 93 85 38 df 88 11 e7 b5 f2 95 27 9c ae 45 06 32 bf 28 24 ac f1 b3 35 05 c4 32 bd d6 41 51 44 f0 2f 09 fc ad 74 a9 83 cd 78 85 7c 18 cd 24 ea
                                                                                                                                                                                                                        Data Ascii: 7pR([ cpA_N"PtJi@W!XL*]"bMPt{At~YO[?$XNxXx'y#$}_/9!+s5Smmq6G6\};ow||[7%6wD*8'E2($52AQD/tx|$
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 2c 05 2c 55 16 4f a0 f6 15 bc 21 5f 1b 4e 4d b3 84 ca 1e 01 92 f2 8f 96 36 03 bf 73 c1 07 04 d6 a8 45 74 b3 5b 21 38 c2 87 08 1d 95 ea 1a 4e 36 ed fe d8 fc b5 ae d7 69 03 f1 a1 f7 68 c2 ff 3f 7b a5 f6 c9 cb 23 cc f1 9e 1c b9 73 f4 f2 c1 6a 17 fa 5e ed 66 4e 0d 68 db 3f 79 06 71 5f 79 c5 f9 36 99 de f2 8b a7 92 4a 17 7c 95 59 ed be 37 f3 45 99 0c 76 5b 6d 26 4b 79 bf c0 ce ff 96 c1 58 57 bf 52 af bb 4f 95 2c 84 1c 48 33 dc 06 92 55 9e aa 4d 1e 64 37 ca d9 09 5c 40 b2 2a 02 e5 a7 aa fa 02 15 c3 da 13 5b e1 12 e7 cb 0b 5d 08 33 6c 32 36 e3 d3 13 18 b8 59 fb a4 41 ea af 49 de 7c f4 09 e0 59 e1 be 93 e0 ae 60 7c b4 8b 8a 20 91 fc 9d e9 9d 1c 83 e0 f6 49 cc e9 31 46 21 c3 be ff 2b de 51 5c e4 2e 1c 8e e9 24 b3 88 46 3c 32 c8 df 8e 89 38 ec 0e 8b d2 eb c2 72 58
                                                                                                                                                                                                                        Data Ascii: ,,UO!_NM6sEt[!8N6ih?{#sj^fNh?yq_y6J|Y7Ev[m&KyXWRO,H3UMd7\@*[]3l26YAI|Y`| I1F!+Q\.$F<28rX
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: f0 7e 2b ed 14 6f 11 04 9d 22 46 c1 1a 63 c3 9d 76 1d 32 be 48 74 b9 21 00 ea a4 7b 40 fe 6c f9 55 f0 84 93 c6 57 e8 6d fb 38 9c 13 c0 4d fe 82 90 e4 25 5a c6 5f 58 36 62 d0 31 32 35 f4 03 6a 9f 00 6e 34 2a a0 c3 3d 16 9f fe ce 5b 26 55 38 5d fc 34 7e 62 0c f8 3c b7 4d 8c a7 ab aa f8 b4 ca 21 1e f4 7c 24 c3 bf e8 d3 c0 e1 48 b7 dd d8 16 e1 4f ea 2d 72 4c 3c d1 70 1d c1 55 84 76 e4 91 b3 65 5a 68 dd 88 70 ff 08 27 69 77 4a 9d 4f c4 df ca 66 96 1d 25 e7 16 c4 be e8 8f 13 b5 e2 d3 bf 74 24 c3 0e 54 dc 54 26 d5 47 3e 05 6c 81 3f f9 6b 2b 6c d6 ea fb e9 64 6c a3 2e 10 ab ff 4f 02 98 41 1a 36 af c8 45 7b 69 58 24 90 66 7d fa b7 28 ba 19 eb 11 ee bb 62 ef 33 24 c5 2d e0 c6 5d 95 d0 b5 9c d8 e6 95 01 34 75 0e 79 9d f3 aa cc e7 83 4b ff f6 8a 64 03 10 e1 36 9a 4f
                                                                                                                                                                                                                        Data Ascii: ~+o"Fcv2Ht!{@lUWm8M%Z_X6b125jn4*=[&U8]4~b<M!|$HO-rL<pUveZhp'iwJOf%t$TT&G>l?k+ldl.OA6E{iX$f}(b3$-]4uyKd6O
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: f8 40 f6 29 97 a3 83 67 cc 07 2e 75 09 db 70 41 07 80 2f 81 0e 02 c3 91 6c cb 6b 2d 40 ee c0 ab 90 b7 30 de bd d1 55 dc c8 84 66 dd 02 bb d8 51 b9 01 38 5d ee 78 ac a8 0d 1e 2d a9 4f ca 81 0e 02 13 f0 6a de ce f5 77 39 8e ec c3 e9 f9 e7 24 8d 84 f3 12 63 cc 4f 21 2a ae b3 8a 75 0a 28 44 4f 2b 72 61 ae 62 e6 23 a1 1b 85 60 a9 2f 4b 5e 63 63 8f 08 f6 c6 8e 41 b4 fa 0b 64 ad 38 3f a2 cd af 65 51 31 d8 74 15 58 ed 91 65 4f ad dc 9c e0 6f 0d af eb e0 6f 0c fe c6 c4 3c ad 3c c7 65 89 fc 0c 1d 66 ef e3 fb c6 a0 18 74 00 f8 6a e8 d9 dd 84 e8 4a bb 33 7a ac db 43 f1 76 21 56 cf bf 3c a1 13 27 87 e2 78 eb ef f6 2e 40 27 50 64 e4 91 25 53 c4 34 24 3a b2 52 3a 05 81 43 79 08 92 44 86 92 2b 88 8f 88 32 f0 32 19 bd d8 4c a3 6e 20 f8 b4 33 eb 79 65 e3 0d 17 98 6c b2 8a
                                                                                                                                                                                                                        Data Ascii: @)g.upA/lk-@0UfQ8]x-Ojw9$cO!*u(DO+rab#`/K^ccAd8?eQ1tXeOoo<<eftjJ3zCv!V<'x.@'Pd%S4$:R:CyD+22Ln 3yel


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        84192.168.2.749820119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC664OUTGET /im.qq.com_new/de9c920b/img/page-1.9d39f9ad.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:48 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 186062
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:48 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 12aeca8a-e1fc-4405-8137-0f4355bdea3a
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 64 00 00 06 38 08 03 00 00 00 c6 42 fe d1 00 00 02 fd 50 4c 54 45 00 00 00 07 39 7d 00 3a 7d 00 3a 7e 00 3b 7e 9b b3 cd 39 62 8e f0 f1 f3 e3 e7 ed ff ff ff f6 f6 f6 ef ef ef 01 00 00 e9 e9 ea dd dd de 00 9b ff f6 ed eb a7 a7 a8 f5 e4 e2 10 11 14 ff b6 11 d4 d4 d5 22 1f 1e 5f 5e 5e 82 7f 7f af b1 b3 9e 9f a0 16 19 24 89 bc ea 3f 41 40 39 9d fb cb ca cc c1 c0 c0 bb ba bb 2a 2f 35 53 a8 f8 92 bf ea 36 33 3e 24 27 31 31 2e 39 4d 9d f1 39 96 f4 1c 1f 32 4b 4f 5c 44 47 54 37 38 47 fe fc f2 e5 e2 e3 b1 ce ed 72 6d 6e a4 cd f6 71 b7 f8 27 2a 45 a8 c8 e9 81 b6 e8 d9 e2 ee 90 8c 8d be d3 ec 9c c4 ec 3a 40 54 68 6e 7d 50 4b 51 3d 43 60 42 3f 4b 4d 5f 84 51 59 75 cd da ed 46 4d 6a 30 99 fd 28 3b 3a 62 5b 69 5a
                                                                                                                                                                                                                        Data Ascii: PNGIHDRd8BPLTE9}:}:~;~9b"_^^$?A@9*/5S63>$'11.9M92KO\DGT78Grmnq'*E:@Thn}PKQ=C`B?KM_QYuFMj0(;:b[iZ
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: b2 12 38 21 b3 c5 0f 75 b2 3a a2 92 89 07 e6 e7 4f cd f7 90 35 be fd 9c 0c 8d e7 64 b2 2b 66 fe 57 59 30 a3 ce 63 31 fc b0 91 f9 f2 93 32 9f 2d 6d a5 e7 27 6c da f3 e8 0a 5f 9e ce c9 34 60 4c e1 7f 5a 0e df a1 66 33 9b dd 98 9d dd 18 43 d5 e3 72 d7 4b d3 53 b0 b0 67 9e 21 65 0f 88 2c 66 e8 4d 4d 4f 0c d3 8f a8 f2 a7 2f dd 7f e1 fe 91 56 6b 53 cc 94 34 66 59 ea 66 85 82 f3 30 1c 4e 44 ce ba 99 49 ca 7e fb a9 d7 be 49 0b f4 62 4f 60 ec b7 e3 20 fe 67 ab a9 ea 5b 74 c1 0f 63 5f 79 92 c5 c2 7b 2a 48 91 1d 50 06 7e e0 5f 18 2e 13 9b fa 06 74 55 dd 2e 92 1e 47 d1 42 94 39 2f 8b 49 36 06 09 64 84 0b a4 dd 77 cb 7d 1f f1 62 65 91 03 67 48 cf 6e 5b f9 68 85 56 b6 73 b1 4b 42 c3 84 93 c6 8b 73 02 99 e4 65 24 8b 88 a5 23 89 4c 7f 92 e5 c6 41 20 46 e9 02 05 97 c6 66
                                                                                                                                                                                                                        Data Ascii: 8!u:O5d+fWY0c12-m'l_4`LZf3CrKSg!e,fMMO/VkS4fYf0NDI~IbO` g[tc_y{*HP~_.tU.GB9/I6dw}begHn[hVsKBse$#LA Ff
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 74 38 cb 19 89 b9 b0 6c ea d4 35 29 f9 9c b1 0e de 61 5a 7c 4c d0 c3 0b 0e 4a 3e e3 3a 19 20 b3 8c 91 32 18 99 75 b2 b7 8e 35 22 7b f3 18 4e 66 9b e1 8f e7 ea 68 77 c3 68 37 f5 e1 fa b1 5b f1 21 0b ca fe 6c bd 0c 85 55 d7 88 18 c2 46 40 d6 a7 9d ac 6f 07 3e c2 2f 1f 28 a3 93 99 69 32 32 b6 63 df 5e db 7d c0 36 c3 7f a7 2a 3a ca 13 43 63 a1 b0 54 7b c8 f4 59 3c bb 08 fb 0e 2a 15 d9 2d 35 e1 65 8a b2 b2 00 8b 07 22 28 42 46 38 88 99 07 e2 2b 2e fa 98 1c b0 32 25 20 56 a7 10 ab 8b a2 ed 75 76 82 33 bc d1 92 d7 5c 50 9d 89 b9 b0 d6 5b e5 a8 5c fc c5 2f 7e 79 1f ca f4 0a a9 11 83 28 ff c8 67 a2 e4 38 18 5b bb b9 bc 29 3e 32 b4 0a 01 23 29 5b 56 7a a2 81 8c 91 b2 f6 56 9a 59 1e 12 fa 47 be bb 92 92 e6 c2 c0 0c 6e c6 dc e3 9d 1e a5 21 d2 a6 07 65 14 3d eb ee ef
                                                                                                                                                                                                                        Data Ascii: t8l5)aZ|LJ>: 2u5"{Nfhwh7[!lUF@o>/(i22c^}6*:CcT{Y<*-5e"(BF8+.2% Vuv3\P[\/~y(g8[)>2#)[VzVYGn!e=
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 35 30 b1 2a 79 04 94 91 09 63 fd a1 08 3e d1 66 a6 ae 39 8c 69 27 23 67 b6 96 0f 87 de 45 1e 76 b4 e4 d8 96 ad 2e f6 a0 71 2b 39 4c 10 36 19 99 04 8b ff bb 40 95 21 4c 72 32 42 c6 7e 0f c4 76 62 65 31 34 77 00 b2 02 13 2e 8a 91 d1 c9 ee e1 aa 20 6b 23 64 81 8c 87 90 29 79 52 ea 8f dd 1b 87 d0 b7 58 5b 50 ea 3e f5 b9 cf 61 45 8c 45 44 60 16 94 01 c3 f8 39 31 a4 e2 2b fe 4e 62 12 20 62 78 2c ec 23 38 35 e7 0a 10 23 3e 7b 36 4a b1 e8 f8 14 63 3e 58 f0 af e1 51 73 0c f7 75 61 c9 84 12 c6 0a 18 2f d2 c8 8e 9d c5 2a 59 7f 15 d8 02 64 67 cf 80 32 0c 17 08 6b ca c2 67 c3 aa ba d8 06 47 1c fd 5c 3a c6 cc 2c 0b d5 cd 3f ba 8a 90 71 e8 ea dd f9 a1 35 28 1e dc 79 ed 1a 56 a4 1e 07 86 c2 b7 28 8b 32 92 44 c9 93 50 26 9c 19 e0 04 b3 c9 f4 f0 d4 ca f8 2f 7c 2e f4 59 11
                                                                                                                                                                                                                        Data Ascii: 50*yc>f9i'#gEv.q+9L6@!Lr2B~vbe14w. k#d)yRX[P>aEED`91+Nb bx,#85#>{6Jc>XQsua/*Ydg2kgG\:,?q5(yV(2DP&/|.Y
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 32 ca 8c 9c ba 7d 4a 51 9e 33 d6 c7 c9 d2 49 92 4c d2 20 bf 71 c6 4a 02 cc a4 65 30 10 ab 31 51 4c a2 04 4b b9 43 d6 c2 7c 6c c0 be 81 42 53 17 48 99 91 71 c7 24 66 27 8c 45 71 8e 0b 77 10 b8 52 44 5b 4b 8c 32 53 0b b5 13 35 7a 20 ca a4 7a 8d 28 70 34 a2 0b 53 e9 7a 31 7e 72 d6 4b f4 3a 7a 8c b0 2b eb 08 62 da 9f 39 2c 8e 67 ba 40 6c db 87 ca 44 d8 5b 5b a7 de 9c b2 4e cf 68 0b ca da e7 ab 81 b2 83 c6 83 2e a7 4b e6 75 bf fb 97 c5 8a ba ab 80 22 79 8f 13 75 c9 04 59 52 2a 19 66 d8 76 e2 2e 46 a8 4a cb fd b0 be b2 d1 34 7c f4 bf e4 b8 3d 14 b4 84 1a 1a 0e c4 c4 54 9b bf 59 65 1f b7 dd aa 0b 28 43 be d8 d2 25 28 a0 94 0f 13 1f a4 0d 90 e5 57 37 9d e5 64 68 d6 c2 8b 28 9f c2 8f b7 57 96 f3 f0 47 33 e6 6c 06 5d ee 64 8a 18 af a0 74 11 27 cb 19 19 47 e6 65 86
                                                                                                                                                                                                                        Data Ascii: 2}JQ3IL qJe01QLKC|lBSHq$f'EqwRD[K2S5z z(p4Sz1~rK:z+b9,g@lD[[Nh.Ku"yuYR*fv.FJ4|=TYe(C%(W7dh(WG3l]dt'Ge
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 8b d8 c9 f8 28 ef 2b b7 12 43 46 f3 ea 83 3a f5 ef 21 4b 9c ec 46 1a e2 87 92 f8 54 88 23 34 f5 5d 5e e5 64 ca 02 d3 0e 6d 25 87 90 19 75 39 b7 34 d6 46 be 31 0d 77 a0 d9 96 36 f1 31 31 26 6d db 6e a8 2c e5 f8 49 88 f6 ca e4 8c 76 56 4c 2a b0 fb 7a ef c2 d2 ac 9d 84 65 67 fc b8 cc e6 cc 9d 96 7f 68 c2 0e 6b 87 98 21 3f db 0b 3c 85 c0 01 07 30 3f 0a 20 86 8c 5a 92 20 f6 16 64 66 06 dc 9c 93 19 01 23 21 86 45 c7 5b c2 89 a7 6c f6 af 46 73 9b 42 f8 3f ce c9 ee fe fe fb 4d c8 ee 1c 11 65 f7 30 1d 5d 4c 08 32 14 3d 26 93 b3 f3 b3 47 8f be c5 77 52 e0 5a 97 d9 01 ea 1e 97 18 22 bc c7 8c 7d fd 80 4b f8 dd 9d 2c d7 5f b5 50 56 41 46 04 51 77 75 93 7e 82 3c 25 a2 40 49 f3 66 f5 d3 0a 32 16 51 a7 96 d6 31 d0 08 b0 1a 9c ac 5a 49 90 6d 59 ac b2 e1 7a 57 f1 c3 ea a5
                                                                                                                                                                                                                        Data Ascii: (+CF:!KFT#4]^dm%u94F1w611&mn,IvVL*zeghk!?<0? Z df#!E[lFsB?Me0]L2=&GwRZ"}K,_PVAFQwu~<%@If2Q1ZImYzW
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 58 7c a6 32 40 19 36 85 b0 56 90 94 a5 b4 2a e3 10 32 72 17 b5 83 1d 19 7c 99 6a e1 95 29 e9 f7 52 ce 01 64 95 bb a8 9d 61 fe 8d d3 49 a6 ad f3 1b 94 ea 6c 83 49 35 8a 5f 2e f6 21 96 e5 2e c2 e2 a2 20 fe a2 66 4e 58 3c b7 6a 2e fa 77 ed a8 85 74 ae 8e 1b 4e 3c 10 e9 93 05 77 71 a7 3c 3b 38 38 38 3d 3d 9e 8c ca 2d 88 7d c0 08 d9 fa ea ca 13 4f 3f f5 d4 1c 66 3d 50 1f 73 1a 8b e9 9d e3 0f f6 ce d7 9e 7f fe cd 17 06 77 f9 77 c3 5b 3f e7 55 9f 8c e1 73 a6 8e 76 d3 42 aa cd 5c 9c 53 55 a1 51 c9 cd ac 49 15 ab 60 35 30 ba 4a a8 f5 ed 54 6b c5 a8 c5 86 76 ee 52 09 d2 1d 90 09 c5 bc 21 0b 02 5c 9b 4c 0b a7 00 23 63 2c 9b a1 c3 b4 53 0c 11 94 55 89 8e 92 1b 51 ea 2a 90 71 25 38 16 8f f1 d3 6a 67 69 1c 5b 70 17 cd cc 92 69 49 df 21 2e 64 94 66 ee 62 e6 66 96 2c c3
                                                                                                                                                                                                                        Data Ascii: X|2@6V*2r|j)RdaIlI5_.!. fNX<j.wtN<wq<;888==-}O?f=Psww[?UsvB\SUQI`50JTkvR!\L#c,SUQ*q%8jgi[piI!.dfbf,
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 05 5d 9e 11 32 4b 3f 99 6e 63 37 3e 36 5a 29 28 e4 b5 1e 7a d4 d0 39 a6 5b 19 e8 36 33 08 bf 4c 4e f6 c7 37 7b 93 db 47 47 df 6d 17 3f c8 14 cb e5 ef 04 63 e5 69 02 0b 31 7c 12 57 c8 f5 f7 6d 16 87 ce ce de 3e 38 38 3c 06 db 2b 14 26 fa fa 06 07 9f 76 b5 c2 2a 5b 7b cc 1e 2f 9a 29 9b 6c 45 ca 2e ff 2c 97 e5 b6 b5 f5 e2 ad 2a 1e 31 0f d0 ea f7 bc 7e dc c4 ff 25 64 1d 42 9d 4d 9c 92 ef 6d 6b 1b e8 84 26 1e 2a d6 ae 86 8b 03 04 8c db d6 a9 42 86 bc ab 90 51 22 34 e6 c1 7e ac 51 06 91 43 9b 2c f0 03 15 32 c7 f7 1d ab 93 d5 1a 19 6d 9a b0 4a 93 34 12 79 cf d7 59 7a 01 3e 48 7e 03 eb 13 27 c8 9b f5 70 f1 e5 2f 5f 07 76 36 ff d8 df d9 3e 3a 2b 6c 6f 2c e6 8a 1b 3b 15 80 0c e5 63 88 88 88 49 9d 0e ae 9c 8c 0e 0d bd eb 38 7d e7 5b e0 65 85 c2 5a 12 20 1b 0c bb 8a
                                                                                                                                                                                                                        Data Ascii: ]2K?nc7>6Z)(z9[63LN7{GGm?ci1|Wm>88<+&v*[{/)lE.,*1~%dBMmk&*BQ"4~QC,2mJ4yYz>H~'p/_v6>:+lo,;cI8}[eZ
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: c5 73 3d 78 b1 0c cb 64 d2 b1 93 71 95 0f c7 b7 18 25 db db 38 f8 51 b5 af 80 2c 44 4e 46 49 f8 7d 9c 81 2f c3 cb d4 82 f4 00 29 c2 4e ea a2 3b 27 63 ac 9a c4 45 d3 6c a4 6e fc ea d5 a7 c9 c3 a6 a9 9b 87 a9 c9 6b ae 77 b7 ae 4e da f7 87 dd 97 2a 73 11 e5 0c 02 b2 90 8e 2e f2 69 b6 de a6 4d 08 7e 22 7d 59 01 e5 4c 1a 8c d4 2f 0a d7 fd cf 80 96 86 2d 03 d6 69 36 7b 7b b9 25 4c 38 4b af ae 89 ae 3f bd b6 f7 64 03 ed d0 9c 45 82 70 c8 71 b2 74 b9 19 c2 1c f7 80 81 51 30 bf 10 62 f8 3d b6 93 39 35 3e 14 67 cd 46 52 ea fe f0 34 f9 f0 aa f3 2e a0 85 0f 77 9e de 3d bd f7 43 4d 98 45 8d 8f 90 95 bb 08 2b 73 4f 65 5f e2 64 f0 b3 c2 5a 0c df d3 9c 8c 38 eb d9 b5 d9 1b b1 a8 b3 89 65 db 3a 59 a7 0e 0e 26 aa eb 96 a8 67 ef 5f 5c bb 7f 62 df 6c 5c a7 07 93 a6 15 7e 5a
                                                                                                                                                                                                                        Data Ascii: s=xdq%8Q,DNFI}/)N;'cElnkwN*s.iM~"}YL/-i6{{%L8K?dEpqtQ0b=95>gFR4.w=CME+sOe_dZ8e:Y&g_\bl\~Z
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 1a 1d 14 c4 8e d2 e3 83 20 0b c2 90 46 64 c0 d8 25 df 7d 67 f7 be d7 37 5c a2 69 a7 d1 58 13 ab 38 2b ad 8b 05 82 8c f4 f4 54 61 b9 fa 0b 30 76 6d 7b fb de 7b ef 89 df 3a 49 4d 7d bc ba 32 48 47 da a5 3d 3b 63 df 6c 97 6f ef 59 d9 72 89 29 93 9d cc 70 0c 3a e9 f4 4f 24 f8 8a 5e 39 8a 39 1d 73 22 56 56 6e 62 ac 43 e7 c9 f0 a6 06 8c 03 13 1f ba b9 32 1e 9e 49 db f3 0d 07 2f 12 c3 1c b7 2f 7b 7c 8f 8f 7a d0 f6 bb 7b 01 85 8b 9f 5f ba f4 b9 eb 7e be ba 7a de f5 7a 5e 06 f6 d5 6a ad 35 1b ad e5 85 0f a6 1a 5f ef e5 e9 7c fe b5 64 fa e9 8d 2b 24 84 4c ae c2 37 35 90 c9 59 7c fd 4d be ae 40 66 3c 6d 83 83 95 e9 61 db cb af 95 8a fd 6b 32 64 bd e6 9c 89 64 74 26 9b e1 2b 7a 65 fb fb 48 f6 64 a4 25 29 3f 4a 4a a4 f6 6b 3c 38 ec 85 8b 2a 62 9a 9e 70 c4 98 7e 3f db
                                                                                                                                                                                                                        Data Ascii: Fd%}g7\iX8+Ta0vm{{:IM}2HG=;cloYr)p:O$^99s"VVnbC2I//{|z{_~zz^j5_|d+$L75Y|M@f<mak2ddt&+zeHd%)?JJk<8*bp~?


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        85192.168.2.749819119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:47 UTC664OUTGET /im.qq.com_new/de9c920b/img/page-2.f6af1bfb.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC473INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:48 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 1168126
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:48 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8c229fe4-62e1-4354-b8bf-64f4b3d33462
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC15911INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 5f 00 00 06 30 08 06 00 00 00 8d dc f5 41 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDR_0ApHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 1c bc 00 2e ab 7b f1 22 68 e2 05 ea ab d7 95 62 b8 59 7b d6 79 59 79 22 28 c7 e4 04 8c 29 1d a6 51 0b c9 da 13 07 35 28 d7 d7 f2 ae 48 1e c9 c5 ff 86 67 f8 87 3c 2f 10 96 97 f9 a1 51 46 9a 97 e5 e2 5e 2d 05 62 e6 fd 59 b8 df e8 f5 e3 86 6c 3b 38 a5 5e e1 12 64 b4 44 59 b5 b2 7e 29 b3 e9 58 57 0e 3f 62 b0 65 65 10 19 20 57 ef 9c a5 07 63 48 81 64 6e 77 94 0f ca 41 67 da 29 d5 41 cb ed 9e 96 06 f8 33 d0 5e 46 cf 58 97 9f 78 2a 16 ab 34 d9 44 c6 32 e8 bf 97 99 eb 79 03 fd 2b 7b 47 51 ee 28 d3 dc ae f6 bb 50 e8 8f 97 f5 3f 96 97 fb 29 d2 59 b0 2c d4 7f 31 00 b0 6f 5d a5 ff 74 6f 6d f7 ac ff 1f 40 ff a1 6c a2 7d fd 57 de 72 1f c7 43 c7 d8 05 f4 43 c3 39 4b 49 fa 6f e5 ba 67 0c f5 0a 3d 66 3c 86 f3 04 d2 dd 5d 09 21 8a 4b 0f b7 e4 09 56 0d 5d d5 3e 2c b6 cd b7
                                                                                                                                                                                                                        Data Ascii: .{"hbY{yYy"()Q5(Hg</QF^-bYl;8^dDY~)XW?bee WcHdnwAg)A3^FXx*4D2y+{GQ(P?)Y,1o]tom@l}WrCC9KIog=f<]!KV]>,
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: ff f0 40 34 41 b1 0e 56 48 bc 00 3a cb 2f 40 54 eb 8d 00 f4 cb 01 74 d3 08 64 41 36 07 99 fd bf 51 50 8f 60 1b f0 76 00 7f 00 ce 1c 54 79 dd 0d cc 6a 99 08 c6 e5 bc e5 ef 6d a2 46 8a 89 00 78 b6 fb ce 2f 62 bf d1 10 71 23 4c 81 95 79 77 84 3f 05 b2 5a df 03 78 3f 02 18 cf 80 7d e6 8d 21 04 ed fa f3 30 de 17 3a e3 e1 fd 17 0d c1 ee 15 69 de 28 f2 0d 45 90 36 81 7c a3 01 c4 37 da 24 45 f3 ac f6 3e aa f2 7f a0 60 70 a1 d1 a9 f7 ba 3c 1b 38 17 a0 ab 72 eb ed db fb e9 43 e0 fa 36 00 f3 c0 dd 68 a0 00 1f 7a ad 74 bb 51 70 5a cb fd 5b 9c 70 e1 77 85 51 37 5d 43 e3 d1 6b f3 a5 d0 ca 96 d3 b6 fe 93 6f d2 12 6a f5 04 fd 07 29 3c eb ff d3 f4 7f 7a 5c ab ff 33 43 15 da f4 dc 2e 41 ff 7b 3f f8 3b ef 3f ca 53 1f db da 1a 31 89 7e c0 4d 7b d4 b0 f3 0d 5c 92 c1 8b 1e 39
                                                                                                                                                                                                                        Data Ascii: @4AVH:/@TtdA6QP`vTyjmFx/bq#Lyw?Zx?}!0:i(E6|7$E>`p<8rC6hztQpZ[pwQ7]Ckoj)<z\3C.A{?;?S1~M{\9
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 81 95 f8 c6 24 f3 7f 2c df b8 2a 7d c3 aa ac c7 a2 54 0d ef 5d 91 57 ce 82 d8 24 ca 05 02 5e 57 f4 bd 2b 53 9f 38 2b bf c9 c6 f8 4a bc 46 0e 52 d0 ae 4c 6c 97 d5 d6 59 6d 9b d9 d1 14 ef ab 56 75 11 41 1b ee cf af 15 5b 33 66 94 96 01 e1 d5 69 47 be ff b3 8d b7 04 7f 16 fb 6e bc 86 80 8c 8e 8d 7d 38 52 24 4a 95 a8 66 0d d2 26 18 37 ec 9c aa 20 6e 5b 3b 2f 05 5e c0 20 4c e9 1c 60 49 18 fe ae 43 ce 9c c6 e3 4d 7b be b6 16 b5 90 88 9e 42 10 16 68 2e b4 0d 53 fb fb 8b 22 e7 b2 2c f4 a8 4a 08 4c bb 91 76 52 bc cb cc 78 bc ab 76 61 7d 79 17 7f 55 83 8a d5 14 9f 8a f7 f5 1e 9d 1b df 02 f8 83 b4 eb 85 06 e0 45 d7 d1 7e 0b 98 56 c6 67 d8 e2 4b f5 bd e8 0e 6b 72 29 4d ec 09 7a 39 00 e3 6f 41 fc cf 39 0a c3 4c 80 2b 0a 80 18 88 f1 11 24 f9 88 17 83 2d c1 0c d0 98 0e
                                                                                                                                                                                                                        Data Ascii: $,*}T]W$^W+S8+JFRLlYmVuA[3fiGn}8R$Jf&7 n[;/^ L`ICM{Bh.S",JLvRxva}yUE~VgKkr)Mz9oA9L+$-
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 5f 6a f7 a5 ba 48 d1 74 24 4b 1c 1f 0c fd 6e 6c 97 8c 76 98 96 84 6d 16 d7 48 05 51 80 d8 46 f6 64 72 ce b1 26 76 5d 1b 97 f3 d8 60 28 44 b8 2c c2 04 7e f6 7c a0 7b 1d 07 66 86 22 7c 12 9d 9c d7 a9 06 51 c3 4c 08 98 c4 be a4 27 d2 5a 12 41 52 b1 53 38 b3 f6 24 75 73 ab e9 d6 40 ff 47 8c d0 a8 79 07 02 b6 e4 65 e1 4f 4e 83 36 30 0b 7b b9 37 3d 88 66 60 f9 3c a4 02 bb 08 be 9a 00 97 2d c8 ac 8c ee 0f d2 32 a4 9a df 01 43 54 42 26 d1 b2 79 35 6d 85 53 1b 79 ae 07 9a 6e 1a b1 a3 b3 20 0c af 27 f4 6d 36 e8 86 fc 4b 6f 87 2a 8e b5 a0 ab 8f ff 04 40 b6 f1 f6 0f 56 17 0b 2f 31 7d e1 22 5c b6 c0 4b 82 28 6f a8 97 43 99 14 d1 7b a1 e8 ee ea d3 9b f1 20 5d df 34 65 d2 f8 10 19 e8 82 24 c4 b6 0e 35 62 b0 e4 d2 6d bc 5e 13 af 86 d6 88 54 25 5e 65 70 42 2b e9 9a 15 a3
                                                                                                                                                                                                                        Data Ascii: _jHt$KnlvmHQFdr&v]`(D,~|{f"|QL'ZARS8$us@GyeON60{7=f`<-2CTB&y5mSyn 'm6Ko*@V/1}"\K(oC{ ]4e$5bm^T%^epB+
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: dc a9 0f 95 68 d1 ed c3 6d bb e8 c1 cf 40 9a 75 d8 33 87 69 11 66 e0 ab e9 e1 f2 5a 53 21 9b c0 59 e2 f2 41 13 78 b3 d4 cd d4 b3 94 27 28 71 ee 6d 1e 2e 43 a0 f6 9a 00 3b 9c cb aa 3f 4a 9d a6 5f 13 c2 cf 2e 9a 9c 47 90 8e 91 08 94 0b d4 8f c8 1b e2 e8 e9 db 0a f7 19 d1 93 8d 57 9f a5 60 53 de 61 a2 7e 2c c7 4d 50 37 9e fa ab f6 5f f8 da ba 01 61 ea 58 83 8e c5 5d e8 b6 00 30 4c ec 3e 7e d5 59 1d 60 14 43 47 6e 88 71 27 af 36 5e b9 08 1b e4 9c 93 0d 9a 5c 06 0a fc 9f fe c7 00 bc 1e 3b f9 e1 d0 64 4f f0 26 ea 65 31 86 a8 2e a1 9d c8 9b 46 45 dc 55 f6 5d e7 12 17 33 3c 8c 12 09 34 c0 8f 00 01 7c 24 fe d5 26 db 12 94 fc a2 fe e3 69 a1 c7 3e 9e 88 d3 02 b2 91 70 6c 0b e1 aa 2a 23 ae f1 e7 f4 4a 0d a3 db af c0 dd 40 11 e1 06 3d a9 99 90 60 8e 6a 5b 33 17 77 b8
                                                                                                                                                                                                                        Data Ascii: hm@u3ifZS!YAx'(qm.C;?J_.GW`Sa~,MP7_aX]0L>~Y`CGnq'6^\;dO&e1.FEU]3<4|$&i>pl*#J@=`j[3w
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC16384INData Raw: dd ce c0 58 e2 b1 7c d4 4b 23 68 2c 9b 61 92 04 09 4a f1 df 6e 53 28 4d e2 ca 38 6d 8f 78 fd 5b 4b 3e c3 65 77 cf dc c6 97 a6 60 23 49 4a db 1f 6c 32 f0 1b 6a ec 1e 5b c6 1e bc 7a 9f 8e 78 8e 9d cf a6 46 c5 1d 75 ee 8d 2a b0 e2 05 b0 84 79 bb db d1 58 60 c4 ff 22 87 12 12 1d 77 19 20 f4 fa 48 78 ac fb f0 c2 e7 4a 3c 17 d4 25 b1 a3 48 5d 2c 28 e3 93 29 1d 1d a9 95 4c 84 f8 1e 80 9c 9e 03 4b 9a 27 5c 06 e5 bc 00 bd ca 52 9e cc 35 c9 32 be 07 50 8a 06 38 1f 2c 48 2d 77 1d 1b 5b 5a e7 29 77 97 bf ca 8e 9f c0 95 fd 8b 3e 3c ed e8 a8 ca b5 f7 bf ff 7f a5 f7 bd ef 37 e4 05 e0 b2 a6 f2 8b 3a 57 f7 c0 75 20 4b c6 5d 5c b7 bf 5d 26 1b e3 d6 af c4 1a 2c bc 7a 56 5e 1b 6f f8 ed 4d 9f f3 46 fa da af fd ba 74 ad 2f f8 82 3f 4a bf fa ff f9 35 fa e8 c7 5f a6 7f f7 dc 07
                                                                                                                                                                                                                        Data Ascii: X|K#h,aJnS(M8mx[K>ew`#IJl2j[zxFu*yX`"w HxJ<%H],()LK'\R52P8,H-w[Z)w><7:Wu K]\]&,zV^oMFt/?J5_
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC16384INData Raw: 67 55 77 46 94 ad ea 6f d1 b4 ee 52 09 ac dc d9 26 b6 fa 9e c7 da ad ef d8 a7 81 aa b5 87 be c6 71 eb 67 5f 07 4a be 36 b9 85 29 2d b5 d2 ae ce 97 58 9e d3 7c 55 ad 87 50 85 41 58 5b 06 1f 0b 0e be d2 38 f3 b1 e4 31 7c eb 9e bf 50 d0 56 46 10 23 56 5e 3e 07 2e b7 98 06 65 dd 43 3c 2b 72 d5 2d 74 0e 04 19 d2 40 12 aa 87 04 be d0 9f 67 73 4d a4 2e b2 03 8f 15 b0 cd 8a 4b 39 18 0d 3b 06 1e 6d ac 38 d9 86 8e e7 90 64 8b 68 b5 e7 ec c5 75 ed f5 c7 6b c3 e4 88 e6 e3 43 e9 77 3e e7 7a ee b9 fc 48 f9 f9 d7 18 12 68 73 f7 2c 6d ec ec 26 4f 9f 54 93 21 3c f8 d9 9f fb 57 9f f5 fd 3f fe eb 0f 7c 7f 66 40 b4 ed dc 39 c6 61 f7 c8 63 c2 4a 10 26 ee 87 ad 4d 40 d8 85 62 87 99 c5 10 07 d6 8e fd 4a de 4f b6 5d a2 ac a8 2f 19 10 c5 12 f6 51 cd f9 b5 c2 ae fd 4c f3 fe 1a f7
                                                                                                                                                                                                                        Data Ascii: gUwFoR&qg_J6)-X|UPAX[81|PVF#V^>.eC<+r-t@gsM.K9;m8dhukCw>zHhs,m&OT!<W?|f@9acJ&M@bJO]/QL
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC16384INData Raw: 8c 55 9a 7f f0 4b b7 8a 59 60 96 76 11 9b b4 c5 77 d5 54 8a 22 52 82 62 ee 8c 6b e6 d1 75 5b 58 77 6c da e9 5f ca fd d6 1f fd 97 e8 9f c2 ca 18 6c 6f f1 94 1f 63 fb 4e 76 9c cf a7 ba 66 69 99 00 36 56 c7 f9 29 eb 72 eb 7e 8d f3 5a 37 8d ad d3 d2 3c 1f b5 ff 76 7c dc 91 8e 1f 0d db ab 44 59 97 db de ff 6a 79 ab 58 c4 58 91 c7 83 53 72 c7 77 3d 7f ea 45 b6 af b6 39 0f ed bf 6c 95 dd e7 ac d4 ef c4 0d 76 99 e9 10 5b 13 98 97 2a b1 cb da 6f 50 60 74 44 b1 e5 e5 0b c5 f3 9b f2 d2 9e b3 57 a9 9b 63 a0 7c ec a0 db 13 f0 15 17 a3 40 db d8 27 6e 09 b4 b7 3d 0c f7 5f 99 c4 fa ec 46 10 c3 17 fe c0 12 76 a0 40 ec 3e 26 6f ca 49 98 cf 9f c5 f7 2d aa 8c 74 83 3e 71 44 2f f7 4a e0 a5 8c 87 2f 9a 4c 88 ed a2 31 61 23 fe eb e2 c5 d7 07 7a e1 01 5d e2 3d cf df 51 6f aa 4b
                                                                                                                                                                                                                        Data Ascii: UKY`vwT"Rbku[Xwl_locNvfi6V)r~Z7<v|DYjyXXSrw=E9lv[*oP`tDWc|@'n=_Fv@>&oI-t>qD/J/L1a#z]=QoK
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC16384INData Raw: da 66 2f 2e 09 f9 c6 6c ba a9 90 72 80 78 7e 7d 2b 7e f2 e2 7c b8 31 35 17 c5 fa 75 80 c7 cb 5a a6 9c 4f e7 b7 a8 e7 d5 f5 10 d4 f3 97 25 fe 0b d6 2f b0 63 1f 71 d4 75 44 81 97 87 b5 e0 f3 e2 cc 9a 24 5a 46 ec 57 b2 82 d9 fd 9c fd b0 8b 24 cc c9 88 90 e9 e7 4b 17 44 cd 71 7b 5c 18 10 67 f7 df 19 b3 31 2c 83 ae 73 05 e8 a2 e4 62 a8 f0 2a 25 5b 26 07 5b 67 f2 3e cf d7 8b 18 30 9c b1 ac bf 1b db 4a 96 ff 33 18 53 eb 97 e3 0f 9f 93 fd bb 6d 69 15 52 99 c8 fa 79 4c 23 71 ac a7 b6 b1 50 50 84 e6 86 a8 89 e7 4e 8a 07 8b 25 99 47 79 70 c2 c5 76 d8 41 9a 97 ab 69 8a 4b e7 e7 e1 3b 71 88 25 60 46 ad c1 15 b2 8b 97 db fc 7c 7f ae 87 15 fe 47 39 fc c9 2a 7b 85 8a 8a a7 9c 58 b9 cc ed e5 7e a4 8e b4 4f 14 9f 8d cc db 45 71 4e d8 e7 7a 8a f9 d2 df 6e f9 72 f4 0f 00 d6
                                                                                                                                                                                                                        Data Ascii: f/.lrx~}+~|15uZO%/cquD$ZFW$KDq{\g1,sb*%[&[g>0J3SmiRyL#qPPN%GypvAiK;q%`F|G9*{X~OEqNznr


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        86192.168.2.749821129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC442OUTGET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:48 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        87192.168.2.749823119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC665OUTGET /im.qq.com_new/de9c920b/img/guild-1.45f490cc.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:48 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 55620
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:48 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: a6c7df88-cf39-480a-a6a6-e316953d49cf
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 65 5d 73 d2 ca ad 9a ad aa 38 9d fb 46 58 80 36 91 f1 bf b3 c0 51 6a 93 de e0 e9 74 b9 f3 90 b7 e1 43 4f 68 d5 e2 ee 80 8b 9f 51 73 98 51 a7 f9 8b bc e8 91 bf ea 39 98 f5 3a 9b fe 23 28 48 ad d0 f3 37 9f f9 a7 cb f0 66 b2 f7 86 bc eb 30 99 fd 5b aa f7 b8 d5 f3 53 4c 63 98 c1 ec b4 cd ed e6 eb f3 d4 dd ee ad c9 ea 9c c8 f2 a3 cd f7 a3 c4 ea c3 d6 ee cc d7 eb 7a c0 f9 6f bb fa 73 b5 f3 98 ac d4 b1 d7 f7 c9 dd f4 45 9f f8 ad 85 8d bd d1 ec 56 55 6a 81 b6 e9 e3 e2 ec ef e9 ea 4e a2 f2 93 a4 cd eb e0 e2 60 5c 71 2a 31 53 82 bd f3 90 9b bf 66 71 9a da e6 f4 6c 64 77 be dc f7 31 47 98 6e 6c 82 39 3a 56 8e c2 f5 8b 81 9a 7e 88 a9 87 79 8c b2
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTEe]s8FX6QjtCOhQsQ9:#(H7f0[SLczosEVUjN`\q*1Sfqldw1Gnl9:V~y
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 6e ba e8 32 d6 bf e2 9b 30 db 20 98 1d a0 86 f0 38 30 c6 2c 1c d8 9c ce 8b 84 1a 0e 7d c8 fb 02 da 46 6d 85 f0 96 67 9d e8 65 5b 94 64 d6 d5 7c 95 e5 85 a4 46 54 96 d4 e7 0a 36 43 db 35 60 85 d7 17 21 13 38 d5 3c f9 05 32 be 94 c9 73 3b de a4 db 5a f0 19 25 cc 62 6b 84 ba 0c 7f 13 10 f1 7f 1c dc 74 09 bc 7f 24 a6 5f 84 86 bb 80 9b ce 4c 1e 7f 73 9b b4 91 05 eb 14 36 11 b1 21 77 23 b6 60 4f 40 92 0e b7 19 89 4d 86 f4 c0 cd 64 c0 03 17 48 11 98 c8 40 6e 68 e3 df 49 a9 ae 9c 3c d3 f1 92 c9 a0 a9 ea c4 09 62 3b e0 cb ea 12 f3 ad cf 78 ad 76 24 af 14 ef 40 0d 4e c3 34 cd 9a 1b df ff 1a c8 a8 3b df ff 1a a1 24 c6 9f 79 eb 19 ae 1a 1d 65 87 56 0c 78 8c 1a a1 5c 0a 86 73 32 bd 38 31 74 40 73 5b cf c0 d0 98 6b 26 06 4f d0 c7 dd 2e c2 0e dc e7 6e fb 42 52 6b 8d dc
                                                                                                                                                                                                                        Data Ascii: n20 80,}Fmge[d|FT6C5`!8<2s;Z%bkt$_Ls6!w#`O@MdH@nhI<b;xv$@N4;$yeVx\s281t@s[k&O.nBRk
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: de 9d e8 5a fc 78 eb d4 35 bf ff ee 8e 7b 79 5b d3 49 35 fb ca 13 0d ba de 81 eb d9 4a 47 24 3f b8 31 97 59 8d 39 6d 0c 9c 69 d4 3a 2e fe c4 e1 76 53 d4 a4 5f 8b da c6 8d 8b ae 99 c5 d8 0b a6 40 6d 24 ba c9 01 36 57 b8 74 5b b3 69 a2 cd 52 fb cf 08 c9 6d e5 c7 16 51 51 5f dd 65 8c 36 51 d4 8a 7b 7b bb 39 bf 3c 90 19 82 50 3e d6 25 0a 9b 29 94 8c b6 d8 32 a7 4c 9a 1e f7 0c b6 e9 50 4b 5a 7e 34 62 15 8b 7a ad a0 66 b1 dd 06 5b 6a 90 c1 46 13 c7 bd f0 79 6c 98 8d 69 cf 53 65 76 16 23 f5 db 02 27 60 92 0f 19 97 c4 fe 4c df 68 2b 05 5a 41 41 56 db be c6 1b 03 c6 6c b1 2f fb b0 35 37 9f 77 b0 89 d9 57 9d 7a 49 1e e8 e6 5f 6f bd 53 c4 02 03 23 d7 ea 98 f8 d8 a9 53 a7 c6 3c 18 19 4c 28 73 7b 7f 7b d3 5d e6 3a 71 62 33 75 e8 1d 6f 59 48 c4 46 f3 90 dd f4 39 3f 30
                                                                                                                                                                                                                        Data Ascii: Zx5{y[I5JG$?1Y9mi:.vS_@m$6Wt[iRmQQ_e6Q{{9<P>%)2LPKZ~4bzf[jFyliSev#'`Lh+ZAAVl/57wWzI_oS#S<L(s{{]:qb3uoYHF9?0
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC6938INData Raw: 2f de 7e 10 9b 15 54 8d 19 34 f9 cd a6 04 6e 30 6c 4f 9a d9 2a 56 8f cc c9 22 07 e3 e6 03 ec 82 d4 1a 86 b1 c8 1a 45 2d 4c 91 c2 2c ac a9 7f 1c 6c 5e 75 e7 36 03 1f 9f 1b 39 41 e3 8c d8 36 3e 3d 7e 63 93 9b cb 34 61 36 62 e4 21 ca 7c 18 d6 af 25 83 fc 01 6c 95 4a a6 b2 5a a2 99 aa cc b1 59 70 46 37 7e 1d dd 08 1b 46 09 9a 01 cb 3a b9 47 1e c9 76 87 85 c6 14 19 15 f2 94 1e 29 30 42 2d ef dc 44 ad 00 35 61 63 4a ba dc 66 83 e3 cd f7 35 6b 0b fe dc f4 94 42 a4 52 12 78 05 9b a5 ba 5f d8 52 68 fc 41 1a 1d 1b d0 af 7b 89 b6 2e 35 9b 1e ed a2 96 e4 a0 52 e7 6c ff a2 a0 8d a5 d4 6e 8f d8 90 12 96 c5 c5 e1 a3 97 45 6a 46 eb c6 67 63 8c 04 9c 50 f5 e5 72 14 58 df 6b bd 6d c2 23 40 e1 b6 b0 97 b4 6d 1f 11 23 63 90 7c cc b9 dd 8a 84 c4 2b 91 3d 0b f1 79 b6 1a 71 b3
                                                                                                                                                                                                                        Data Ascii: /~T4n0lO*V"E-L,l^u69A6>=~c4a6b!|%lJZYpF7~F:Gv)0B-D5acJf5kBRx_RhA{.5RlnEjFgcPrXkm#@m#c|+=yq


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        88192.168.2.749822119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC670OUTGET /im.qq.com_new/de9c920b/img/guild-logo-1.c1c08300.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:48 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10520
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:48 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8e3f6b6d-299c-4f76-a216-0a0a186781a0
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC10520INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 03 00 50 4c 54 45 00 00 00 c5 94 20 9b 51 2a 90 09 06 f6 50 35 cc 90 50 88 5c 46 aa 7f 72 e5 71 37 df b4 42 ec c3 7a df 25 1e f3 62 4a d7 bb 9a d9 b6 58 d2 a3 43 f8 b7 aa ca 9a 2f e8 b4 50 cd 9d 37 ec e3 b4 9c 60 3c ec e1 96 f7 72 3d fa 69 41 47 00 01 3f 00 00 4f 00 01 ff e1 c1 31 01 01 2b 02 01 69 35 0b fe fe fc fe d6 b5 59 00 01 fe dd b9 2f 11 05 38 00 00 5e 30 0a 65 02 01 71 3c 11 45 21 08 52 29 09 fe d4 ae 3a 1a 06 fd cd ad fd e8 b8 27 04 01 97 41 1a 22 08 02 02 2c 95 b5 77 08 01 35 a3 fd a0 58 88 04 01 ca 9c a2 6f 03 01 ab 7c 4f a9 56 2d a2 4d 24 96 4a 22 7b 3e 1a e6 7b 4a d6 74 45 b1 1a 06 f8 cb a9 cd 67 3b 95 05 02 f7 c4 a2 ed b6 93 ff 5e 39 bf
                                                                                                                                                                                                                        Data Ascii: PNGIHDRyy*$~{PLTE Q*P5P\Frq7Bz%bJXC/P7`<r=iAG?O1+i5Y/8^0eq<E!R):'A",w5Xo|OV-M$J"{>{JtEg;^9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        89192.168.2.749824119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC665OUTGET /im.qq.com_new/de9c920b/img/guild-2.bb8e2315.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:48 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 57081
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:48 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 71c36fb8-7f17-4112-b548-f8f2e89b5d2f
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f8 08 03 00 00 00 b7 f2 33 ea 00 00 03 00 50 4c 54 45 00 00 00 4c 76 87 45 65 78 2b 1c 16 43 26 18 52 2f 1b 8d 8a 88 87 85 87 47 5d 67 3c 28 20 5c 67 6e 61 47 35 3c 22 14 70 78 7d ae 98 83 22 18 14 0e 0c 0b 29 1d 18 61 88 9c 5a 32 1d 1a 12 0e 51 2c 19 56 2f 1b f6 f5 f1 4b 29 18 a6 a3 a1 2e 24 21 5c 85 99 97 b1 be 52 7d 90 5f 34 1d 64 38 20 46 26 16 75 9b a8 4c 79 8c 3a 1f 13 a3 ba c5 a4 9e 9a 65 3d 25 32 22 1a 40 22 14 85 a6 b4 91 ad bc 38 27 1f 35 2b 27 f4 f0 eb c5 cc d3 56 81 94 9e 99 97 5d 39 23 a4 b6 be 7a 9f ab 8d 8d 91 6a 41 29 9c b6 c2 69 92 a5 6c 3d 22 22 1f 20 c2 c5 cc ad a8 a5 b8 b2 b1 19 17 17 76 41 26 32 1a 10 b1 ac ab 62 8d a0 a5 a7 aa 41 2d 23 9e 9c 9e 47 74 87 8c a9 b7 97
                                                                                                                                                                                                                        Data Ascii: PNGIHDR3PLTELvEex+C&R/G]g<( \gnaG5<"px}")aZ2Q,V/K).$!\R}_4d8 F&uLy:e=%2"@"8'5+'V]9#zjA)il="" vA&2bA-#Gt
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 3e 5b 58 e2 34 83 d0 d8 0c 1a 1b 77 6e 26 c6 a6 4a ff 64 33 16 c7 44 da e8 3d a0 e1 ed a4 04 33 d1 69 b2 db bc 81 c9 c5 b3 f6 b2 b6 8e 91 b0 a7 0a af 6b 81 8d 06 70 70 db dc b5 bd 7b 1f 3c 8c fb 3e 9f 5d 5a 9a f4 f9 d2 99 2a 1a 5f b3 68 b4 19 0a 11 36 8e 93 68 3c 08 a0 e1 59 30 08 bb 05 19 1b 22 a4 27 b0 b5 6a f0 4e af 4e 27 c3 8b eb e1 78 3c e9 34 59 09 1b 13 51 76 ab 5d 4f 5d 8d da 22 21 0f 7a 32 47 d3 bc e8 d9 d4 98 4d ca 9a 6c 30 a5 9a c3 c9 64 2c 1c 37 45 cd 45 10 cc 16 b5 d9 ae ec ec 65 b9 3b 46 c3 c6 63 a9 e6 78 69 48 8e 2f 86 96 7d 4b 2b 76 4a 47 8c 4b 81 cd 4d 0e 91 3b 57 e6 30 62 a4 6b 76 25 31 ec ce 60 cf 57 f7 4a 61 a0 8d 55 ab 9b f3 1c 1e 28 d2 b5 91 18 b4 29 51 21 99 2f 27 d1 a9 23 54 2f b1 31 33 85 0d d7 6d bd 84 18 d9 a0 a8 15 e6 24 84 49
                                                                                                                                                                                                                        Data Ascii: >[X4wn&Jd3D=3ikpp{<>]Z*_h6h<Y0"'jNN'x<4YQv]O]"!z2GMl0d,7EEe;FcxiH/}K+vJGKM;W0bkv%1`WJaU()Q!/'#T/13m$I
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC16384INData Raw: 64 98 7c 29 2e 17 5d ba cc fc fc 1e 44 06 cd e8 4d 28 dd a5 90 2b 2d 6e 68 c0 fd dd 2c cc bf e4 fe c3 03 0a 92 0f 9e af 3c 7e 06 b3 c5 c3 17 6c ee 72 62 cb d3 66 77 5f 6e 6b ad 6f 0f 75 f3 c7 48 41 1a 88 76 fc e9 ff 07 db 92 cf a7 37 dd f5 e9 63 7a 34 cd c4 28 9e 4e 8f 49 17 0c 58 59 db 3c 6e 65 ae 74 c9 f0 d8 5a ac 5e 83 da 1b 98 89 21 b7 2c dd d9 fd 88 fb 7a 39 8b 0d 42 4a 94 86 f1 a2 9f 3e 45 15 c7 a0 5a c8 a1 33 e8 45 b0 8d 28 6e 45 4a 6d a4 01 c4 f9 b3 98 38 5b be 48 b7 e9 29 b6 a9 29 b8 61 f3 c4 af 5b 54 46 79 c8 37 76 60 b6 aa b0 45 92 b8 69 04 a7 6c 55 52 6f 0a 97 8f 79 51 1f 0b b7 42 1c 59 ab af 3d d4 1f ec a2 14 29 51 b3 9b 23 2c 01 3d bd bc 1a 69 e9 f2 46 ea 91 80 2b aa e4 08 77 eb c0 58 4a 51 bd bf e1 6b d7 da cf 37 54 06 bd 6e 2f 9f f6 51 97
                                                                                                                                                                                                                        Data Ascii: d|).]DM(+-nh,<~lrbfw_nkouHAv7cz4(NIXY<netZ^!,z9BJ>EZ3E(nEJm8[H))a[TFy7v`EilURoyQBY=)Q#,=iF+wXJQk7Tn/Q
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC8399INData Raw: c2 0e b9 1d 7a fd f5 83 42 1b 46 0d 4a ff 35 66 54 7b 39 39 3d 71 d0 47 77 85 68 01 65 6a 84 22 82 82 09 5e 47 36 93 f6 22 36 c1 03 b8 e2 17 5f ec 66 bd 9c e2 20 48 3f 2c 82 8c c9 e0 39 ce 9e e5 05 ce e8 d9 6b 3c 71 c7 d3 0f 3f fc f0 6b 2b 3f 5e 20 be d8 d9 e9 ae 23 b3 a4 cc 91 67 8f 3e 97 6b 75 76 5b eb 47 7e 32 40 8d 69 58 74 da 09 dc 6d ac 0a 2a 63 1b cb 94 ed 0a b7 56 2b 29 ed c0 04 24 92 b1 ad c8 0d 6a ca fe f2 93 fa 9c 9b ca a8 9c c2 88 cd 38 ef e3 d7 06 52 04 25 93 35 b8 4e 14 49 44 e2 8c 51 27 09 59 62 5c 28 89 3a 73 10 37 68 63 be 0d 58 5a d2 07 24 b8 65 c6 a0 17 f6 b8 a9 91 00 d0 2e 52 7b ab 78 68 53 41 8a d4 50 98 3c 83 1b 43 9b 3e b3 c0 2f 9c e7 43 9c 11 9d 9c eb 4c b6 ff 34 c5 4c ee 86 ea 56 92 f4 d0 a5 a3 cd d1 fb e9 e6 94 0d ba ee 39 8f cb
                                                                                                                                                                                                                        Data Ascii: zBFJ5fT{99=qGwhej"^G6"6_f H?,9k<q?k+?^ #g>kuv[G~2@iXtm*cV+)$j8R%5NIDQ'Yb\(:s7hcXZ$e.R{xhSAP<C>/CL4LV9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        90192.168.2.74980243.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:48 UTC590OUTGET /collect/whitelist?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC202INHTTP/1.1 403 Forbidden
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:48 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 13
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        X-Powered-By: Express
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC13INData Raw: 34 30 33 20 66 6f 72 62 69 64 64 65 6e
                                                                                                                                                                                                                        Data Ascii: 403 forbidden


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        91192.168.2.749827129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC442OUTGET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:49 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        92192.168.2.749830203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC392OUTGET /im.qq.com_new/de9c920b/img/guild-logo-1.c1c08300.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:50 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10520
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:49 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 48796c49-f474-4f83-b96a-cd4a43385200
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC10520INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 03 00 50 4c 54 45 00 00 00 c5 94 20 9b 51 2a 90 09 06 f6 50 35 cc 90 50 88 5c 46 aa 7f 72 e5 71 37 df b4 42 ec c3 7a df 25 1e f3 62 4a d7 bb 9a d9 b6 58 d2 a3 43 f8 b7 aa ca 9a 2f e8 b4 50 cd 9d 37 ec e3 b4 9c 60 3c ec e1 96 f7 72 3d fa 69 41 47 00 01 3f 00 00 4f 00 01 ff e1 c1 31 01 01 2b 02 01 69 35 0b fe fe fc fe d6 b5 59 00 01 fe dd b9 2f 11 05 38 00 00 5e 30 0a 65 02 01 71 3c 11 45 21 08 52 29 09 fe d4 ae 3a 1a 06 fd cd ad fd e8 b8 27 04 01 97 41 1a 22 08 02 02 2c 95 b5 77 08 01 35 a3 fd a0 58 88 04 01 ca 9c a2 6f 03 01 ab 7c 4f a9 56 2d a2 4d 24 96 4a 22 7b 3e 1a e6 7b 4a d6 74 45 b1 1a 06 f8 cb a9 cd 67 3b 95 05 02 f7 c4 a2 ed b6 93 ff 5e 39 bf
                                                                                                                                                                                                                        Data Ascii: PNGIHDRyy*$~{PLTE Q*P5P\Frq7Bz%bJXC/P7`<r=iAG?O1+i5Y/8^0eq<E!R):'A",w5Xo|OV-M$J"{>{JtEg;^9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        93192.168.2.749831119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC665OUTGET /im.qq.com_new/de9c920b/img/guild-4.cf504f86.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:50 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 53552
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:50 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8a094721-b8e9-40e2-afc1-ebdcbd75579e
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 f7 50 4c 54 45 29 2c 4a 97 a4 ca 1c 1e 35 2d 27 38 37 52 91 30 30 46 7f a2 dd 4c 67 ab ab d3 fa 45 5b 91 5f 73 b7 3a 47 73 7a 8e dd 14 1f 3d 76 85 ca 2f 3c 74 66 76 b7 2c 40 6a 91 aa e5 9e c9 ee 4f 68 a6 20 20 32 08 0d 20 32 2b 3b 22 1f 2e 07 09 18 19 19 29 22 23 37 37 2e 3e 1c 1c 2f 28 22 32 2d 26 36 1f 1a 29 02 03 0e 0d 15 31 0a 10 2a 0f 19 39 28 25 38 18 14 23 23 26 3d 3b 32 43 2c 29 3d 30 2d 43 14 19 32 0f 11 22 1a 1f 38 11 15 2a 18 24 46 12 1e 40 26 2a 44 11 0d 1a 2e 30 4b 41 36 48 23 34 60 1e 2e 58 2d 3b 63 24 2d 4d 18 27 50 43 3b 4e 2b 35 56 4b 6c b7 e0 d3 d5 d8 b9 c1 da cf d2 36 35 4e 8d e9 f8 64 8f e3 50 71 bf 4a 40 53 46 63 b1 e1 c9 cf 57
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTE),J5-'87R00FLgE[_s:Gsz=v/<tfv,@jOh 2 2+;".)"#77.>/("2-&6)1*9(%8##&=;2C,)=0-C2"8*$F@&*D.0KA6H#4`.X-;c$-M'PC;N+5VKl65NdPqJ@SFcW
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: 6a d5 aa ce ae 1e e9 94 4c b1 1a 49 2f a9 75 dc 31 92 44 3f 8f 7f 6c 7c 82 e1 e4 c4 d6 a1 35 6b d6 7e ba fa 80 70 bb 95 6f 48 02 ba af c1 af 27 e7 e2 91 9f 4e d4 b8 1c ad 75 de 91 58 8c ab 4c 52 f3 23 10 5d 38 fa 5e 7d 20 20 d8 e0 12 1d 48 b2 51 49 49 f6 8e 44 a3 a1 fa 90 83 69 78 a5 05 ed f3 16 78 49 27 59 b5 e8 6a 3b b1 ed 27 92 03 48 48 c0 ca 6a bb cc 6d 48 02 65 42 d5 0b c2 23 3a 91 8b 81 cd 99 69 e0 00 70 e0 d6 72 01 b9 51 5f 4a 3f c6 f2 6b 1e 62 34 15 91 00 73 b1 b6 da bc 9a 59 1f a7 b3 a0 a6 7f 56 1a 4d 11 cb f9 d3 52 b9 36 95 3f c5 48 70 39 f4 66 11 07 69 b1 b3 65 19 d0 60 7c d3 77 83 ba 1c 62 e8 0d 26 35 b5 4d 99 cd 20 6b 6f 44 e6 c6 7d 93 b7 e1 6c 7b a8 a3 b9 a1 41 7e 0a ce aa c6 37 df dc 81 99 2a 8a 6d be ad a3 57 b0 09 37 a9 49 ae c3 45 cc d8
                                                                                                                                                                                                                        Data Ascii: jLI/u1D?l|5k~poH'NuXLR#]8^} HQIIDixxI'Yj;'HHjmHeB#:iprQ_J?kb4sYVMR6?Hp9fie`|wb&5M koD}l{A~7*mW7IE
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: d3 09 ae da b8 95 ae 9d 30 61 ed 5a 04 e6 8e b5 96 f3 bb 6a ca a5 ce c0 36 d4 4f 1a 37 9e b0 4e 62 f6 f6 d8 c4 ed ff b1 81 cc 6a 23 6f a3 36 cc 8b 0d 62 f6 f1 17 3f fc 63 9f 10 1b 62 33 6e 60 53 71 6b 0c d8 30 5e 14 b5 46 82 6d cb 96 8c 79 57 4e 6e 59 74 1f a6 0a 57 f1 95 86 6b b8 af 17 a6 af 67 4b ed 46 73 5d ee 5b 47 9f 40 0b 1e 1c a6 04 80 21 0e df 59 30 e3 3b 76 2d 74 ea ec 95 0b 77 be 26 6c b2 e9 88 4d f4 6e c0 6d af 6b 90 3d 75 2f 6a d3 14 c5 3d 7b 6e ec e5 ec b8 06 f0 a9 8d c6 f3 7c 30 a4 67 7e 52 96 1b 72 43 6e 79 8b df 58 5c 35 d0 98 7c 78 5f d2 2c eb 62 2b 26 3f d9 d7 7f 49 7a 93 71 43 ea 4d 71 c3 e6 94 c8 4d de 94 dc b0 80 1b b0 56 4d 78 72 d5 b2 20 72 c4 71 ae 02 1c 97 12 bd c5 b9 79 c5 61 61 55 12 78 9c b9 23 26 89 61 e3 c6 4f 24 37 ad 6d 1e
                                                                                                                                                                                                                        Data Ascii: 0aZj6O7Nbj#o6b?cb3n`Sqk0^FmyWNnYtWkgKFs][G@!Y0;v-tw&lMnmk=u/j={n|0g~RrCnyX\5|x_,b+&?IzqCMqMVMxr rqyaaUx#&aO$7m
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC4870INData Raw: d9 60 cb 06 1c 69 09 af 7e a8 e9 a0 ab 07 57 37 67 f2 45 d5 39 d5 10 13 b7 8c c1 d6 8c 8c f3 97 b6 f4 49 ed 0d cb b9 38 03 16 61 33 c7 cd b6 ac 12 6c 8c 69 a9 36 01 5f ce 9b a1 ae 3c 8b 9e 64 a5 2a 67 5f 5a 5a 4f 59 4b 4a a6 35 df c3 a9 bb 9b 68 dd 2e 39 6a aa 8e cd f0 c6 9d 45 cc 66 69 89 c7 06 37 2f c0 bd c3 4c 20 b6 5c 02 b7 47 b8 1c a5 8b a5 86 4c 9b a5 3a 4b 6e a7 5b e7 d3 e8 f9 6b 35 37 d5 fe db 8d b7 ed b9 77 d4 86 74 b8 54 56 12 b3 d8 3e b8 14 b8 0d 69 7d 24 32 9b 74 60 42 8a df 94 b1 a8 17 82 93 d9 44 2e 29 21 39 3e 1f 37 c9 96 ee 1b e3 76 c0 ca 8d 5d 97 1f 40 19 6c 3e 91 df c0 16 2d 95 30 23 b0 b7 c3 56 4c 90 c4 71 c5 99 fc 68 4b 5c d5 6b ba d6 cc 11 34 9b 02 30 07 98 9c b3 f6 fc b5 83 8c 6c 90 23 2f c9 af ce de 5a d7 d7 27 74 eb 18 e0 a6 2d 6f
                                                                                                                                                                                                                        Data Ascii: `i~W7gE9I8a3li6_<d*g_ZZOYKJ5h.9jEfi7/L \GL:Kn[k57wtTV>i}$2t`BD.)!9>7v]@l>-0#VLqhK\k40l#/Z't-o


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        94192.168.2.749832129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:49 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069908611&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:50 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        95192.168.2.749828203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC386OUTGET /im.qq.com_new/de9c920b/img/page-1.9d39f9ad.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC534INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:50 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 186062
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:50 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 0d6b4c09-105b-4c20-a4d2-ba61cc483d12
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC15850INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 64 00 00 06 38 08 03 00 00 00 c6 42 fe d1 00 00 02 fd 50 4c 54 45 00 00 00 07 39 7d 00 3a 7d 00 3a 7e 00 3b 7e 9b b3 cd 39 62 8e f0 f1 f3 e3 e7 ed ff ff ff f6 f6 f6 ef ef ef 01 00 00 e9 e9 ea dd dd de 00 9b ff f6 ed eb a7 a7 a8 f5 e4 e2 10 11 14 ff b6 11 d4 d4 d5 22 1f 1e 5f 5e 5e 82 7f 7f af b1 b3 9e 9f a0 16 19 24 89 bc ea 3f 41 40 39 9d fb cb ca cc c1 c0 c0 bb ba bb 2a 2f 35 53 a8 f8 92 bf ea 36 33 3e 24 27 31 31 2e 39 4d 9d f1 39 96 f4 1c 1f 32 4b 4f 5c 44 47 54 37 38 47 fe fc f2 e5 e2 e3 b1 ce ed 72 6d 6e a4 cd f6 71 b7 f8 27 2a 45 a8 c8 e9 81 b6 e8 d9 e2 ee 90 8c 8d be d3 ec 9c c4 ec 3a 40 54 68 6e 7d 50 4b 51 3d 43 60 42 3f 4b 4d 5f 84 51 59 75 cd da ed 46 4d 6a 30 99 fd 28 3b 3a 62 5b 69 5a
                                                                                                                                                                                                                        Data Ascii: PNGIHDRd8BPLTE9}:}:~;~9b"_^^$?A@9*/5S63>$'11.9M92KO\DGT78Grmnq'*E:@Thn}PKQ=C`B?KM_QYuFMj0(;:b[iZ
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: 60 64 2b 6f bd 7b df ca 0a e3 c5 9b 56 d0 c0 c4 6e 85 b1 81 b2 3b 19 32 ce 45 0c 4d 31 83 98 5b 6d 11 9c 59 c8 28 33 a5 8a 8d 71 b3 a1 0c 3a 84 8c 3e e6 02 c5 5a 66 10 da f8 35 bb f1 ea 17 b2 12 38 21 b3 c5 0f 75 b2 3a a2 92 89 07 e6 e7 4f cd f7 90 35 be fd 9c 0c 8d e7 64 b2 2b 66 fe 57 59 30 a3 ce 63 31 fc b0 91 f9 f2 93 32 9f 2d 6d a5 e7 27 6c da f3 e8 0a 5f 9e ce c9 34 60 4c e1 7f 5a 0e df a1 66 33 9b dd 98 9d dd 18 43 d5 e3 72 d7 4b d3 53 b0 b0 67 9e 21 65 0f 88 2c 66 e8 4d 4d 4f 0c d3 8f a8 f2 a7 2f dd 7f e1 fe 91 56 6b 53 cc 94 34 66 59 ea 66 85 82 f3 30 1c 4e 44 ce ba 99 49 ca 7e fb a9 d7 be 49 0b f4 62 4f 60 ec b7 e3 20 fe 67 ab a9 ea 5b 74 c1 0f 63 5f 79 92 c5 c2 7b 2a 48 91 1d 50 06 7e e0 5f 18 2e 13 9b fa 06 74 55 dd 2e 92 1e 47 d1 42 94 39 2f
                                                                                                                                                                                                                        Data Ascii: `d+o{Vn;2EM1[mY(3q:>Zf58!u:O5d+fWY0c12-m'l_4`LZf3CrKSg!e,fMMO/VkS4fYf0NDI~IbO` g[tc_y{*HP~_.tU.GB9/
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: 01 32 6a 43 ea cb b9 73 e6 cd a1 8b 51 73 de bf e0 a9 d2 a2 73 2f ef 99 bb 7c 41 cd 9c dd 37 06 74 a8 88 94 47 18 b2 1e fd 28 3f c1 b3 72 b6 01 2c 0e ef 6e 51 55 ca ef 8c 18 ad ea 97 a8 41 74 38 cb 19 89 b9 b0 6c ea d4 35 29 f9 9c b1 0e de 61 5a 7c 4c d0 c3 0b 0e 4a 3e e3 3a 19 20 b3 8c 91 32 18 99 75 b2 b7 8e 35 22 7b f3 18 4e 66 9b e1 8f e7 ea 68 77 c3 68 37 f5 e1 fa b1 5b f1 21 0b ca fe 6c bd 0c 85 55 d7 88 18 c2 46 40 d6 a7 9d ac 6f 07 3e c2 2f 1f 28 a3 93 99 69 32 32 b6 63 df 5e db 7d c0 36 c3 7f a7 2a 3a ca 13 43 63 a1 b0 54 7b c8 f4 59 3c bb 08 fb 0e 2a 15 d9 2d 35 e1 65 8a b2 b2 00 8b 07 22 28 42 46 38 88 99 07 e2 2b 2e fa 98 1c b0 32 25 20 56 a7 10 ab 8b a2 ed 75 76 82 33 bc d1 92 d7 5c 50 9d 89 b9 b0 d6 5b e5 a8 5c fc c5 2f 7e 79 1f ca f4 0a a9
                                                                                                                                                                                                                        Data Ascii: 2jCsQss/|A7tG(?r,nQUAt8l5)aZ|LJ>: 2u5"{Nfhwh7[!lUF@o>/(i22c^}6*:CcT{Y<*-5e"(BF8+.2% Vuv3\P[\/~y
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: 26 73 c0 49 de 0b 5e fa 22 1f 10 b3 41 54 3f 48 d9 c8 ea 88 be 87 fb f8 8c 76 b2 15 40 16 2f 03 64 45 71 b8 1a be e3 36 23 7b b0 2c 8c bd ca 99 16 5e c9 07 58 fc 97 04 2c ce 2e 51 9d 8f a9 35 30 b1 2a 79 04 94 91 09 63 fd a1 08 3e d1 66 a6 ae 39 8c 69 27 23 67 b6 96 0f 87 de 45 1e 76 b4 e4 d8 96 ad 2e f6 a0 71 2b 39 4c 10 36 19 99 04 8b ff bb 40 95 21 4c 72 32 42 c6 7e 0f c4 76 62 65 31 34 77 00 b2 02 13 2e 8a 91 d1 c9 ee e1 aa 20 6b 23 64 81 8c 87 90 29 79 52 ea 8f dd 1b 87 d0 b7 58 5b 50 ea 3e f5 b9 cf 61 45 8c 45 44 60 16 94 01 c3 f8 39 31 a4 e2 2b fe 4e 62 12 20 62 78 2c ec 23 38 35 e7 0a 10 23 3e 7b 36 4a b1 e8 f8 14 63 3e 58 f0 af e1 51 73 0c f7 75 61 c9 84 12 c6 0a 18 2f d2 c8 8e 9d c5 2a 59 7f 15 d8 02 64 67 cf 80 32 0c 17 08 6b ca c2 67 c3 aa ba
                                                                                                                                                                                                                        Data Ascii: &sI^"AT?Hv@/dEq6#{,^X,.Q50*yc>f9i'#gEv.q+9L6@!Lr2B~vbe14w. k#d)yRX[P>aEED`91+Nb bx,#85#>{6Jc>XQsua/*Ydg2kg
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: 2e 46 ba fe 76 38 5a d6 30 7b 34 9a f3 da 76 4e f2 36 ae f1 31 b3 b2 2a df 27 e3 0c 80 05 c4 a4 ff 2f ef 11 29 23 bb 28 b0 b2 cb 4b f0 c3 a3 2a a1 0a 66 36 07 03 50 86 93 05 c8 34 d0 23 c6 32 ca 8c 9c ba 7d 4a 51 9e 33 d6 c7 c9 d2 49 92 4c d2 20 bf 71 c6 4a 02 cc a4 65 30 10 ab 31 51 4c a2 04 4b b9 43 d6 c2 7c 6c c0 be 81 42 53 17 48 99 91 71 c7 24 66 27 8c 45 71 8e 0b 77 10 b8 52 44 5b 4b 8c 32 53 0b b5 13 35 7a 20 ca a4 7a 8d 28 70 34 a2 0b 53 e9 7a 31 7e 72 d6 4b f4 3a 7a 8c b0 2b eb 08 62 da 9f 39 2c 8e 67 ba 40 6c db 87 ca 44 d8 5b 5b a7 de 9c b2 4e cf 68 0b ca da e7 ab 81 b2 83 c6 83 2e a7 4b e6 75 bf fb 97 c5 8a ba ab 80 22 79 8f 13 75 c9 04 59 52 2a 19 66 d8 76 e2 2e 46 a8 4a cb fd b0 be b2 d1 34 7c f4 bf e4 b8 3d 14 b4 84 1a 1a 0e c4 c4 54 9b bf
                                                                                                                                                                                                                        Data Ascii: .Fv8Z0{4vN61*'/)#(K*f6P4#2}JQ3IL qJe01QLKC|lBSHq$f'EqwRD[K2S5z z(p4Sz1~rK:z+b9,g@lD[[Nh.Ku"yuYR*fv.FJ4|=T
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: 02 94 b1 2e 8e 8a e1 70 ff ec 9c 29 7b 74 70 8a 1e b9 53 a0 08 92 ef 4e 60 64 f3 09 33 56 83 cc 6a c9 c9 78 ce 77 44 39 4d d2 d7 7d 05 92 1c 2b 44 9f ee 47 fc 16 f4 29 d7 8b 97 90 b9 11 c9 8b d8 c9 f8 28 ef 2b b7 12 43 46 f3 ea 83 3a f5 ef 21 4b 9c ec 46 1a e2 87 92 f8 54 88 23 34 f5 5d 5e e5 64 ca 02 d3 0e 6d 25 87 90 19 75 39 b7 34 d6 46 be 31 0d 77 a0 d9 96 36 f1 31 31 26 6d db 6e a8 2c e5 f8 49 88 f6 ca e4 8c 76 56 4c 2a b0 fb 7a ef c2 d2 ac 9d 84 65 67 fc b8 cc e6 cc 9d 96 7f 68 c2 0e 6b 87 98 21 3f db 0b 3c 85 c0 01 07 30 3f 0a 20 86 8c 5a 92 20 f6 16 64 66 06 dc 9c 93 19 01 23 21 86 45 c7 5b c2 89 a7 6c f6 af 46 73 9b 42 f8 3f ce c9 ee fe fe fb 4d c8 ee 1c 11 65 f7 30 1d 5d 4c 08 32 14 3d 26 93 b3 f3 b3 47 8f be c5 77 52 e0 5a 97 d9 01 ea 1e 97 18
                                                                                                                                                                                                                        Data Ascii: .p){tpSN`d3VjxwD9M}+DG)(+CF:!KFT#4]^dm%u94F1w611&mn,IvVL*zeghk!?<0? Z df#!E[lFsB?Me0]L2=&GwRZ
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: 14 32 a6 9c f4 12 64 33 02 63 86 79 60 98 ad 77 14 fe c9 8c ae 5b ac b4 89 31 a9 5e 0e 19 2d a9 00 1a 37 4b 55 90 58 88 6f 0a 33 1b 9a e3 ba b2 75 dc 27 89 50 a5 98 56 ce 26 11 c8 3a 43 f8 58 7c a6 32 40 19 36 85 b0 56 90 94 a5 b4 2a e3 10 32 72 17 b5 83 1d 19 7c 99 6a e1 95 29 e9 f7 52 ce 01 64 95 bb a8 9d 61 fe 8d d3 49 a6 ad f3 1b 94 ea 6c 83 49 35 8a 5f 2e f6 21 96 e5 2e c2 e2 a2 20 fe a2 66 4e 58 3c b7 6a 2e fa 77 ed a8 85 74 ae 8e 1b 4e 3c 10 e9 93 05 77 71 a7 3c 3b 38 38 38 3d 3d 9e 8c ca 2d 88 7d c0 08 d9 fa ea ca 13 4f 3f f5 d4 1c 66 3d 50 1f 73 1a 8b e9 9d e3 0f f6 ce d7 9e 7f fe cd 17 06 77 f9 77 c3 5b 3f e7 55 9f 8c e1 73 a6 8e 76 d3 42 aa cd 5c 9c 53 55 a1 51 c9 cd ac 49 15 ab 60 35 30 ba 4a a8 f5 ed 54 6b c5 a8 c5 86 76 ee 52 09 d2 1d 90 09
                                                                                                                                                                                                                        Data Ascii: 2d3cy`w[1^-7KUXo3u'PV&:CX|2@6V*2r|j)RdaIlI5_.!. fNX<j.wtN<wq<;888==-}O?f=Psww[?UsvB\SUQI`50JTkvR
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: d3 56 40 b6 82 ef 90 c9 18 21 bb 63 76 b1 9d 68 51 a9 a9 46 c2 5e bc bf b7 93 28 93 30 c6 3d 00 86 0e 3b 15 77 8a 37 c5 12 21 05 32 d8 74 37 0d 88 ff b8 61 1a 68 71 cf f5 a3 f1 90 12 2e 76 05 5d 9e 11 32 4b 3f 99 6e 63 37 3e 36 5a 29 28 e4 b5 1e 7a d4 d0 39 a6 5b 19 e8 36 33 08 bf 4c 4e f6 c7 37 7b 93 db 47 47 df 6d 17 3f c8 14 cb e5 ef 04 63 e5 69 02 0b 31 7c 12 57 c8 f5 f7 6d 16 87 ce ce de 3e 38 38 3c 06 db 2b 14 26 fa fa 06 07 9f 76 b5 c2 2a 5b 7b cc 1e 2f 9a 29 9b 6c 45 ca 2e ff 2c 97 e5 b6 b5 f5 e2 ad 2a 1e 31 0f d0 ea f7 bc 7e dc c4 ff 25 64 1d 42 9d 4d 9c 92 ef 6d 6b 1b e8 84 26 1e 2a d6 ae 86 8b 03 04 8c db d6 a9 42 86 bc ab 90 51 22 34 e6 c1 7e ac 51 06 91 43 9b 2c f0 03 15 32 c7 f7 1d ab 93 d5 1a 19 6d 9a b0 4a 93 34 12 79 cf d7 59 7a 01 3e 48
                                                                                                                                                                                                                        Data Ascii: V@!cvhQF^(0=;w7!2t7ahq.v]2K?nc7>6Z)(z9[63LN7{GGm?ci1|Wm>88<+&v*[{/)lE.,*1~%dBMmk&*BQ"4~QC,2mJ4yYz>H
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: c6 78 f9 4e 46 53 2a 97 1f 73 16 57 51 48 32 76 46 87 0c 27 73 4e 02 34 0a c2 a9 05 32 94 dc 28 3d 5a 34 c2 8b c4 da 72 27 ab d8 c7 7c a7 b2 c9 ac a4 8f 1a 1f 21 2f ba c8 7c f9 a5 74 e0 28 c5 73 3d 78 b1 0c cb 64 d2 b1 93 71 95 0f c7 b7 18 25 db db 38 f8 51 b5 af 80 2c 44 4e 46 49 f8 7d 9c 81 2f c3 cb d4 82 f4 00 29 c2 4e ea a2 3b 27 63 ac 9a c4 45 d3 6c a4 6e fc ea d5 a7 c9 c3 a6 a9 9b 87 a9 c9 6b ae 77 b7 ae 4e da f7 87 dd 97 2a 73 11 e5 0c 02 b2 90 8e 2e f2 69 b6 de a6 4d 08 7e 22 7d 59 01 e5 4c 1a 8c d4 2f 0a d7 fd cf 80 96 86 2d 03 d6 69 36 7b 7b b9 25 4c 38 4b af ae 89 ae 3f bd b6 f7 64 03 ed d0 9c 45 82 70 c8 71 b2 74 b9 19 c2 1c f7 80 81 51 30 bf 10 62 f8 3d b6 93 39 35 3e 14 67 cd 46 52 ea fe f0 34 f9 f0 aa f3 2e a0 85 0f 77 9e de 3d bd f7 43 4d
                                                                                                                                                                                                                        Data Ascii: xNFS*sWQH2vF'sN42(=Z4r'|!/|t(s=xdq%8Q,DNFI}/)N;'cElnkwN*s.iM~"}YL/-i6{{%L8K?dEpqtQ0b=95>gFR4.w=CM
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: cd 77 9e be 26 8c ec da 07 54 56 75 58 e2 43 6d ba b8 a2 5b 19 cd 70 e9 a7 a2 53 b7 d9 a0 f2 39 80 ac 5c ad 14 ef e2 2b c6 18 b2 7f 8d 74 1b b3 23 62 da aa 2a bd 99 11 62 c3 a7 8b 13 99 0c 1a 1d 14 c4 8e d2 e3 83 20 0b c2 90 46 64 c0 d8 25 df 7d 67 f7 be d7 37 5c a2 69 a7 d1 58 13 ab 38 2b ad 8b 05 82 8c f4 f4 54 61 b9 fa 0b 30 76 6d 7b fb de 7b ef 89 df 3a 49 4d 7d bc ba 32 48 47 da a5 3d 3b 63 df 6c 97 6f ef 59 d9 72 89 29 93 9d cc 70 0c 3a e9 f4 4f 24 f8 8a 5e 39 8a 39 1d 73 22 56 56 6e 62 ac 43 e7 c9 f0 a6 06 8c 03 13 1f ba b9 32 1e 9e 49 db f3 0d 07 2f 12 c3 1c b7 2f 7b 7c 8f 8f 7a d0 f6 bb 7b 01 85 8b 9f 5f ba f4 b9 eb 7e be ba 7a de f5 7a 5e 06 f6 d5 6a ad 35 1b ad e5 85 0f a6 1a 5f ef e5 e9 7c fe b5 64 fa e9 8d 2b 24 84 4c ae c2 37 35 90 c9 59 7c
                                                                                                                                                                                                                        Data Ascii: w&TVuXCm[pS9\+t#b*b Fd%}g7\iX8+Ta0vm{{:IM}2HG=;cloYr)p:O$^99s"VVnbC2I//{|z{_~zz^j5_|d+$L75Y|


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        96192.168.2.749829203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC387OUTGET /im.qq.com_new/de9c920b/img/guild-2.bb8e2315.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:50 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 57081
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:50 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 94e28402-7010-4f7e-9b4c-94677eb9b746
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f8 08 03 00 00 00 b7 f2 33 ea 00 00 03 00 50 4c 54 45 00 00 00 4c 76 87 45 65 78 2b 1c 16 43 26 18 52 2f 1b 8d 8a 88 87 85 87 47 5d 67 3c 28 20 5c 67 6e 61 47 35 3c 22 14 70 78 7d ae 98 83 22 18 14 0e 0c 0b 29 1d 18 61 88 9c 5a 32 1d 1a 12 0e 51 2c 19 56 2f 1b f6 f5 f1 4b 29 18 a6 a3 a1 2e 24 21 5c 85 99 97 b1 be 52 7d 90 5f 34 1d 64 38 20 46 26 16 75 9b a8 4c 79 8c 3a 1f 13 a3 ba c5 a4 9e 9a 65 3d 25 32 22 1a 40 22 14 85 a6 b4 91 ad bc 38 27 1f 35 2b 27 f4 f0 eb c5 cc d3 56 81 94 9e 99 97 5d 39 23 a4 b6 be 7a 9f ab 8d 8d 91 6a 41 29 9c b6 c2 69 92 a5 6c 3d 22 22 1f 20 c2 c5 cc ad a8 a5 b8 b2 b1 19 17 17 76 41 26 32 1a 10 b1 ac ab 62 8d a0 a5 a7 aa 41 2d 23 9e 9c 9e 47 74 87 8c a9 b7 97
                                                                                                                                                                                                                        Data Ascii: PNGIHDR3PLTELvEex+C&R/G]g<( \gnaG5<"px}")aZ2Q,V/K).$!\R}_4d8 F&uLy:e=%2"@"8'5+'V]9#zjA)il="" vA&2bA-#Gt
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: cb 1a cd 82 1b b1 52 17 06 58 aa 85 f5 8a 7b 87 3c ab 81 15 fa 4a 1a 8d 65 6d 2b ec b5 83 eb d7 ae 4c 58 6d d1 77 df 55 7e 53 ae 13 81 92 c4 e0 f2 52 53 16 ed a9 53 c0 ef 11 52 a7 d9 fa f3 3e 5b 58 e2 34 83 d0 d8 0c 1a 1b 77 6e 26 c6 a6 4a ff 64 33 16 c7 44 da e8 3d a0 e1 ed a4 04 33 d1 69 b2 db bc 81 c9 c5 b3 f6 b2 b6 8e 91 b0 a7 0a af 6b 81 8d 06 70 70 db dc b5 bd 7b 1f 3c 8c fb 3e 9f 5d 5a 9a f4 f9 d2 99 2a 1a 5f b3 68 b4 19 0a 11 36 8e 93 68 3c 08 a0 e1 59 30 08 bb 05 19 1b 22 a4 27 b0 b5 6a f0 4e af 4e 27 c3 8b eb e1 78 3c e9 34 59 09 1b 13 51 76 ab 5d 4f 5d 8d da 22 21 0f 7a 32 47 d3 bc e8 d9 d4 98 4d ca 9a 6c 30 a5 9a c3 c9 64 2c 1c 37 45 cd 45 10 cc 16 b5 d9 ae ec ec 65 b9 3b 46 c3 c6 63 a9 e6 78 69 48 8e 2f 86 96 7d 4b 2b 76 4a 47 8c 4b 81 cd 4d
                                                                                                                                                                                                                        Data Ascii: RX{<Jem+LXmwU~SRSSR>[X4wn&Jd3D=3ikpp{<>]Z*_h6h<Y0"'jNN'x<4YQv]O]"!z2GMl0d,7EEe;FcxiH/}K+vJGKM
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: b2 bb 2d 34 a9 4a 63 b9 3e 03 6c e9 5e a5 36 c9 da 06 6b 0b cb bd 29 2d de ca 50 f7 57 be 56 de d9 f0 c9 48 30 3f 18 08 b2 ba d9 89 48 cc f9 cf a7 51 79 66 8c e9 fc f9 f2 72 32 ee a8 77 14 64 98 7c 29 2e 17 5d ba cc fc fc 1e 44 06 cd e8 4d 28 dd a5 90 2b 2d 6e 68 c0 fd dd 2c cc bf e4 fe c3 03 0a 92 0f 9e af 3c 7e 06 b3 c5 c3 17 6c ee 72 62 cb d3 66 77 5f 6e 6b ad 6f 0f 75 f3 c7 48 41 1a 88 76 fc e9 ff 07 db 92 cf a7 37 dd f5 e9 63 7a 34 cd c4 28 9e 4e 8f 49 17 0c 58 59 db 3c 6e 65 ae 74 c9 f0 d8 5a ac 5e 83 da 1b 98 89 21 b7 2c dd d9 fd 88 fb 7a 39 8b 0d 42 4a 94 86 f1 a2 9f 3e 45 15 c7 a0 5a c8 a1 33 e8 45 b0 8d 28 6e 45 4a 6d a4 01 c4 f9 b3 98 38 5b be 48 b7 e9 29 b6 a9 29 b8 61 f3 c4 af 5b 54 46 79 c8 37 76 60 b6 aa b0 45 92 b8 69 04 a7 6c 55 52 6f 0a
                                                                                                                                                                                                                        Data Ascii: -4Jc>l^6k)-PWVH0?HQyfr2wd|).]DM(+-nh,<~lrbfw_nkouHAv7cz4(NIXY<netZ^!,z9BJ>EZ3E(nEJm8[H))a[TFy7v`EilURo
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC8462INData Raw: bb 28 d0 47 74 62 75 f3 9a b8 4c c9 ff ce 3d a4 e1 26 b9 33 6c 02 0b 5c 86 b1 0f 37 1d e1 df c9 19 76 b4 e7 98 ea f7 2b a3 37 7a e9 9e ef db 69 a7 3b 1c b6 4e 67 39 f6 01 7a c3 e5 e6 d7 d8 c2 0e b9 1d 7a fd f5 83 42 1b 46 0d 4a ff 35 66 54 7b 39 39 3d 71 d0 47 77 85 68 01 65 6a 84 22 82 82 09 5e 47 36 93 f6 22 36 c1 03 b8 e2 17 5f ec 66 bd 9c e2 20 48 3f 2c 82 8c c9 e0 39 ce 9e e5 05 ce e8 d9 6b 3c 71 c7 d3 0f 3f fc f0 6b 2b 3f 5e 20 be d8 d9 e9 ae 23 b3 a4 cc 91 67 8f 3e 97 6b 75 76 5b eb 47 7e 32 40 8d 69 58 74 da 09 dc 6d ac 0a 2a 63 1b cb 94 ed 0a b7 56 2b 29 ed c0 04 24 92 b1 ad c8 0d 6a ca fe f2 93 fa 9c 9b ca a8 9c c2 88 cd 38 ef e3 d7 06 52 04 25 93 35 b8 4e 14 49 44 e2 8c 51 27 09 59 62 5c 28 89 3a 73 10 37 68 63 be 0d 58 5a d2 07 24 b8 65 c6 a0
                                                                                                                                                                                                                        Data Ascii: (GtbuL=&3l\7v+7zi;Ng9zzBFJ5fT{99=qGwhej"^G6"6_f H?,9k<q?k+?^ #g>kuv[G~2@iXtm*cV+)$j8R%5NIDQ'Yb\(:s7hcXZ$e


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        97192.168.2.749834129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC442OUTGET /analytics/v2_upload?appkey=0WEB04SGH543EALS HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:50 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        98192.168.2.749833203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC387OUTGET /im.qq.com_new/de9c920b/img/guild-1.45f490cc.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:50 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 55620
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:50 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: da969d16-bb02-494d-9e84-23fe5663a471
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 65 5d 73 d2 ca ad 9a ad aa 38 9d fb 46 58 80 36 91 f1 bf b3 c0 51 6a 93 de e0 e9 74 b9 f3 90 b7 e1 43 4f 68 d5 e2 ee 80 8b 9f 51 73 98 51 a7 f9 8b bc e8 91 bf ea 39 98 f5 3a 9b fe 23 28 48 ad d0 f3 37 9f f9 a7 cb f0 66 b2 f7 86 bc eb 30 99 fd 5b aa f7 b8 d5 f3 53 4c 63 98 c1 ec b4 cd ed e6 eb f3 d4 dd ee ad c9 ea 9c c8 f2 a3 cd f7 a3 c4 ea c3 d6 ee cc d7 eb 7a c0 f9 6f bb fa 73 b5 f3 98 ac d4 b1 d7 f7 c9 dd f4 45 9f f8 ad 85 8d bd d1 ec 56 55 6a 81 b6 e9 e3 e2 ec ef e9 ea 4e a2 f2 93 a4 cd eb e0 e2 60 5c 71 2a 31 53 82 bd f3 90 9b bf 66 71 9a da e6 f4 6c 64 77 be dc f7 31 47 98 6e 6c 82 39 3a 56 8e c2 f5 8b 81 9a 7e 88 a9 87 79 8c b2
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTEe]s8FX6QjtCOhQsQ9:#(H7f0[SLczosEVUjN`\q*1Sfqldw1Gnl9:V~y
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC16384INData Raw: cd df b9 f1 12 6c 42 6d bf 9c 8f c2 b1 e4 82 34 c1 46 6a 82 cd cf 20 83 c7 06 f6 6c c0 36 4f ef da 24 24 21 b7 68 13 a5 dc c6 56 91 ac f0 02 6e 2c da 32 ac eb 58 19 84 0c c2 20 d3 dc ed 43 43 c0 06 d7 a0 bb 34 a4 ad b8 f5 aa 87 f7 12 9b b7 9e 66 3d a6 e0 88 0d ec ee 64 28 89 fe ed fd a6 9a 26 0a e0 5c 24 43 6e ba e8 32 d6 bf e2 9b 30 db 20 98 1d a0 86 f0 38 30 c6 2c 1c d8 9c ce 8b 84 1a 0e 7d c8 fb 02 da 46 6d 85 f0 96 67 9d e8 65 5b 94 64 d6 d5 7c 95 e5 85 a4 46 54 96 d4 e7 0a 36 43 db 35 60 85 d7 17 21 13 38 d5 3c f9 05 32 be 94 c9 73 3b de a4 db 5a f0 19 25 cc 62 6b 84 ba 0c 7f 13 10 f1 7f 1c dc 74 09 bc 7f 24 a6 5f 84 86 bb 80 9b ce 4c 1e 7f 73 9b b4 91 05 eb 14 36 11 b1 21 77 23 b6 60 4f 40 92 0e b7 19 89 4d 86 f4 c0 cd 64 c0 03 17 48 11 98 c8 40 6e
                                                                                                                                                                                                                        Data Ascii: lBm4Fj l6O$$!hVn,2X CC4f=d(&\$Cn20 80,}Fmge[d|FT6C5`!8<2s;Z%bkt$_Ls6!w#`O@MdH@n
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: ae fa e5 0b 77 ff fe 77 ed 2d b7 4c e7 43 3a 3b fb 80 4d 8d 5d ed 24 b0 ad 58 41 2f 70 c6 44 35 6d cf ca 3b fb d4 a9 a2 bc 53 5b fb 66 4a 51 66 bf 03 84 eb c0 24 76 56 9b f5 d8 f0 6d 71 a3 f6 13 70 fb 1a 0b 6e ec 33 15 92 6b c0 04 b5 f3 17 a3 3d ed 82 26 6a 48 c8 8e d9 e2 84 5b 65 8c 72 3e 29 2a 4a 5e 9b 77 de 9d e8 5a fc 78 eb d4 35 bf ff ee 8e 7b 79 5b d3 49 35 fb ca 13 0d ba de 81 eb d9 4a 47 24 3f b8 31 97 59 8d 39 6d 0c 9c 69 d4 3a 2e fe c4 e1 76 53 d4 a4 5f 8b da c6 8d 8b ae 99 c5 d8 0b a6 40 6d 24 ba c9 01 36 57 b8 74 5b b3 69 a2 cd 52 fb cf 08 c9 6d e5 c7 16 51 51 5f dd 65 8c 36 51 d4 8a 7b 7b bb 39 bf 3c 90 19 82 50 3e d6 25 0a 9b 29 94 8c b6 d8 32 a7 4c 9a 1e f7 0c b6 e9 50 4b 5a 7e 34 62 15 8b 7a ad a0 66 b1 dd 06 5b 6a 90 c1 46 13 c7 bd f0 79
                                                                                                                                                                                                                        Data Ascii: ww-LC:;M]$XA/pD5m;S[fJQf$vVmqpn3k=&jH[er>)*J^wZx5{y[I5JG$?1Y9mi:.vS_@m$6Wt[iRmQQ_e6Q{{9<P>%)2LPKZ~4bzf[jFy
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC7041INData Raw: c0 68 b6 ec 12 bd 47 26 f4 ac 61 d3 10 09 2d 1b fd 13 62 a3 a0 99 6e fb ed 37 a8 9d 90 2f d8 80 c7 40 f3 0d cd cd 03 03 0c ef 6b a5 9b a8 e5 16 f6 44 ed 2b cc 06 ad a0 79 3f 8d 5b bf 80 b9 60 06 73 c3 d6 78 b7 73 ab 8e 91 40 b3 06 d1 d5 35 ab 1b d5 2d 62 27 87 66 d8 24 b1 73 6a 8b fc 11 6b 8c 19 c7 15 64 ff 2f de 7e 10 9b 15 54 8d 19 34 f9 cd a6 04 6e 30 6c 4f 9a d9 2a 56 8f cc c9 22 07 e3 e6 03 ec 82 d4 1a 86 b1 c8 1a 45 2d 4c 91 c2 2c ac a9 7f 1c 6c 5e 75 e7 36 03 1f 9f 1b 39 41 e3 8c d8 36 3e 3d 7e 63 93 9b cb 34 61 36 62 e4 21 ca 7c 18 d6 af 25 83 fc 01 6c 95 4a a6 b2 5a a2 99 aa cc b1 59 70 46 37 7e 1d dd 08 1b 46 09 9a 01 cb 3a b9 47 1e c9 76 87 85 c6 14 19 15 f2 94 1e 29 30 42 2d ef dc 44 ad 00 35 61 63 4a ba dc 66 83 e3 cd f7 35 6b 0b fe dc f4 94
                                                                                                                                                                                                                        Data Ascii: hG&a-bn7/@kD+y?[`sxs@5-b'f$sjkd/~T4n0lO*V"E-L,l^u69A6>=~c4a6b!|%lJZYpF7~F:Gv)0B-D5acJf5k


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        99192.168.2.749836203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC386OUTGET /im.qq.com_new/de9c920b/img/page-2.f6af1bfb.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC575INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:51 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 1168126
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:50 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ef05cd17-07fb-4311-87c1-3d3393c24d3f
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC15809INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 5f 00 00 06 30 08 06 00 00 00 8d dc f5 41 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDR_0ApHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: 00 67 c8 ba 39 98 c2 0e 7d 76 11 c6 cd 21 3c 07 81 c4 18 d6 94 8f 45 bc 54 8b f2 20 61 45 fc cc e9 e9 6c a8 0d f2 0b 83 a4 d3 3a 98 56 99 a9 e7 fa 2c 65 5e 0e ff b1 67 64 05 76 18 1a 44 09 94 8a d7 4c 67 7e db 33 0d 97 59 26 a1 54 a1 d2 32 f3 da 00 40 1b e8 15 04 9d c4 28 38 89 17 62 c9 d9 08 eb 1a eb 7e 1c bc 00 2e ab 7b f1 22 68 e2 05 ea ab d7 95 62 b8 59 7b d6 79 59 79 22 28 c7 e4 04 8c 29 1d a6 51 0b c9 da 13 07 35 28 d7 d7 f2 ae 48 1e c9 c5 ff 86 67 f8 87 3c 2f 10 96 97 f9 a1 51 46 9a 97 e5 e2 5e 2d 05 62 e6 fd 59 b8 df e8 f5 e3 86 6c 3b 38 a5 5e e1 12 64 b4 44 59 b5 b2 7e 29 b3 e9 58 57 0e 3f 62 b0 65 65 10 19 20 57 ef 9c a5 07 63 48 81 64 6e 77 94 0f ca 41 67 da 29 d5 41 cb ed 9e 96 06 f8 33 d0 5e 46 cf 58 97 9f 78 2a 16 ab 34 d9 44 c6 32 e8 bf 97
                                                                                                                                                                                                                        Data Ascii: g9}v!<ET aEl:V,e^gdvDLg~3Y&T2@(8b~.{"hbY{yYy"()Q5(Hg</QF^-bYl;8^dDY~)XW?bee WcHdnwAg)A3^FXx*4D2
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: ad df df c2 4e 4a 87 d9 ae 80 72 b4 fb 47 dc 6d 10 3c 57 b8 f3 14 a6 df ba 3e c3 7d 4c a3 61 1d b7 c9 1b 81 9e ac b6 36 42 37 1e 68 06 56 03 c1 1f e3 e0 dc 80 ea 81 08 c3 5d 82 b7 c2 66 e4 f5 78 30 40 d9 06 fd 76 47 41 7a 5e 04 3f cc a5 42 3e 03 d3 00 e2 14 64 9b 37 8d 1c 14 1b 8d c4 63 30 f2 a4 ce 3a 73 ff f0 40 34 41 b1 0e 56 48 bc 00 3a cb 2f 40 54 eb 8d 00 f4 cb 01 74 d3 08 64 41 36 07 99 fd bf 51 50 8f 60 1b f0 76 00 7f 00 ce 1c 54 79 dd 0d cc 6a 99 08 c6 e5 bc e5 ef 6d a2 46 8a 89 00 78 b6 fb ce 2f 62 bf d1 10 71 23 4c 81 95 79 77 84 3f 05 b2 5a df 03 78 3f 02 18 cf 80 7d e6 8d 21 04 ed fa f3 30 de 17 3a e3 e1 fd 17 0d c1 ee 15 69 de 28 f2 0d 45 90 36 81 7c a3 01 c4 37 da 24 45 f3 ac f6 3e aa f2 7f a0 60 70 a1 d1 a9 f7 ba 3c 1b 38 17 a0 ab 72 eb ed
                                                                                                                                                                                                                        Data Ascii: NJrGm<W>}La6B7hV]fx0@vGAz^?B>d7c0:s@4AVH:/@TtdA6QP`vTyjmFx/bq#Lyw?Zx?}!0:i(E6|7$E>`p<8r
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: 95 8c ef c7 7a 17 fd 1c c1 c7 63 b1 bf 15 18 c6 3a 07 42 be d6 71 58 00 b8 b2 9d 93 64 28 e4 11 fa ff f4 01 cf 8b 44 a0 3f 06 3c 2e 1f 9b 02 18 f4 6d 9a ff 2f a5 f9 7f e6 b1 d8 f6 69 1e 35 cc ff 33 e5 fc 87 cf ce ff 3f c8 fc 97 fe b3 f3 9f fa 0e c7 89 02 31 9d ff 3a 76 b2 f9 2f 6d 10 de 61 a9 a7 9d 0b 2f 81 95 f8 c6 24 f3 7f 2c df b8 2a 7d c3 aa ac c7 a2 54 0d ef 5d 91 57 ce 82 d8 24 ca 05 02 5e 57 f4 bd 2b 53 9f 38 2b bf c9 c6 f8 4a bc 46 0e 52 d0 ae 4c 6c 97 d5 d6 59 6d 9b d9 d1 14 ef ab 56 75 11 41 1b ee cf af 15 5b 33 66 94 96 01 e1 d5 69 47 be ff b3 8d b7 04 7f 16 fb 6e bc 86 80 8c 8e 8d 7d 38 52 24 4a 95 a8 66 0d d2 26 18 37 ec 9c aa 20 6e 5b 3b 2f 05 5e c0 20 4c e9 1c 60 49 18 fe ae 43 ce 9c c6 e3 4d 7b be b6 16 b5 90 88 9e 42 10 16 68 2e b4 0d 53
                                                                                                                                                                                                                        Data Ascii: zc:BqXd(D?<.m/i53?1:v/ma/$,*}T]W$^W+S8+JFRLlYmVuA[3fiGn}8R$Jf&7 n[;/^ L`ICM{Bh.S
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: 63 9b b4 ba 2b 54 e2 fa 60 3b e4 13 ea d3 6a 43 77 e9 61 68 b5 e7 5e b8 73 f3 c5 1f b8 fa f2 2b 1f fd d1 8b bf fa 22 b9 b4 07 13 d7 79 b5 68 a8 ad e2 dc 38 ef a8 a6 00 58 90 8c f5 ee 11 f8 b2 f1 42 af 80 a1 5b 1a 42 df 68 9c 30 76 d2 f1 a4 b9 63 99 d1 89 46 42 00 a6 b4 15 88 23 0e 44 58 e8 d4 ec f2 1c d3 5f 6a f7 a5 ba 48 d1 74 24 4b 1c 1f 0c fd 6e 6c 97 8c 76 98 96 84 6d 16 d7 48 05 51 80 d8 46 f6 64 72 ce b1 26 76 5d 1b 97 f3 d8 60 28 44 b8 2c c2 04 7e f6 7c a0 7b 1d 07 66 86 22 7c 12 9d 9c d7 a9 06 51 c3 4c 08 98 c4 be a4 27 d2 5a 12 41 52 b1 53 38 b3 f6 24 75 73 ab e9 d6 40 ff 47 8c d0 a8 79 07 02 b6 e4 65 e1 4f 4e 83 36 30 0b 7b b9 37 3d 88 66 60 f9 3c a4 02 bb 08 be 9a 00 97 2d c8 ac 8c ee 0f d2 32 a4 9a df 01 43 54 42 26 d1 b2 79 35 6d 85 53 1b 79
                                                                                                                                                                                                                        Data Ascii: c+T`;jCwah^s+"yh8XB[Bh0vcFB#DX_jHt$KnlvmHQFdr&v]`(D,~|{f"|QL'ZARS8$us@GyeON60{7=f`<-2CTB&y5mSy
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: b6 47 6d ea f1 17 44 2b 89 63 81 a5 de 46 e6 39 db ea 1f cf 3d 21 8a f7 43 d5 7c 12 27 f4 a4 15 45 2a 89 42 3b 5e 7a e6 e5 20 dd 9a 96 80 61 d2 6b 28 00 b0 5a 59 a7 44 0a 86 29 d7 e6 12 a3 19 63 5e 53 4a bb 12 c8 92 6b 14 a2 09 7b 3a 8b f9 05 ec f1 f0 bc 67 9a fc 02 e5 95 62 f0 72 52 10 24 dc ab a9 d5 bc dc a9 0f 95 68 d1 ed c3 6d bb e8 c1 cf 40 9a 75 d8 33 87 69 11 66 e0 ab e9 e1 f2 5a 53 21 9b c0 59 e2 f2 41 13 78 b3 d4 cd d4 b3 94 27 28 71 ee 6d 1e 2e 43 a0 f6 9a 00 3b 9c cb aa 3f 4a 9d a6 5f 13 c2 cf 2e 9a 9c 47 90 8e 91 08 94 0b d4 8f c8 1b e2 e8 e9 db 0a f7 19 d1 93 8d 57 9f a5 60 53 de 61 a2 7e 2c c7 4d 50 37 9e fa ab f6 5f f8 da ba 01 61 ea 58 83 8e c5 5d e8 b6 00 30 4c ec 3e 7e d5 59 1d 60 14 43 47 6e 88 71 27 af 36 5e b9 08 1b e4 9c 93 0d 9a 5c
                                                                                                                                                                                                                        Data Ascii: GmD+cF9=!C|'E*B;^z ak(ZYD)c^SJk{:gbrR$hm@u3ifZS!YAx'(qm.C;?J_.GW`Sa~,MP7_aX]0L>~Y`CGnq'6^\
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: 66 b3 a6 fa d5 93 48 07 53 cc 3b 7a 7d 81 a9 a1 04 52 d1 f2 2c c1 95 d9 62 c7 a2 27 6c b7 84 c9 75 6c 09 b3 be 54 c2 d5 92 ad 91 34 a1 cd 70 40 bb e1 3e 9d e9 dc a5 33 d5 1d 3a db f9 a4 be 2a bc 3f a0 47 fa 27 74 a6 3f a6 3e b8 cc 4c d6 46 4e b1 51 4f eb b7 04 73 64 e0 c2 ad 5d 62 d1 c2 b1 5d 05 9a 7d 71 dd ce c0 58 e2 b1 7c d4 4b 23 68 2c 9b 61 92 04 09 4a f1 df 6e 53 28 4d e2 ca 38 6d 8f 78 fd 5b 4b 3e c3 65 77 cf dc c6 97 a6 60 23 49 4a db 1f 6c 32 f0 1b 6a ec 1e 5b c6 1e bc 7a 9f 8e 78 8e 9d cf a6 46 c5 1d 75 ee 8d 2a b0 e2 05 b0 84 79 bb db d1 58 60 c4 ff 22 87 12 12 1d 77 19 20 f4 fa 48 78 ac fb f0 c2 e7 4a 3c 17 d4 25 b1 a3 48 5d 2c 28 e3 93 29 1d 1d a9 95 4c 84 f8 1e 80 9c 9e 03 4b 9a 27 5c 06 e5 bc 00 bd ca 52 9e cc 35 c9 32 be 07 50 8a 06 38 1f
                                                                                                                                                                                                                        Data Ascii: fHS;z}R,b'lulT4p@>3:*?G't?>LFNQOsd]b]}qX|K#h,aJnS(M8mx[K>ew`#IJl2j[zxFu*yX`"w HxJ<%H],()LK'\R52P8
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: af b2 95 f8 f8 84 9e 78 74 83 76 b6 07 52 47 1d cb 96 7d 72 72 22 d7 05 70 9b 1e 1d d3 ee ce 36 6d ed 6c 89 25 40 2c 7e b8 27 18 0a eb 6c 09 c1 3c 89 f9 9d 5c c8 35 81 58 c8 97 90 77 4b 58 e7 48 e6 63 49 96 1c e1 b6 36 97 24 cc 9b 5b 1b e2 3d 01 ab 17 14 1b 46 67 28 e3 d6 63 d5 62 f1 d2 76 aa d9 b2 d7 e7 67 55 77 46 94 ad ea 6f d1 b4 ee 52 09 ac dc d9 26 b6 fa 9e c7 da ad ef d8 a7 81 aa b5 87 be c6 71 eb 67 5f 07 4a be 36 b9 85 29 2d b5 d2 ae ce 97 58 9e d3 7c 55 ad 87 50 85 41 58 5b 06 1f 0b 0e be d2 38 f3 b1 e4 31 7c eb 9e bf 50 d0 56 46 10 23 56 5e 3e 07 2e b7 98 06 65 dd 43 3c 2b 72 d5 2d 74 0e 04 19 d2 40 12 aa 87 04 be d0 9f 67 73 4d a4 2e b2 03 8f 15 b0 cd 8a 4b 39 18 0d 3b 06 1e 6d ac 38 d9 86 8e e7 90 64 8b 68 b5 e7 ec c5 75 ed f5 c7 6b c3 e4 88
                                                                                                                                                                                                                        Data Ascii: xtvRG}rr"p6ml%@,~'l<\5XwKXHcI6$[=Fg(cbvgUwFoR&qg_J6)-X|UPAX[81|PVF#V^>.eC<+r-t@gsM.K9;m8dhuk
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: 61 ec 6e 74 16 d4 17 d7 d8 1c eb 04 eb 98 00 2f 53 52 29 1e 71 e0 65 cf 69 6c 86 de 46 95 48 b5 0c e4 59 09 f1 89 7b 87 12 5f f3 c8 d9 33 32 07 a2 1c 33 a4 73 e8 f2 18 e8 95 ed 63 ae d8 66 b5 ad 6b b5 80 09 8b 63 c8 36 a2 72 05 f7 b9 0d e5 11 fa 7a 06 8b 27 47 c7 92 03 72 ca e7 02 f4 e5 19 5b cf c4 3c b8 8c 55 9a 7f f0 4b b7 8a 59 60 96 76 11 9b b4 c5 77 d5 54 8a 22 52 82 62 ee 8c 6b e6 d1 75 5b 58 77 6c da e9 5f ca fd d6 1f fd 97 e8 9f c2 ca 18 6c 6f f1 94 1f 63 fb 4e 76 9c cf a7 ba 66 69 99 00 36 56 c7 f9 29 eb 72 eb 7e 8d f3 5a 37 8d ad d3 d2 3c 1f b5 ff 76 7c dc 91 8e 1f 0d db ab 44 59 97 db de ff 6a 79 ab 58 c4 58 91 c7 83 53 72 c7 77 3d 7f ea 45 b6 af b6 39 0f ed bf 6c 95 dd e7 ac d4 ef c4 0d 76 99 e9 10 5b 13 98 97 2a b1 cb da 6f 50 60 74 44 b1 e5
                                                                                                                                                                                                                        Data Ascii: ant/SR)qeilFHY{_323scfkc6rz'Gr[<UKY`vwT"Rbku[Xwl_locNvfi6V)r~Z7<v|DYjyXXSrw=E9lv[*oP`tD
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC16384INData Raw: 25 6c 59 73 c6 ce 7a 9e cd 94 0a e9 8e 31 4e b8 4f a0 b6 00 38 e9 73 fc 0c bb a7 95 32 01 bb 5b 55 56 9c 74 cf dd b7 a6 cb 63 14 e5 01 ac b7 60 b5 75 d9 c1 5f b3 29 19 a4 9d 5a 7f 7c 9f 99 d9 39 da b3 b8 98 c6 4b 2e 7f 6c 3e cf 25 f5 d0 3c 1e 28 f7 51 9d bb 18 7c 7d d6 ca 67 c0 e7 70 71 cf 2c 5b b1 66 e2 da 66 2f 2e 09 f9 c6 6c ba a9 90 72 80 78 7e 7d 2b 7e f2 e2 7c b8 31 35 17 c5 fa 75 80 c7 cb 5a a6 9c 4f e7 b7 a8 e7 d5 f5 10 d4 f3 97 25 fe 0b d6 2f b0 63 1f 71 d4 75 44 81 97 87 b5 e0 f3 e2 cc 9a 24 5a 46 ec 57 b2 82 d9 fd 9c fd b0 8b 24 cc c9 88 90 e9 e7 4b 17 44 cd 71 7b 5c 18 10 67 f7 df 19 b3 31 2c 83 ae 73 05 e8 a2 e4 62 a8 f0 2a 25 5b 26 07 5b 67 f2 3e cf d7 8b 18 30 9c b1 ac bf 1b db 4a 96 ff 33 18 53 eb 97 e3 0f 9f 93 fd bb 6d 69 15 52 99 c8 fa
                                                                                                                                                                                                                        Data Ascii: %lYsz1NO8s2[UVtc`u_)Z|9K.l>%<(Q|}gpq,[ff/.lrx~}+~|15uZO%/cquD$ZFW$KDq{\g1,sb*%[&[g>0J3SmiR


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        100192.168.2.749835119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:50 UTC670OUTGET /im.qq.com_new/de9c920b/img/guild-logo-4.2763deef.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:51 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 11928
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:50 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 74b47690-db51-4fdc-843c-97aecaf8d0e5
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC11928INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 03 00 50 4c 54 45 00 00 00 31 39 5f 23 27 3b 5a 5c 8c cd d1 d5 32 38 64 db df e5 4e 52 b9 25 2d 50 22 26 47 23 2c 53 68 9b d8 33 3e 64 26 2d 4d 1e 21 3c 3d 49 78 1a 1e 33 4b 51 ab 3c 43 7f 48 5b aa 3a 44 71 c5 cb d1 f6 f9 fb 3b 45 9b ff fd ff 2a 2b 3b 17 1b 2a 1d 22 31 2c 2d 3e fc fd fe 25 27 38 29 26 34 16 18 25 23 25 33 3b 35 43 13 15 21 2f 30 42 1c 1e 2c 2d 2a 37 41 38 46 31 2d 3c 2c 33 4c 20 25 45 25 2c 44 1f 24 3c 37 31 3f 1f 24 35 23 29 3f 31 38 51 1b 20 38 3e 42 5f 29 36 56 48 53 7c 37 4a 76 3d 4e 7d 30 3f 6a 36 2e 38 49 52 73 37 3e 5a 33 41 62 2a 2f 47 33 33 46 2d 3a 64 50 58 93 3d 4a 6c 41 47 65 4d 59 7c 34 44 6d 40 56 88 32 3a 57 25 30 4e 4a
                                                                                                                                                                                                                        Data Ascii: PNGIHDRyy*$~{PLTE19_#';Z\28dNR%-P"&G#,Sh3>d&-M!<=Ix3KQ<CH[:Dq;E*+;*"1,->%'8)&4%#%3;5C!/0B,-*7A8F1-<,3L %E%,D$<71?$5#)?18Q 8>B_)6VHS|7Jv=N}0?j6.8IRs7>Z3Ab*/G33F-:dPX=JlAGeMY|4Dm@V2:W%0NJ


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        101192.168.2.749838203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC387OUTGET /im.qq.com_new/de9c920b/img/guild-4.cf504f86.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC625INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:51 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 53552
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:51 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: bfc859265867bf97010bbc84b7145b6f
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 0b5149fa-0617-4418-8beb-2506aefe72e7
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC15759INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 f7 50 4c 54 45 29 2c 4a 97 a4 ca 1c 1e 35 2d 27 38 37 52 91 30 30 46 7f a2 dd 4c 67 ab ab d3 fa 45 5b 91 5f 73 b7 3a 47 73 7a 8e dd 14 1f 3d 76 85 ca 2f 3c 74 66 76 b7 2c 40 6a 91 aa e5 9e c9 ee 4f 68 a6 20 20 32 08 0d 20 32 2b 3b 22 1f 2e 07 09 18 19 19 29 22 23 37 37 2e 3e 1c 1c 2f 28 22 32 2d 26 36 1f 1a 29 02 03 0e 0d 15 31 0a 10 2a 0f 19 39 28 25 38 18 14 23 23 26 3d 3b 32 43 2c 29 3d 30 2d 43 14 19 32 0f 11 22 1a 1f 38 11 15 2a 18 24 46 12 1e 40 26 2a 44 11 0d 1a 2e 30 4b 41 36 48 23 34 60 1e 2e 58 2d 3b 63 24 2d 4d 18 27 50 43 3b 4e 2b 35 56 4b 6c b7 e0 d3 d5 d8 b9 c1 da cf d2 36 35 4e 8d e9 f8 64 8f e3 50 71 bf 4a 40 53 46 63 b1 e1 c9 cf 57
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTE),J5-'87R00FLgE[_s:Gsz=v/<tfv,@jOh 2 2+;".)"#77.>/("2-&6)1*9(%8##&=;2C,)=0-C2"8*$F@&*D.0KA6H#4`.X-;c$-M'PC;N+5VKl65NdPqJ@SFcW
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC16384INData Raw: b0 55 4e 41 61 53 11 f4 05 25 93 e1 e8 94 2f 14 c0 5f b7 a7 5d dc ec 8d 31 45 5b 85 6c 95 91 4c 9a d8 d4 dc 0d 2a 8e 36 b3 b1 85 24 0f 25 30 33 f3 01 2e ea 25 38 c3 b2 d5 46 4b 73 c3 3d 2b b8 51 60 a0 60 90 a3 15 5d a0 e4 46 e3 47 80 25 97 a1 45 50 5b 01 65 2a 13 06 4a 6a 39 d0 60 3a b1 ac 3f 2a c4 2c b7 09 37 01 7c 96 d2 4f 62 f9 45 7e 39 3c 65 25 62 12 cd 00 8d 56 49 bb 0a d1 bf a8 4d 61 53 72 93 12 d7 5a 2c 9b bc ed 16 d8 b5 3b db d8 40 0e 17 d9 c8 1f d2 b7 6a d5 aa ce ae 1e e9 94 4c b1 1a 49 2f a9 75 dc 31 92 44 3f 8f 7f 6c 7c 82 e1 e4 c4 d6 a1 35 6b d6 7e ba fa 80 70 bb 95 6f 48 02 ba af c1 af 27 e7 e2 91 9f 4e d4 b8 1c ad 75 de 91 58 8c ab 4c 52 f3 23 10 5d 38 fa 5e 7d 20 20 d8 e0 12 1d 48 b2 51 49 49 f6 8e 44 a3 a1 fa 90 83 69 78 a5 05 ed f3 16 78
                                                                                                                                                                                                                        Data Ascii: UNAaS%/_]1E[lL*6$%03.%8FKs=+Q``]FG%EP[e*Jj9`:?*,7|ObE~9<e%bVIMaSrZ,;@jLI/u1D?l|5k~poH'NuXLR#]8^} HQIIDixx
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC16384INData Raw: 64 74 e8 24 a9 48 0e bf e7 8b 5b 6a c0 76 65 de 22 b0 29 e7 6e 60 84 c2 40 2f dc 3a 57 ec dc 79 e3 46 f3 d5 dc ad 44 91 81 d4 fe e3 ea 5c ba 7c cd f1 c9 cd 4c e2 e3 aa da d4 59 0b 77 ae fc e1 f6 0f a3 36 b0 4d 99 4e f4 2f 6a ba 28 2c 6a ba 21 3c 8b d1 c0 ff 7c 9c a8 64 0a 45 93 1d 75 cf 3b b9 b5 fc 5c c2 7b a9 65 71 b2 cc f4 86 ab ac 75 c1 be 59 1e e3 de 16 37 5f 4b 26 a9 5e 26 93 38 cb 7a b0 49 6f 9a be 61 d8 4a d4 15 74 0e e9 9b da 25 d8 a9 92 4b 83 15 a2 76 d3 09 ae da b8 95 ae 9d 30 61 ed 5a 04 e6 8e b5 96 f3 bb 6a ca a5 ce c0 36 d4 4f 1a 37 9e b0 4e 62 f6 f6 d8 c4 ed ff b1 81 cc 6a 23 6f a3 36 cc 8b 0d 62 f6 f1 17 3f fc 63 9f 10 1b 62 33 6e 60 53 71 6b 0c d8 30 5e 14 b5 46 82 6d cb 96 8c 79 57 4e 6e 59 74 1f a6 0a 57 f1 95 86 6b b8 af 17 a6 af 67 4b
                                                                                                                                                                                                                        Data Ascii: dt$H[jve")n`@/:WyFD\|LYw6MN/j(,j!<|dEu;\{equY7_K&^&8zIoaJt%Kv0aZj6O7Nbj#o6b?cb3n`Sqk0^FmyWNnYtWkgK
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC5025INData Raw: cd 01 19 0e 81 4d e8 ac 20 50 aa 47 66 c2 93 6c 83 7f d0 a5 5a 00 13 26 d0 ea 4a 15 f6 56 7e db 6b ed f7 f9 b2 37 70 ae 57 ed 86 22 e7 b7 05 91 dd f2 2c 48 0a dc 2f 11 35 90 c5 e7 00 27 3a bf a9 e2 b5 cf 48 ac 4f ca 22 6d 71 2f 52 4f 5a 51 c3 7e a7 72 ce 35 e8 ff 25 45 57 01 0c 94 15 f0 49 0c e4 ec 86 42 af c9 6d f0 0a b0 8d 82 03 0a 4d 13 1d f4 87 1b 69 a4 42 a5 41 8b dc 06 2c f7 8d 67 93 07 ac ac 3f ea 00 b8 81 4c 4f 70 0a cf 27 25 e2 25 6e a3 ed ab b1 0d 6c d9 60 cb 06 1c 69 09 af 7e a8 e9 a0 ab 07 57 37 67 f2 45 d5 39 d5 10 13 b7 8c c1 d6 8c 8c f3 97 b6 f4 49 ed 0d cb b9 38 03 16 61 33 c7 cd b6 ac 12 6c 8c 69 a9 36 01 5f ce 9b a1 ae 3c 8b 9e 64 a5 2a 67 5f 5a 5a 4f 59 4b 4a a6 35 df c3 a9 bb 9b 68 dd 2e 39 6a aa 8e cd f0 c6 9d 45 cc 66 69 89 c7 06 37
                                                                                                                                                                                                                        Data Ascii: M PGflZ&JV~k7pW",H/5':HO"mq/ROZQ~r5%EWIBmMiBA,g?LOp'%%nl`i~W7gE9I8a3li6_<d*g_ZZOYKJ5h.9jEfi7


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        102192.168.2.749837119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC665OUTGET /im.qq.com_new/de9c920b/img/guild-5.fe6684a7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:52 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 62227
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:51 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 87275fcf-812a-4c25-b7a4-415613081de2
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 0c 0f 10 65 70 77 0e 10 13 1d 23 25 ff ff ff ed f5 f9 28 2e 31 4d 56 5b 41 49 4d 32 39 3d 18 1c 1e 20 24 26 0e 12 14 0d 10 12 10 14 16 12 16 18 0b 0e 10 03 04 04 05 06 06 14 18 19 14 19 1c 09 0c 0d 17 1a 1c 13 18 1b 11 13 14 fe ff ff 28 2e 30 07 09 0a 1f 25 28 23 2a 2c 1a 21 24 26 2b 2d 17 1c 20 18 1e 22 21 27 29 1e 22 24 2a 2f 33 2b 31 35 18 1d 1e 15 1b 1f 1a 1f 20 27 2c 2f 1c 21 22 39 40 44 2d 34 38 32 39 3d 2f 36 3b 24 29 2a 1c 23 27 3b 43 46 36 3e 42 3c 45 49 0b 0d 0d 3f 47 4c 20 28 2c 21 25 24 34 3c 40 24 2c 30 14 16 16 50 5b 60 44 4d 52 42 4b 51 49 53 59 4b 55 5b 27 2f 33 47 51 57 30 37 38 4d 57 5d 41 49 4e 52 5d 63 45 4f 55 55
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTEepw#%(.1MV[AIM29= $&(.0%(#*,!$&+- "!')"$*/3+15 ',/!"9@D-4829=/6;$)*#';CF6>B<EI?GL (,!%$4<@$,0P[`DMRBKQISYKU['/3GQW078MW]AINR]cEOUU
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC16384INData Raw: 66 4f 69 a4 33 c9 0d b7 0c b1 0d e0 e4 32 e1 23 15 84 4d 21 7a 5d e4 25 c1 be c7 50 db 69 98 98 d0 2b 13 4e c4 c4 c6 c4 c4 46 0c 5e 33 54 44 ee 3e 7e 42 a7 d7 e8 23 aa f0 17 18 34 5e 9c 01 36 b1 b5 4d 0c 23 f0 a9 69 f0 1f f9 a1 b8 70 16 9c c1 df 79 df 82 52 d3 98 eb d9 b4 e2 ad 70 70 74 f2 75 0b cc ca 4a 39 17 ef ad 18 08 d9 dc 3a 36 90 ca d8 8c 5e 12 ea da 1a 89 86 7f 64 5b 9a c9 9e 96 b0 01 1a a8 3d 4f 87 da dd 18 1f 6f bc f4 f6 c3 9c 3f 9e 56 94 44 97 44 6a 31 de 5a 57 5b 50 db 3b 37 77 0b e3 5b 8b 16 af 39 b4 cd f6 56 d8 ef 7d c3 21 f3 6c cd 68 4d 7d cd e8 34 cc a8 36 60 a3 33 7f 40 8d b0 99 f1 72 db fd 2b 88 6c 59 84 ae ba aa bb 21 01 3f 26 44 fe e4 c1 b6 15 b5 b7 26 41 b3 57 93 ef e6 e1 73 08 69 88 f1 60 a7 63 d8 ad 78 94 46 94 69 f5 97 4f 4e 60 6e
                                                                                                                                                                                                                        Data Ascii: fOi32#M!z]%Pi+NF^3TD>~B#4^6M#ipyRpptuJ9:6^d[=Oo?VDDj1ZW[P;7w[9V}!lhM}46`3@r+lY!?&D&AWsi`cxFiON`n
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC16384INData Raw: f8 3d 60 aa 3a 4b 9a 86 04 1e 4d d7 23 5a b6 1c 8c 22 98 aa d5 54 74 2d 6e d8 2c 0f 4c 08 db 52 4c 52 99 72 5d 95 d5 64 9e 02 12 ed ea a2 c8 47 9b 98 9a 71 2c ab d8 94 bf cd f4 5d 06 68 74 f2 fc 28 06 a0 c6 8f 92 4d 84 62 25 5d b4 69 e7 a3 ca 5d 9b 66 a6 a6 a7 a7 a6 b7 4d 4f 4f 1f 94 f4 4b 46 47 37 5d 7e 68 6c 44 b0 4c ff 79 20 e4 58 b4 74 10 c3 76 e8 9b 73 ef 5e eb 5a 6d 26 9f cd bf 44 a0 e1 b4 4d 69 db f5 c2 b6 dc a4 da b8 55 4a 57 96 78 5f 49 48 f2 0a 25 2c 80 7d 48 37 f4 b3 0f 10 d6 03 61 32 a1 87 c6 e9 6b 90 a2 6d af 49 dd 8e 81 0d 51 d3 4d ec fa 4f 6e 68 5f dd b1 ba ad 8d 78 a3 ad 3c c8 36 a5 52 f3 64 32 c5 7a 72 15 94 11 9f ce 6b cb a6 3e 6e 70 26 a9 01 1d 1b 24 f7 6e de 31 c1 f2 de 1d 7b f0 6e 70 6b 29 0e 32 cd 45 8a ba d6 9b 04 5b 2e 1e 57 e5 2e
                                                                                                                                                                                                                        Data Ascii: =`:KM#Z"Tt-n,LRLRr]dGq,]ht(Mb%]i]fMOOKFG7]~hlDLy Xtvs^Zm&DMiUJWx_IH%,}H7a2kmIQMOnh_x<6Rd2zrk>np&$n1{npk)2E[.W.
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC13545INData Raw: 14 37 8c ad fe fc ea 2a d4 56 e7 19 62 d1 20 6a e6 22 85 62 c9 e1 bb 50 bb 7b f7 d3 37 2f e2 41 fe 31 3d 43 e6 7e 9c 5c 0b 4e 40 ac b9 a8 73 f9 7e 2b c5 e9 65 9a bb 50 24 bf f8 ce e0 48 1f 19 be c5 02 af e4 ac 5d ea ee ec 72 d2 23 59 de 52 7e 83 d5 99 8b 82 53 f9 e2 9a 76 64 90 5b 78 48 64 6d 02 b6 9c 04 1a 37 6f 18 36 de 98 3d bd 4e 09 b2 e1 83 0a 6c e5 a5 a5 cc 11 11 07 5d 5c 45 e4 ee 27 0a a9 ed 2a 87 c6 d5 dc 6c 58 2b 29 9e b3 b3 a1 7c 1d 6c a6 6d e9 9d 58 ac e7 48 4f cf c7 62 ad 4b 3a 65 30 07 4d 09 0d 27 95 c7 76 5a 08 9c 7a 9a 4c 7d 1c b6 0e 57 03 d5 f2 ac 24 24 6d 75 56 a6 fd 9e 30 53 93 41 59 b3 f2 8f 63 37 e3 16 bc e5 24 70 0b 8a 19 27 a9 64 c4 4c 24 12 04 dd 26 3d 27 7b e6 18 3b 4e ad 44 33 86 d6 46 fb 09 9b b8 d1 f8 12 2d 10 8a eb 1a c4 dc 0d
                                                                                                                                                                                                                        Data Ascii: 7*Vb j"bP{7/A1=C~\N@s~+eP$H]r#YR~Svd[xHdm7o6=Nl]\E'*lX+)|lmXHObK:e0M'vZzL}W$$muV0SAYc7$p'dL$&='{;ND3F-


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        103192.168.2.749839119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:51 UTC670OUTGET /im.qq.com_new/de9c920b/img/guild-logo-5.87d757fd.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC469INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:52 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 9080
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:52 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ac86a0b5-6f1d-4367-8b64-9dfcd9b184ee
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC9080INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 02 f4 50 4c 54 45 00 00 00 0c 12 16 c9 d7 e0 f1 fe ff fe 54 44 9f ae b7 b0 bc c3 ff 8b 5a dd cc c5 fe c0 7b db e8 ef d6 e3 eb ee fa ff c8 d7 df ce d9 e0 fe 83 53 0e 1a 20 f8 ff ff dc e7 f3 ef fb ff cd da e2 e7 f4 fc fe 6c 4b 20 2b 31 ff 80 53 db e7 f1 15 20 26 c4 d3 db c9 d9 e0 fe d4 85 fd 72 4d eb c0 7a d4 e1 e9 ff 6c 4a 31 3e 46 13 1c 24 d3 e0 e9 ee f9 ff ef fa ff d2 dd e6 10 1a 21 ff 7e 53 cb d7 df 19 25 2b f1 fc ff d7 e3 ec 19 23 2a 5f 6b 72 b4 bf cb f3 9f 62 d0 dd e4 ff 7f 53 eb f7 fe 13 1d 23 f2 fb fe ff d2 7e 98 a6 b1 0c 17 1d c0 cf d7 c2 cf d8 2d 38 40 ff b9 74 ff 6f 4b f1 fc ff 7c 8d 96 55 64 6d 11 1b 21 db e9 f0 ff 9b 62 ff 85 58 ff 5a 48 c2
                                                                                                                                                                                                                        Data Ascii: PNGIHDRyy*$~{PLTETDZ{S lK +1S &rMzlJ1>F$!~S%+#*_krbS#~-8@toK|Udm!bXZH


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        104192.168.2.749843119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC667OUTGET /im.qq.com_new/de9c920b/img/guild-5-1.cae9b87a.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:52 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 24909
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:52 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 720a01fa-6d63-4e5a-8d0f-8483a880c4d7
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 67 00 00 01 5a 08 06 00 00 00 5b be fa ff 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRgZ[pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC8995INData Raw: 6a 94 36 22 54 7e b2 0a 83 10 62 2e 6a a5 21 84 e8 76 68 6c fa c8 23 8f 04 e5 72 d1 d2 63 cf 3d f7 74 3f ab c9 51 23 0c e7 f3 c8 58 c7 33 6a 97 7e b8 ec b2 cb 5c 48 8f ce f9 71 43 a5 eb 56 5b 6d e5 d6 ff bc fb ee bb 83 5e 8b ab b7 df 7e fb b9 26 b5 5d 09 e3 70 ca 29 a7 d8 26 9b 6c 62 4f 3f fd 74 70 5b 13 c2 d9 c7 1e 7b ac 0d 1c 38 d0 56 5a 69 25 13 a2 d9 91 38 13 42 74 2b 88 22 96 f7 a1 4a 33 04 dc a5 43 0f 3d d4 e5 3b 75 86 9b 6f be d9 3e fa e8 23 d7 5f 2d 2a e4 77 e1 52 21 26 6a d1 ab 6b ec d8 b1 b6 f5 d6 5b bb 2a cc 97 5e 7a 29 48 ec 9c 7b ee b9 b6 d4 52 4b d9 be fb ee db 65 fd cf 80 66 c3 17 5c 70 81 eb 87 37 7d fa f4 a0 d7 72 7c 38 67 47 1d 75 94 cb 41 a3 6a 55 3d d0 44 33 a3 ab 5f 08 d1 6d e0 5c 11 d6 7a fc f1 c7 dd 12 3f 51 a1 b1 2d ad 27 aa e9 b3
                                                                                                                                                                                                                        Data Ascii: j6"T~b.j!vhl#rc=t?Q#X3j~\HqCV[m^~&]p)&lbO?tp[{8VZi%8Bt+"J3C=;uo>#_-*wR!&jk[*^z)H{RKef\p7}r|8gGuAjU=D3_m\z?Q-'


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        105192.168.2.749841119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC665OUTGET /im.qq.com_new/de9c920b/img/guild-6.1dc4108f.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:52 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 47110
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:52 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ad63c15d-7a54-463e-8821-03900dcff6f6
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 fa 50 4c 54 45 4d 3d 2e 5c 52 5e 34 2c 35 70 72 81 16 42 95 0f 3c 90 fe fe fe f1 ea 39 f2 e8 29 2e 50 9c ab 86 c8 24 4a 9a b0 8f cb e8 f7 ff 39 56 9e 40 5b a8 ef db 27 a5 7f c8 ce 91 72 55 3d 29 9d 78 c7 f2 ea 45 fe e2 5a 34 55 a7 cb 8b 68 b8 9b cd bf 8f 7a 5e 48 2f d3 9b 7e 56 64 e9 da b1 b6 19 48 9d dd ac 8a d9 b8 bf 70 4e f1 fe f1 81 fa f8 ee ca b5 d5 47 35 25 25 15 0d d9 a3 81 6c 53 34 bc 76 59 8b 69 be 4a 61 aa dd b4 98 b1 88 a2 8a 7a 5f b2 97 8d c3 82 5e 8c 87 73 d5 9a 74 51 43 3f d9 c1 cb f1 f1 fa e3 ca c3 7d 7f 91 ba 9f 97 26 4f a5 56 48 64 5e 55 6c 7e 67 ba 75 5a 41 78 65 4c 60 5b 57 95 70 c4 46 3c 35 7a 55 f4 96 6b 51 c0 a7 d2 af a7 84 bf
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTEM=.\R^4,5prB<9).P$J9V@['rU=)xEZ4Uhz^H/~VdHpNG5%%lS4vYiJaz_^stQC?}&OVHd^Ul~guZAxeL`[WpF<5zUkQ
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC16384INData Raw: e9 ff 15 7d 69 39 f6 dd 7e 8e 92 57 3f 45 f6 ba 76 c7 87 52 b0 db 63 bb 56 5d 5a bd b1 0e 63 ae c8 cf 68 91 13 26 83 0d 4c ad 31 af 1a d4 08 db f7 84 4d bf c0 6d 30 27 da 36 08 73 a3 fa 1c a1 a3 41 5f 9a 2a 81 20 e6 06 be 7d fa 5f b0 05 7d 41 e5 23 e0 8b 54 23 df b9 1c 34 c8 c2 d8 42 72 0c 5b a0 ec a1 b3 bc 03 f3 21 3f 81 c5 fe 59 15 df 80 0b 92 16 a4 24 fc a7 20 23 f1 46 a8 2b d0 cb 48 a7 68 19 c2 19 66 37 83 d3 37 f8 00 87 49 00 03 31 bc 1b ed e8 3c 35 3d 8d c5 a5 ee b2 8d ad ad ad 1b 21 8c d7 75 9a 7b 32 7a 52 7a 32 ee b8 03 bf c9 16 ad 6d 8f 1d 01 f0 13 2a ef 7d 22 87 49 00 6e 8c a6 00 0e be 26 b1 01 19 bc c6 1d 00 60 b3 50 fa 8f a6 2d cd 6c de c4 93 36 fe 15 4f ed a2 de 1a 70 c1 6c ac 86 c7 1e db b5 6b d7 aa ea d7 b7 6c d9 b7 6f df e6 15 5b 86 92 d1
                                                                                                                                                                                                                        Data Ascii: }i9~W?EvRcV]Zch&L1Mm0'6sA_* }_}A#T#4Br[!?Y$ #F+Hhf77I1<5=!u{2zRz2m*}"In&`P-l6Oplklo[
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC14812INData Raw: ca c0 dc 0d 63 b6 76 a8 d5 d7 cb 59 2f b5 1e 56 a5 78 ca 71 db 25 43 0d 71 bb d3 c8 d6 e7 45 6d b3 8f 69 f4 00 0d cd 3d 78 fa e3 ef 7c 07 b3 1f 7f 31 48 82 0d 68 2f cb cf 23 85 fc b0 d3 3e 2d 85 a6 d4 18 57 73 35 ef d9 c3 f4 ba 9f 8d e7 e7 4a 6f 64 e7 74 73 7e 3b fb 51 2c e4 f6 fc f9 f3 23 d3 59 de a0 f4 35 64 75 05 15 db aa 55 df fa 16 9b 6a 10 23 91 57 dd 86 b8 09 b9 13 2d df fb de eb b0 04 1a 5e a3 d1 f6 65 c7 6c 4f 9f fa 38 6d 7e 50 22 65 dd 66 46 38 75 1b 19 15 27 6a 54 4a 3b db f8 4d a8 ed c9 9e 4f ff b9 09 34 83 8d 0e 6c 07 1b 5f eb 93 e9 de 2a 82 5a d0 9b df 9d 9b a1 4e d2 6a db 95 66 87 c9 ea af 71 e6 d4 92 7c 06 6f 0c 36 43 0d 6c da 6c 73 64 33 33 f4 2c b7 61 b6 02 b0 61 36 cd 43 66 62 60 4b e2 b5 44 15 99 24 a9 e4 25 0c 87 d4 70 8d 6d 6d c1 b6
                                                                                                                                                                                                                        Data Ascii: cvY/Vxq%CqEmi=x|1Hh/#>-Ws5Jodts~;Q,#Y5duUj#W-^elO8m~P"efF8u'jTJ;MO4l_*ZNjfq|o6Cllsd33,aa6Cfb`KD$%pmm


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        106192.168.2.749842119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC665OUTGET /im.qq.com_new/de9c920b/img/guild-7.12c86460.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:52 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 59873
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:52 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: c0aeb5fe-c300-4992-b0ba-8809191f07d7
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 f7 50 4c 54 45 0d 15 2d 29 06 1d c8 cc df 1c 2a 48 8c 04 41 30 52 75 12 04 0d 8d b4 cb 2f 52 74 d5 da ea fb fb fb e9 f0 f5 be f3 fd 74 89 9b fc fd fe 0a 05 0e 14 0f 0c 0e 0b 08 1f 30 4f 33 0b 28 22 06 1c 2d 41 66 2b 3c 5d 27 36 53 1b 2a 4a 32 4d 75 17 25 44 20 28 3e 07 0b 18 36 49 6b 1c 22 37 2c 06 1d 16 02 10 0e 15 32 f4 f6 fa 11 1b 39 3a 53 7b 13 1f 3f 0a 0f 22 5b 54 5a 25 2e 45 30 53 81 52 4a 4d 22 33 5c 2b 43 71 16 1c 31 5e 5c 70 4a 44 47 3a 5a 89 63 5e 68 65 63 6f 53 4f 57 12 17 29 69 68 77 4b 63 8c 60 5a 60 0a 10 2b 5b 59 67 40 13 34 ef ed f2 1d 14 11 66 61 76 d0 c8 d5 cc c2 d0 38 43 5d 3c 61 97 ac a1 a8 20 3e 5f 33 3c 53 d8 c9 d9 c9 bd c9 6c
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTE-)*HA0Ru/Rtt0O3("-Af+<]'6S*J2Mu%D (>6Ik"7,29:S{?"[TZ%.E0SRJM"3\+Cq1^\pJDG:Zc^hecoSOW)ihwKc`Z`+[Yg@4fav8C]<a >_3<Sl
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC16384INData Raw: 0d a9 e1 8a 76 fb 55 b0 fd f4 c3 0f d0 c2 4f c2 6d 7f 7f 1f cb dd ab dc 90 c1 c6 13 b0 d1 03 76 e7 f3 3b 9f 5f fd 01 6a 8a 8d 8d 01 d2 4a 93 1d 55 2f 04 b9 6c d0 d1 aa 51 3a 06 64 06 86 a8 84 ad ca ba ed 5f d8 aa ca 5a 5a 5a 78 c6 0e 39 b0 8d 06 2d 37 c0 41 0e 66 4f 2b 37 44 4f 32 d8 74 ae ff 9c 53 9c 86 78 c1 5f 9c 61 68 26 4a 5b 4e fe 48 bc 46 4f c5 58 28 32 ee 1c e7 16 71 27 95 d5 80 3b 72 ac 7e b3 a3 68 36 d7 a9 c5 0d 07 8a ad 41 4d fa 09 c0 f6 7d 9e 40 49 fd 66 d5 e1 64 78 86 be 11 47 89 1b f9 24 95 1b a8 84 dc 4c 91 de 82 9f e1 53 87 43 5a db 53 63 3a 67 92 49 14 26 1d a1 de 87 1b d4 94 5b aa 8c 0f cb 9e aa a0 10 6c 9c 3b 1b 25 f9 35 88 2a 8a d8 f4 c1 62 43 c2 6d 42 1b 6e 05 bb 7d fe 1e ab 71 15 b8 bd 26 86 a3 26 b3 7e 03 9b a5 c6 9f 5c bd a3 39 0c
                                                                                                                                                                                                                        Data Ascii: vUOmv;_jJU/lQ:d_ZZZx9-7AfO+7DO2tSx_ah&J[NHFOX(2q';r~h6AM}@IfdxG$LSCZSc:gI&[l;%5*bCmBn}q&&~\9
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC16384INData Raw: 0e b3 a2 df 1f 8a f7 50 37 88 b6 62 4f e1 b6 dc 08 bb ad b9 85 85 ad c5 ed 75 da 0a 4a 80 d9 db d6 09 b5 ad b1 31 76 ab eb b7 46 3b 26 4d 98 93 bf f5 1d b5 ed 23 f9 19 21 1c 6c db 04 eb 24 a1 48 30 f0 85 6f bf ed dd 5a bf 00 bb 37 30 d2 e5 1f 1d eb 08 75 c6 fa 39 dd 08 75 86 39 ef b9 6c 76 e8 48 c3 43 d0 f2 01 75 5a ab 1d d5 68 a9 f5 d2 63 5d 54 b7 03 f5 60 3f 84 d7 0f 61 84 3f 42 c2 4c 3e 8e ac 1a 64 b6 c5 7c f3 8c d7 84 57 30 73 db 91 89 81 30 c9 e0 8a c8 f1 55 cc a7 68 99 b7 01 37 a0 21 f1 94 8d 1d 2f cf ee 7b e3 1b b4 68 f2 95 af 7a 25 dc fe f0 fb 3f e0 26 99 05 e0 24 01 aa c7 91 42 8d 9b e8 64 a1 32 5c 68 f1 93 90 18 db f2 62 dc 17 5d ef 99 be 84 93 54 9f b2 3c 81 8f 45 b6 9a bf d3 e5 43 e1 4d b8 ff 83 00 26 76 26 4f 97 10 79 27 3a 2f 21 86 04 59 0f
                                                                                                                                                                                                                        Data Ascii: P7bOuJ1vF;&M#!l$H0oZ70u9u9lvHCuZhc]T`?a?BL>d|W0s0Uh7!/{hz%?&$Bd2\hb]T<ECM&v&Oy':/!Y
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC11191INData Raw: 1d 21 55 1d 78 f5 b1 11 4f 2a 8d 58 c1 b6 7b 49 d7 b7 a5 e5 45 69 5d cc b9 ca 42 eb bf 5e 25 4d 4f 47 c4 5a 6e 3e 35 71 60 04 c3 c9 2c c6 6c c4 04 34 31 6b 3b e6 10 dd da c1 e6 12 90 c6 37 80 23 fe 70 82 3d ec 27 c9 07 e6 36 58 d8 04 9a e8 9b 66 0d b8 bd 1c 32 b6 18 2b 1b b1 14 b9 58 d5 f5 aa 5c b5 4d b8 55 25 5e 21 79 51 26 1c bd 02 b7 71 6c c3 ef 77 c5 88 d5 1c 48 58 4c f6 c4 62 8e a3 01 8d 24 29 70 d9 13 9e 76 f6 6d 44 98 1e bc ab eb b2 60 3b 7e 1c 9d fb f3 d8 38 a5 a1 a3 a3 a1 d0 68 d6 25 d0 0a c5 de de 7e ab db 61 9a c8 e7 09 67 38 64 ac bf 57 93 fe ac b1 b4 b9 11 43 59 58 95 e0 32 a6 12 4d 23 43 a8 b8 cc df a1 a9 72 2f e4 c8 c7 73 df cd 05 86 52 74 4d 38 8d 7b 45 87 9c a4 d9 25 d8 32 49 8b 27 c3 a7 1e 97 52 35 94 8b 9d 2b 74 e0 83 48 0a b3 52 37 f5
                                                                                                                                                                                                                        Data Ascii: !UxO*X{IEi]B^%MOGZn>5q`,l41k;7#p='6Xf2+X\MU%^!yQ&qlwHXLb$)pvmD`;~8h%~ag8dWCYX2M#Cr/sRtM8{E%2I'R5+tHR7


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        107192.168.2.749840203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC392OUTGET /im.qq.com_new/de9c920b/img/guild-logo-4.2763deef.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:52 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 11928
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:52 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 1855853c-2013-4af4-8912-191b630a9081
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC11928INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 03 00 50 4c 54 45 00 00 00 31 39 5f 23 27 3b 5a 5c 8c cd d1 d5 32 38 64 db df e5 4e 52 b9 25 2d 50 22 26 47 23 2c 53 68 9b d8 33 3e 64 26 2d 4d 1e 21 3c 3d 49 78 1a 1e 33 4b 51 ab 3c 43 7f 48 5b aa 3a 44 71 c5 cb d1 f6 f9 fb 3b 45 9b ff fd ff 2a 2b 3b 17 1b 2a 1d 22 31 2c 2d 3e fc fd fe 25 27 38 29 26 34 16 18 25 23 25 33 3b 35 43 13 15 21 2f 30 42 1c 1e 2c 2d 2a 37 41 38 46 31 2d 3c 2c 33 4c 20 25 45 25 2c 44 1f 24 3c 37 31 3f 1f 24 35 23 29 3f 31 38 51 1b 20 38 3e 42 5f 29 36 56 48 53 7c 37 4a 76 3d 4e 7d 30 3f 6a 36 2e 38 49 52 73 37 3e 5a 33 41 62 2a 2f 47 33 33 46 2d 3a 64 50 58 93 3d 4a 6c 41 47 65 4d 59 7c 34 44 6d 40 56 88 32 3a 57 25 30 4e 4a
                                                                                                                                                                                                                        Data Ascii: PNGIHDRyy*$~{PLTE19_#';Z\28dNR%-P"&G#,Sh3>d&-M!<=Ix3KQ<CH[:Dq;E*+;*"1,->%'8)&4%#%3;5C!/0B,-*7A8F1-<,3L %E%,D$<71?$5#)?18Q 8>B_)6VHS|7Jv=N}0?j6.8IRs7>Z3Ab*/G33F-:dPX=JlAGeMY|4Dm@V2:W%0NJ


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        108192.168.2.74981843.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC728OUTOPTIONS /collect?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC404INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:52 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: GET,POST,OPTIONS
                                                                                                                                                                                                                        Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization
                                                                                                                                                                                                                        Access-Control-Max-Age: 86400
                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        109192.168.2.749844129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:52 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069911609&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:53 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        110192.168.2.749845119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC665OUTGET /im.qq.com_new/de9c920b/img/guild-8.2357f6e0.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:53 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 78041
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:53 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 4c42ff34-d7c9-489e-a50c-fa65ab4f0c9b
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 fd 50 4c 54 45 52 60 6c df e9 f1 c6 cd d7 d2 e1 e9 89 94 a1 e5 ee f5 d8 e3 eb 62 75 83 ce de e6 db e7 ed d2 de e5 90 a5 b4 be c7 ce ea ee f5 b4 c5 cf f7 f8 fa f7 fd ff e3 ee f4 e1 eb f2 e3 ec f2 dd e7 ed e7 ef f5 cf de e6 de e9 f1 2a 33 37 d6 e3 eb 30 3f 46 da e4 eb d9 e5 ee e1 e9 ef 2e 3b 42 d6 e0 e7 d1 e0 e8 d3 e1 ea db e7 f0 d9 e2 e8 d3 de e5 2b 37 3d 3f 4e 58 35 41 45 cc db e3 36 45 4c 32 42 4a 5c 73 82 3d 4b 54 e9 f2 f8 33 3e 42 42 56 63 42 52 5c 47 55 5e 31 3a 3d cb d8 e0 3a 48 51 dd e4 ea 64 75 81 3c 52 5f 77 82 8d ce d4 da cf da e1 d3 dc e2 56 6f 7f 82 8c 95 2f 35 38 ee f4 f9 c8 d3 dc ce c1 bc 5e 76 88 53 73 88 4b 59 62 54 60 69 3b 45 46 a0
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTER`lbu*370?F.;B+7=?NX5AE6EL2BJ\s=KT3>BBVcBR\GU^1:=:HQdu<R_wVo/58^vSsKYbT`i;EF
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC16384INData Raw: 03 d7 c1 cf 68 63 58 f5 f0 70 1f d4 8e e8 d6 8d cd 67 36 6e fc fc ef bf ff 0e b2 28 a2 3a 36 a0 9b 5c d3 83 a9 05 db 20 1b ab a1 ac 29 7b 66 bd 91 de 48 6c 56 e5 c3 d3 62 06 e9 a9 11 f2 b1 c4 64 22 29 d7 f1 da f0 4d 94 c1 9c 95 a5 45 1d cf 2b 73 9c 78 f7 a7 89 8c 94 00 92 9e 60 17 9c d0 ae 60 e2 03 f8 25 89 4d 9b 4e e0 16 9b b2 ca 2a 85 b4 28 e3 93 07 7c 63 00 47 af 00 1b 5f 6b 32 39 64 54 8d 8d 07 45 73 23 c9 8c 46 40 17 e8 4b e0 6c 19 8a f6 94 0e d2 49 05 48 71 2d bd a6 ca 83 03 a3 1c b9 0d 47 91 76 04 07 ba 75 93 dd ba 73 39 5f 31 9b 2b 22 22 bb af c2 b7 71 eb fa fa 7a 71 21 7b 12 21 03 29 b8 e6 49 09 78 1a 6c 48 fd ad c2 44 02 ff b1 ca 4d 88 61 30 5c c8 4f da f1 77 fb 1d 6a 32 86 66 e4 38 7b 09 92 91 5e 0d b7 c9 d1 a5 d1 d1 cb 0f 35 8d cc dd 1e b8 bd
                                                                                                                                                                                                                        Data Ascii: hcXpg6n(:6\ ){fHlVbd")ME+sx``%MN*(|cG_k29dTEs#F@KlIHq-Gvus9_1+""qzq!{!)IxlHDMa0\Owj2f8{^5
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC16384INData Raw: 3d 43 fc e7 19 64 19 2a 85 5b 2a 80 85 e8 ee c8 e0 19 99 16 ef 90 53 a0 e2 11 41 04 c0 33 f3 4a 26 fe 06 4f df fd 70 bf d0 13 7f 0d 3f 74 ba a7 6f 96 ad 79 e3 d8 b6 23 7f 42 f2 53 f6 2a 4c 18 e2 a0 18 52 b9 1f fb 6c 3f cb 8d 11 93 8b d9 fd b2 b2 b7 8e ad 29 7b 91 78 c9 08 08 cf b6 eb 86 87 7f 0d bc b7 7e f3 b3 37 3e 1d 1e 43 f1 dd 57 d3 de 6d a3 f3 ac 4a 03 5b 61 a4 8f f8 97 3a 71 fa da c8 00 65 8d 78 81 cd 5d 91 56 24 51 23 44 aa 42 09 7f a1 c1 70 c3 e7 14 2a 57 e2 9d 30 ce b6 c4 a0 5c 25 9d 80 04 ed 42 7d 56 96 2b 37 33 37 b0 d5 77 49 ea 44 66 a0 b4 82 9c e3 2b ce e7 ee 9c 2c 70 f2 dc 13 40 1b 20 60 9d 58 17 23 12 49 d4 59 50 b3 1b c8 30 b0 15 c4 cf df 39 b7 61 fd 86 93 e5 0e 4e 33 60 3b a4 04 9b 64 fc 47 1b 98 bf bd 8b 1b f5 be b7 d7 ff 61 df 8e dd c5
                                                                                                                                                                                                                        Data Ascii: =Cd*[*SA3J&Op?toy#BS*LRl?){x~7>CWmJ[a:qex]V$Q#DBp*W0\%B}V+737wIDf+,p@ `X#IYP09aN3`;dGa
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC16384INData Raw: f8 e5 55 0e 37 79 4a c9 52 e4 2f 7a 36 d8 d0 ef 2f 2c 2d 48 c5 96 7f c0 b6 b2 d2 0b a5 12 d1 3f 92 b7 1c cb 48 ba 07 36 ad 77 90 37 b7 8f 46 b0 ad 9f 3c 39 17 6e 53 d6 7b cd 0a d8 94 43 df 7e fb dd a1 0e ad 4c e5 a7 51 c6 9d 5d 43 eb 0c 86 58 83 0a 65 0b d9 2e 0b c1 c9 3b 66 42 b4 19 56 57 7d 8d 4a a3 b5 5a b4 b6 00 b5 7f ac 7f ad 88 16 1b 1b 4b f4 15 b5 5b 0d 25 11 b1 86 88 32 ee 00 e9 6a 2b 38 61 57 61 d7 eb 4d 7d 47 36 df 7c fd f1 2f 4f d9 db 04 cb 1c d1 44 5e d2 56 b3 9a b2 bc 91 ca 60 96 5a 71 e5 ba 67 de fc 3d 71 9c e5 38 fb e0 f8 a9 09 0e 35 5c bf 39 e6 99 94 98 e8 a2 94 c4 fc 12 3d 3d ba 88 32 7a 1e 23 cd 37 3d b7 63 47 e7 91 1d 1f 3c 0d c9 d0 1c 74 43 99 27 0f de bf 93 8d b9 c4 49 6c 64 5d f1 ee 83 bb bb a2 e0 d9 4d 4a 0d 0c f4 d7 06 be 11 c7 c9
                                                                                                                                                                                                                        Data Ascii: U7yJR/z6/,-H?H6w7F<9nS{C~LQ]CXe.;fBVW}JZK[%2j+8aWaM}G6|/OD^V`Zqg=q85\9==2z#7=cG<tC'Ild]MJ
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC12975INData Raw: fb ec c5 d1 fe e7 df 9c 4a 17 eb 58 ff 1f b0 53 11 40 68 c7 7a 5c 5a 23 d9 91 9b 6d 41 07 31 31 91 4d 74 0f d0 a3 c3 ba b3 e4 48 5b db 68 ca 6d d0 e0 8c fd de b1 86 d5 e4 ec 60 5b 5d ce 96 9b 6e a5 1d 6c 21 df 95 8f 72 73 46 cd 0c 3c a1 67 0a e0 20 ef f5 14 ee 6a 36 b9 10 f1 8d 9b 06 27 6f c6 35 42 3a fe 29 e9 21 94 14 5b ab 28 25 51 b9 fe 6c 20 72 83 12 f6 68 e8 12 01 35 60 93 ca e8 bf 13 00 a5 cd 14 1a b2 44 2c a8 d3 96 6b 49 8c c7 18 60 ed d4 11 a5 60 72 1d 3a 1d 60 81 3e af 10 e0 e5 c0 7f 1a 19 24 48 d4 ea 0c 9b c6 26 6f 60 24 c6 9c 22 e0 2a 55 60 03 b7 1a 12 02 e1 ff 95 ed 16 b8 de 46 f6 4d b5 25 5d 6b 23 38 c4 7a fa 6f bf 46 80 b7 7b 64 b0 ad 5e 9c 63 fd 2c 43 dc 07 d1 da d1 68 76 1f 9b fd 46 5b ed a3 4f 3e 69 b1 70 83 a5 07 76 00 db b1 64 db db 2e
                                                                                                                                                                                                                        Data Ascii: JXS@hz\Z#mA11MtH[hm`[]nl!rsF<g j6'o5B:)![(%Ql rh5`D,kI``r:`>$H&o`$"*U`FM%]k#8zoF{d^c,ChvF[O>ipvd.


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        111192.168.2.749848203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC387OUTGET /im.qq.com_new/de9c920b/img/guild-5.fe6684a7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:53 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 62227
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:53 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ff4e9090-8a34-404e-9d55-b409f93d3646
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 0c 0f 10 65 70 77 0e 10 13 1d 23 25 ff ff ff ed f5 f9 28 2e 31 4d 56 5b 41 49 4d 32 39 3d 18 1c 1e 20 24 26 0e 12 14 0d 10 12 10 14 16 12 16 18 0b 0e 10 03 04 04 05 06 06 14 18 19 14 19 1c 09 0c 0d 17 1a 1c 13 18 1b 11 13 14 fe ff ff 28 2e 30 07 09 0a 1f 25 28 23 2a 2c 1a 21 24 26 2b 2d 17 1c 20 18 1e 22 21 27 29 1e 22 24 2a 2f 33 2b 31 35 18 1d 1e 15 1b 1f 1a 1f 20 27 2c 2f 1c 21 22 39 40 44 2d 34 38 32 39 3d 2f 36 3b 24 29 2a 1c 23 27 3b 43 46 36 3e 42 3c 45 49 0b 0d 0d 3f 47 4c 20 28 2c 21 25 24 34 3c 40 24 2c 30 14 16 16 50 5b 60 44 4d 52 42 4b 51 49 53 59 4b 55 5b 27 2f 33 47 51 57 30 37 38 4d 57 5d 41 49 4e 52 5d 63 45 4f 55 55
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTEepw#%(.1MV[AIM29= $&(.0%(#*,!$&+- "!')"$*/3+15 ',/!"9@D-4829=/6;$)*#';CF6>B<EI?GL (,!%$4<@$,0P[`DMRBKQISYKU['/3GQW078MW]AINR]cEOUU
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC16384INData Raw: 9b 1a ba f1 77 94 44 a4 55 8c 74 4f b4 76 79 f8 7a bb ee f5 d2 f9 1d 36 3b 12 0e 6e 9c 92 08 b1 81 5b 28 6d 53 47 f7 27 48 6a 2d d3 18 5e 6e 63 4f 43 b1 ad ff 4b 7b ac 0e 1c 3f 18 5b 12 63 11 73 67 45 a3 52 ab 23 fc 35 01 01 7c b4 3c 31 33 8a 8d 4a 6d 72 8f 1a 15 9e 2e ac 34 ca 2d 68 09 94 0f dc 05 0e a8 4d 66 4f 69 a4 33 c9 0d b7 0c b1 0d e0 e4 32 e1 23 15 84 4d 21 7a 5d e4 25 c1 be c7 50 db 69 98 98 d0 2b 13 4e c4 c4 c6 c4 c4 46 0c 5e 33 54 44 ee 3e 7e 42 a7 d7 e8 23 aa f0 17 18 34 5e 9c 01 36 b1 b5 4d 0c 23 f0 a9 69 f0 1f f9 a1 b8 70 16 9c c1 df 79 df 82 52 d3 98 eb d9 b4 e2 ad 70 70 74 f2 75 0b cc ca 4a 39 17 ef ad 18 08 d9 dc 3a 36 90 ca d8 8c 5e 12 ea da 1a 89 86 7f 64 5b 9a c9 9e 96 b0 01 1a a8 3d 4f 87 da dd 18 1f 6f bc f4 f6 c3 9c 3f 9e 56 94 44
                                                                                                                                                                                                                        Data Ascii: wDUtOvyz6;n[(mSG'Hj-^ncOCK{?[csgER#5|<13Jmr.4-hMfOi32#M!z]%Pi+NF^3TD>~B#4^6M#ipyRpptuJ9:6^d[=Oo?VD
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC16384INData Raw: a7 06 5b 35 b7 35 cf 66 27 a6 27 5e 7a 7c fe 51 b5 b7 c1 66 16 b9 bf bb 85 1e 54 63 fb be be 8e f6 f2 60 32 95 07 1b cf 82 c6 1b 4a 1c 03 19 f6 09 13 5b 46 81 26 e3 4f 32 ba 17 73 b9 71 fa aa 6b ee bc 6b 8a c3 89 80 eb 7b 70 df dc c0 78 72 33 83 75 3e fc 06 4a c3 51 de 60 d7 e3 e0 9c 20 3d 1d cd e2 0d 8f e5 f8 3d 60 aa 3a 4b 9a 86 04 1e 4d d7 23 5a b6 1c 8c 22 98 aa d5 54 74 2d 6e d8 2c 0f 4c 08 db 52 4c 52 99 72 5d 95 d5 64 9e 02 12 ed ea a2 c8 47 9b 98 9a 71 2c ab d8 94 bf cd f4 5d 06 68 74 f2 fc 28 06 a0 c6 8f 92 4d 84 62 25 5d b4 69 e7 a3 ca 5d 9b 66 a6 a6 a7 a7 a6 b7 4d 4f 4f 1f 94 f4 4b 46 47 37 5d 7e 68 6c 44 b0 4c ff 79 20 e4 58 b4 74 10 c3 76 e8 9b 73 ef 5e eb 5a 6d 26 9f cd bf 44 a0 e1 b4 4d 69 db f5 c2 b6 dc a4 da b8 55 4a 57 96 78 5f 49 48 f2
                                                                                                                                                                                                                        Data Ascii: [55f''^z|QfTc`2J[F&O2sqkk{pxr3u>JQ` ==`:KM#Z"Tt-n,LRLRr]dGq,]ht(Mb%]i]fMOOKFG7]~hlDLy Xtvs^Zm&DMiUJWx_IH
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC13648INData Raw: 81 2d b5 59 77 e7 50 cf 59 7c b8 35 a6 88 69 39 bf 87 f1 64 35 ef b2 2c fa c2 50 ac b5 aa 77 30 97 b2 39 8e c7 af 73 99 76 e1 e2 dc b7 4e 48 c6 9a a1 56 1b 08 de 12 73 5d 8e 80 d5 69 c4 31 dc 7a c0 e4 d8 98 a0 33 ff f3 25 eb 6b 72 82 4d 52 d3 b6 1a 38 e3 c6 51 dd dc b8 40 fe 45 ce d6 46 3c 1f 97 32 d5 69 c7 14 37 8c ad fe fc ea 2a d4 56 e7 19 62 d1 20 6a e6 22 85 62 c9 e1 bb 50 bb 7b f7 d3 37 2f e2 41 fe 31 3d 43 e6 7e 9c 5c 0b 4e 40 ac b9 a8 73 f9 7e 2b c5 e9 65 9a bb 50 24 bf f8 ce e0 48 1f 19 be c5 02 af e4 ac 5d ea ee ec 72 d2 23 59 de 52 7e 83 d5 99 8b 82 53 f9 e2 9a 76 64 90 5b 78 48 64 6d 02 b6 9c 04 1a 37 6f 18 36 de 98 3d bd 4e 09 b2 e1 83 0a 6c e5 a5 a5 cc 11 11 07 5d 5c 45 e4 ee 27 0a a9 ed 2a 87 c6 d5 dc 6c 58 2b 29 9e b3 b3 a1 7c 1d 6c a6 6d
                                                                                                                                                                                                                        Data Ascii: -YwPY|5i9d5,Pw09svNHVs]i1z3%krMR8Q@EF<2i7*Vb j"bP{7/A1=C~\N@s~+eP$H]r#YR~Svd[xHdm7o6=Nl]\E'*lX+)|lm


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        112192.168.2.749847119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC666OUTGET /im.qq.com_new/de9c920b/img/guild-11.dabd0e54.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:53 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 64092
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:53 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 28e9bb9d-f7d5-4dbd-8383-88e978395d05
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 2e 3b 29 34 2f 15 39 1a 07 54 53 3a 57 5d 41 6c 74 60 57 61 47 23 1f 07 59 56 3e e3 e3 ce 86 8e 7e 3a 48 3e 32 50 4a 42 50 36 3d 44 2a cf d3 be 32 34 1c 21 1a 05 22 1d 06 1e 1c 05 23 18 04 1f 18 05 20 1f 06 22 22 08 91 9e f5 8d 9f f5 8d 9b f4 92 a2 f6 26 20 07 25 26 0a 98 a4 f7 25 23 0e 95 a1 f6 21 2c 17 8d a2 f6 23 1f 0b 8a 9c f4 8a 98 f2 9a a8 f7 25 30 1c 9f ac f7 88 97 f6 25 25 15 28 2b 18 8f a6 f7 28 2a 10 21 28 10 1e 1c 0c 2b 24 0d 1f 2a 1d 9c ac f7 9f af f7 2c 3a 26 66 38 95 2b 33 21 1e 27 16 20 22 0f 2e 28 12 4e 58 44 4f 58 3b 24 3e 2e 68 73 5f 28 36 2a 59 6e 56 83 91 f4 2b 3c 32 63 6d 58 2f 38 2c 53 5d 3d 2e 2f 14 84 95 f2 94
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTE.;)4/9TS:W]Alt`WaG#YV>~:H>2PJBP6=D*24!"# ""& %&%#!,#%0%%(+(*!(+$*,:&f8+3!' ".(NXDOX;$>.hs_(6*YnV+<2cmX/8,S]=./
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC16384INData Raw: be 08 ef a6 a4 32 e3 90 01 57 66 9e 17 fb 72 96 1e fe 33 9b 9d ee 37 2b bf 2f f1 a4 71 d9 ba a4 b4 ad 75 92 d8 39 61 23 6b 53 16 a9 68 f8 ec 84 2f 44 f8 03 fe c2 c5 b8 a9 dc 77 b3 4d 16 bc 82 07 d3 19 d8 39 b0 c5 17 9b 92 4e 45 a0 6a 4f f2 46 36 9c db c5 b8 89 ee 9b d8 01 5d 52 d0 78 7d c2 7c 9b a9 83 73 42 6e 25 b9 93 13 6e f8 36 61 fb 1b bf 86 c2 99 6f e3 f7 da fc c0 ed cd a7 58 27 09 36 fe 6c 56 39 89 91 7c 9c 2d 37 20 d3 29 8a 5a 98 2c 42 a0 d2 ea e4 71 f3 0e 7d e0 0e 9e 8d d3 38 14 7a 0b 36 88 f8 98 ca a0 6d ad a3 3d 73 19 c9 4a e7 b9 21 46 26 4d 0e 93 1e 4b ed 0f f7 64 59 88 4d c4 55 1a 16 4d 1d 37 26 10 d1 24 9a f8 d9 f2 f7 d3 71 21 6c c7 ec 29 aa 01 36 c2 39 b3 38 30 df 92 dd a9 29 c9 2f 90 5a 9c 4c 0b 2d 72 23 f2 6c 52 c3 c6 c3 55 ee 99 56 78 43
                                                                                                                                                                                                                        Data Ascii: 2Wfr37+/qu9a#kSh/DwM9NEjOF6]Rx}|sBn%n6aoX'6lV9|-7 )Z,Bq}8z6m=sJ!F&MKdYMUM7&$q!l)6980)/ZL-r#lRUVxC
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC16384INData Raw: e4 aa 5a a9 1f 55 84 58 e5 36 6a 53 de fa f8 c9 e9 bc 5e 07 30 0c 49 bb db 6a ff f2 cb 7c 5e 6d 77 ab f5 6a c4 db d2 0f 1b 8f 49 49 4a 4a 1b 00 c2 df 60 f6 86 39 81 9c 5c 20 79 2d 4c 12 06 76 15 af c9 08 ca 12 58 44 6f 7c b2 a8 d1 9a 03 86 b6 08 47 b1 d4 1a 71 36 48 e5 9c 7c 3e 4b 03 28 26 79 9a 35 f0 b3 9a 23 c8 d0 ed f1 cc 78 dd 23 96 8e c5 bd 92 1b cf 65 32 29 a0 cc 40 29 2f 91 cb 64 f3 b8 c8 6c d6 63 77 7b 39 ff e3 e9 c7 99 0f bf 7f 19 3a 32 bb e6 bf 54 28 34 4a e9 ed ed d7 32 b5 6d a6 c0 8a 7c 27 49 c7 55 35 05 6f 40 f3 5c 9c d1 38 6e 7c f4 d5 88 af 18 a8 1f 67 19 75 36 be b9 ba 1a 5e 84 a3 1e 85 28 40 2f 7b b3 59 78 36 c3 4b 04 e1 19 22 39 c0 a9 04 01 3c a2 ba f5 66 b4 72 52 49 e1 c7 ba a0 44 30 cd 7e 52 e7 42 92 7e dc e3 15 90 0d 61 63 c8 2b 61 48
                                                                                                                                                                                                                        Data Ascii: ZUX6jS^0Ij|^mwjIIJJ`9\ y-LvXDo|Gq6H|>K(&y5#x#e2)@)/dlcw{9:2T(4J2m|'IU5o@\8n|gu6^(@/{Yx6K"9<frRID0~RB~ac+aH
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC15410INData Raw: dd 77 df 1a 7d eb 3b aa 47 b8 4b d3 c0 d0 10 a2 c7 c4 c0 d7 fa e4 b0 64 87 b9 86 b1 3e 14 45 29 c4 42 ad 66 59 da 69 57 52 25 cd 10 de 44 3b 03 66 81 39 5b a4 23 26 c5 f3 ee 0c 40 52 41 e2 f4 0a db 43 69 be 92 db 3e 66 82 4d b4 13 e2 ec 24 90 4c a1 29 9c 34 c3 f9 7f de dc f7 45 95 3f cf 13 93 a2 76 10 89 2d 9c dd 76 ac e7 bc aa 1d 4d b3 a8 ca e8 b2 94 de 95 9b 63 f6 d4 42 05 2c 9c e3 f7 52 77 53 ee 2b 87 92 e5 0f 4c b8 88 14 e7 b1 fc ec c4 7b ed a0 ab 82 fe 7a 3d 28 83 59 03 95 f8 5f 7b 67 f7 da c8 57 c6 71 af 04 2f 14 77 57 77 6f 5c 4a d8 8b 81 84 64 1b 18 a6 69 1d a7 4c 67 0b f9 65 9b a5 8c 2c 22 c9 26 43 66 cd 22 cb 8a 4d 96 c8 96 25 8b a9 60 0a c6 8e 78 61 4b 0d 59 52 a1 24 f5 a6 a1 77 a9 c5 ab 22 ea ad e0 de 78 e1 a5 20 28 be 83 a8 9f ef 49 c1 bf 41
                                                                                                                                                                                                                        Data Ascii: w};GKd>E)BfYiWR%D;f9[#&@RACi>fM$L)4E?v-vMcB,RwS+L{z=(Y_{gWq/wWwo\JdiLge,"&Cf"M%`xaKYR$w"x (IA


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        113192.168.2.749851119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC671OUTGET /im.qq.com_new/de9c920b/img/guild-logo-11.b87d994b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC469INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:54 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8572
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:53 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 036504b6-84d3-40d1-8a27-32a74f6586c3
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC8572INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 02 f1 50 4c 54 45 00 00 00 ab b4 b5 61 6c 6f 77 81 86 96 a3 a5 88 93 97 60 6f 70 48 53 59 47 51 56 40 49 4f 4b 55 57 48 52 56 16 17 1b 4d 58 5d 44 4f 54 46 4f 55 92 9d a1 86 92 93 9b a5 a7 9e aa ab 47 51 56 85 91 91 90 9b 9e 93 9e a0 9e ab ab 93 9e a1 90 9b 9f 95 a2 a5 a2 b0 af 71 7a 78 48 52 58 87 95 96 99 a4 a6 85 91 90 79 84 80 93 9f a0 a2 b0 af 81 8f 8b 15 14 19 13 12 17 0d 0c 11 17 16 1c 19 18 1d a2 b0 af aa b6 b6 5a 65 67 4c 57 5d 53 5d 5f 9c a8 a8 aa b4 b6 11 0f 15 58 63 65 03 04 08 9f ac ac ab b7 b8 54 5f 62 46 51 53 02 01 05 0f 0e 13 5d 68 6a 4f 5a 5d 9a a4 a6 95 a1 a2 56 61 63 50 5b 60 92 9d 9f 69 74 76 49 54 56 98 a3 a4 a6 b4 b3 1b 1a 1f 91
                                                                                                                                                                                                                        Data Ascii: PNGIHDRyy*$~{PLTEalow`opHSYGQV@IOKUWHRVMX]DOTFOUGQVqzxHRXyZegLW]S]_XceT_bFQS]hjOZ]VacP[`itvITV


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        114192.168.2.749849119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-1.b1b04c2f.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:54 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 20188
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:53 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 382350f0-6137-4d9c-bc82-c6265226a23d
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fd 50 4c 54 45 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa dc 08 6e d1 40 ff ff ff fd fe fd fb fd fc ef f5 f3 f3 f8 f5 f1 f7 f5 72 d3 3e f4 f8 f7 f1 f5 f3 f9 fb fa 82 da 40 7f d8 3f ef f4 f1 f5 fa f8 78 d5 3f f7 fa f9 7a d6 3d 76 d4 3d 7b d7 40 ec f5 f1 89 de 43 86 dc 40 92 e4 46 8c e0 43 8f
                                                                                                                                                                                                                        Data Ascii: PNGIHDR #]^PLTEn@r>@?x?z=v={@C@FC
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC4274INData Raw: 38 94 4b 2b c5 79 fb c0 0d 21 e7 bd b5 ef 2e 5f 64 83 5f 70 85 01 09 de 17 1b 57 b6 ea d1 c1 24 94 b5 30 13 82 89 db 37 0a 0c 7d 8a 25 b5 fa 96 62 ce e2 16 af 32 4c 99 57 af 10 a5 6f 86 20 64 d5 04 30 bf e7 6f 3f b8 c1 0a fc 60 02 c3 c6 5d 7a 15 81 3a 1b fc e2 eb 6f c8 33 39 81 1f cb 12 e5 a7 9c e7 47 46 47 3f 4b 64 b1 24 75 32 ec 97 7e 1f dc 8c 70 84 2b 08 39 f5 67 c2 16 05 11 39 7c 7e f8 09 6c 87 fa f0 a3 dc f5 cf 59 f4 1b a3 da 6d 29 53 17 2e 5c 58 83 b1 f2 97 d1 b5 38 1c b6 85 2d 16 75 11 5f de 9e 6d e2 36 1b 31 39 7e 3e 2c 4e 42 63 a1 5a 0a 45 a2 d5 e4 1b a9 a1 96 26 04 b9 70 b9 9a 5b ff a9 6a 40 5b 9d 5f 40 be 02 76 16 17 cf 9e bd 4c e6 ed 8b 51 59 b8 35 82 f0 63 a6 01 ba 45 97 05 86 c6 eb d8 74 40 a7 5b 79 00 c6 ea 15 f3 7d 14 5b 71 34 90 13 47 18
                                                                                                                                                                                                                        Data Ascii: 8K+y!._d_pW$07}%b2LWo d0o?`]z:o39GFG?Kd$u2~p+9g9|~lYm)S.\X8-u_m619~>,NBcZE&p[j@[_@vLQY5cEt@[y}[q4G


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        115192.168.2.749850203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC392OUTGET /im.qq.com_new/de9c920b/img/guild-logo-5.87d757fd.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC664INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:54 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 9080
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:53 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:32 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 6d3a9502178a5107b1e7300091ac27ba
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 99db2d3a-9de8-4352-9783-7bb8d529a36d
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC9080INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 02 f4 50 4c 54 45 00 00 00 0c 12 16 c9 d7 e0 f1 fe ff fe 54 44 9f ae b7 b0 bc c3 ff 8b 5a dd cc c5 fe c0 7b db e8 ef d6 e3 eb ee fa ff c8 d7 df ce d9 e0 fe 83 53 0e 1a 20 f8 ff ff dc e7 f3 ef fb ff cd da e2 e7 f4 fc fe 6c 4b 20 2b 31 ff 80 53 db e7 f1 15 20 26 c4 d3 db c9 d9 e0 fe d4 85 fd 72 4d eb c0 7a d4 e1 e9 ff 6c 4a 31 3e 46 13 1c 24 d3 e0 e9 ee f9 ff ef fa ff d2 dd e6 10 1a 21 ff 7e 53 cb d7 df 19 25 2b f1 fc ff d7 e3 ec 19 23 2a 5f 6b 72 b4 bf cb f3 9f 62 d0 dd e4 ff 7f 53 eb f7 fe 13 1d 23 f2 fb fe ff d2 7e 98 a6 b1 0c 17 1d c0 cf d7 c2 cf d8 2d 38 40 ff b9 74 ff 6f 4b f1 fc ff 7c 8d 96 55 64 6d 11 1b 21 db e9 f0 ff 9b 62 ff 85 58 ff 5a 48 c2
                                                                                                                                                                                                                        Data Ascii: PNGIHDRyy*$~{PLTETDZ{S lK +1S &rMzlJ1>F$!~S%+#*_krbS#~-8@toK|Udm!bXZH


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        116192.168.2.749852203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC389OUTGET /im.qq.com_new/de9c920b/img/guild-5-1.cae9b87a.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:54 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 24909
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:53 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: f5ab4518-397a-4d0e-b7cf-821c5bb6dbeb
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 67 00 00 01 5a 08 06 00 00 00 5b be fa ff 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRgZ[pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC9098INData Raw: 4d 37 dd 14 6b de 59 21 34 c8 dd 61 87 1d 82 d7 c8 a4 9a f4 e8 a3 8f b6 17 5f 7c d1 ba 12 04 1a 89 fd b4 d8 08 71 fc 3c 08 71 fa b6 fd ed 6f 7f d3 1a 9c 42 14 20 71 26 84 e8 76 08 6d 11 32 a4 fa 2f e9 20 22 69 f5 11 b5 cf 57 28 24 da 6f b7 dd 76 c1 fd d4 08 07 d3 e6 a2 ab f3 f5 08 c9 1e 76 d8 61 ce f1 ab a6 6a 94 36 22 54 7e b2 0a 83 10 62 2e 6a a5 21 84 e8 76 68 6c fa c8 23 8f 04 e5 72 d1 d2 63 cf 3d f7 74 3f ab c9 51 23 0c e7 f3 c8 58 c7 33 6a 97 7e b8 ec b2 cb 5c 48 8f ce f9 71 43 a5 eb 56 5b 6d e5 d6 ff bc fb ee bb 83 5e 8b ab b7 df 7e fb b9 26 b5 5d 09 e3 70 ca 29 a7 d8 26 9b 6c 62 4f 3f fd 74 70 5b 13 c2 d9 c7 1e 7b ac 0d 1c 38 d0 56 5a 69 25 13 a2 d9 91 38 13 42 74 2b 88 22 96 f7 a1 4a 33 04 dc a5 43 0f 3d d4 e5 3b 75 86 9b 6f be d9 3e fa e8 23 d7
                                                                                                                                                                                                                        Data Ascii: M7kY!4a_|q<qoB q&vm2/ "iW($ovvaj6"T~b.j!vhl#rc=t?Q#X3j~\HqCV[m^~&]p)&lbO?tp[{8VZi%8Bt+"J3C=;uo>#


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        117192.168.2.749846203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC387OUTGET /im.qq.com_new/de9c920b/img/guild-6.1dc4108f.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC586INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:53 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 47110
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:53 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 2e25a7a6b5236d7c062685353662d1f2
                                                                                                                                                                                                                        X-NWS-LOG-UUID: bcf259e8-0814-4204-ba10-fed882311165
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC15798INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 fa 50 4c 54 45 4d 3d 2e 5c 52 5e 34 2c 35 70 72 81 16 42 95 0f 3c 90 fe fe fe f1 ea 39 f2 e8 29 2e 50 9c ab 86 c8 24 4a 9a b0 8f cb e8 f7 ff 39 56 9e 40 5b a8 ef db 27 a5 7f c8 ce 91 72 55 3d 29 9d 78 c7 f2 ea 45 fe e2 5a 34 55 a7 cb 8b 68 b8 9b cd bf 8f 7a 5e 48 2f d3 9b 7e 56 64 e9 da b1 b6 19 48 9d dd ac 8a d9 b8 bf 70 4e f1 fe f1 81 fa f8 ee ca b5 d5 47 35 25 25 15 0d d9 a3 81 6c 53 34 bc 76 59 8b 69 be 4a 61 aa dd b4 98 b1 88 a2 8a 7a 5f b2 97 8d c3 82 5e 8c 87 73 d5 9a 74 51 43 3f d9 c1 cb f1 f1 fa e3 ca c3 7d 7f 91 ba 9f 97 26 4f a5 56 48 64 5e 55 6c 7e 67 ba 75 5a 41 78 65 4c 60 5b 57 95 70 c4 46 3c 35 7a 55 f4 96 6b 51 c0 a7 d2 af a7 84 bf
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTEM=.\R^4,5prB<9).P$J9V@['rU=)xEZ4Uhz^H/~VdHpNG5%%lS4vYiJaz_^stQC?}&OVHd^Ul~guZAxeL`[WpF<5zUkQ
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC16384INData Raw: 70 fb b3 1b 05 60 79 2f 0b ad 5b be 76 5e 23 44 ad e2 23 f5 c6 e9 70 18 9e fb 66 66 0a df 5d 8e 86 cc 09 db 96 69 a1 38 ee 0f 50 bc f4 d2 6b 14 6e bb 48 e5 36 75 aa e3 24 80 41 d3 d3 a0 e6 b1 f7 60 51 f7 c6 f2 12 52 46 06 a8 91 2c 29 78 dc 5c 63 97 ed 3d 9b 8d 12 12 a0 43 b7 8d 44 e3 5a b6 83 cd a0 06 6c a8 99 30 1b 80 02 1b fc 76 ce 59 34 d6 cf e9 ff 15 7d 69 39 f6 dd 7e 8e 92 57 3f 45 f6 ba 76 c7 87 52 b0 db 63 bb 56 5d 5a bd b1 0e 63 ae c8 cf 68 91 13 26 83 0d 4c ad 31 af 1a d4 08 db f7 84 4d bf c0 6d 30 27 da 36 08 73 a3 fa 1c a1 a3 41 5f 9a 2a 81 20 e6 06 be 7d fa 5f b0 05 7d 41 e5 23 e0 8b 54 23 df b9 1c 34 c8 c2 d8 42 72 0c 5b a0 ec a1 b3 bc 03 f3 21 3f 81 c5 fe 59 15 df 80 0b 92 16 a4 24 fc a7 20 23 f1 46 a8 2b d0 cb 48 a7 68 19 c2 19 66 37 83 d3
                                                                                                                                                                                                                        Data Ascii: p`y/[v^#D#pff]i8PknH6u$A`QRF,)x\c=CDZl0vY4}i9~W?EvRcV]Zch&L1Mm0'6sA_* }_}A#T#4Br[!?Y$ #F+Hhf7
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC14928INData Raw: 68 21 b6 5d df 44 e5 8d 64 90 7e 1e 27 94 9a 21 87 66 23 64 92 57 de 7a eb 8b c2 8d e4 7f 21 36 39 89 59 86 6b ab 63 66 c9 9b ee 2a cf 46 c9 3a cd 7f 83 74 90 54 1a bf 69 1b 6d 09 35 9c 70 73 a4 6e 93 f6 f5 bc e8 57 46 92 93 80 ad d1 e3 ed 1a 68 73 0b b3 fc 0c e2 3f 0a 29 33 55 51 25 9d 3f 1d 05 82 8d ba 4d a0 39 5d 5b c0 e1 66 c9 10 33 02 9c 81 ca c0 dc 0d 63 b6 76 a8 d5 d7 cb 59 2f b5 1e 56 a5 78 ca 71 db 25 43 0d 71 bb d3 c8 d6 e7 45 6d b3 8f 69 f4 00 0d cd 3d 78 fa e3 ef 7c 07 b3 1f 7f 31 48 82 0d 68 2f cb cf 23 85 fc b0 d3 3e 2d 85 a6 d4 18 57 73 35 ef d9 c3 f4 ba 9f 8d e7 e7 4a 6f 64 e7 74 73 7e 3b fb 51 2c e4 f6 fc f9 f3 23 d3 59 de a0 f4 35 64 75 05 15 db aa 55 df fa 16 9b 6a 10 23 91 57 dd 86 b8 09 b9 13 2d df fb de eb b0 04 1a 5e a3 d1 f6 65 c7
                                                                                                                                                                                                                        Data Ascii: h!]Dd~'!f#dWz!69Ykcf*F:tTim5psnWFhs?)3UQ%?M9][f3cvY/Vxq%CqEmi=x|1Hh/#>-Ws5Jodts~;Q,#Y5duUj#W-^e


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        118192.168.2.749853119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:53 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-2.3e3799e7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:54 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 18401
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:54 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b485dcee-3581-43d8-b8e9-f5174f4e42d4
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fa 50 4c 54 45 00 00 00 fd fe ff fe f9 f1 ff ff ff ff ff fe f7 c7 62 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 25 18 0c e5 a4 4c ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f3 b1 4f ff ff ff ff ff ff ff ff ff ee a0 44 f9 c6 5d e9 aa 50 e8 97 41 f2 b1 50 ff ff ff ff ff ff f0 ae 4f de c6 b6 f2 b0 4d db 8b 3d b9 74 32 95 6a 46 ff ff ff d9 c3 d3 cd c7 b9 f2 ec e0 ca bd b2 d3 d3 d3 ff ff ff ff b1 ee ff ab ed ff b5 ef ff d9 51 ff da 57 ff dd 64 ff a0 ea ff db 5d ff a2 eb ff d8 4b ff df 6f ff de 6a 25 dd 5d ff b8 f0 ff a7 ec ff e0 75 4a 79 f0 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDR #]^PLTEb%LOD]PAPOM=t2jFQWd]Koj%]uJy
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC2487INData Raw: 0c c2 c1 bd 4d 2d 5a 83 f1 8f 14 d8 05 1c 9e cc 5f c2 49 7e 05 36 52 46 90 40 02 a5 24 cb b2 11 48 39 8d 32 48 d9 00 4e a4 9a 08 1d 52 f1 c7 f3 d8 e8 37 21 04 0d 86 79 f2 fb fc ed 0d 93 3d e4 f3 f7 84 0e 35 30 09 3a 0b 12 43 a3 c8 d0 18 dc df b6 25 f9 60 30 1c 20 a5 18 d9 31 4d c7 27 54 4b 6c 44 46 f4 52 be 10 50 2a 50 81 e6 4a 66 16 51 80 3f 29 7b 87 fd 27 ec d2 17 48 08 f9 e4 c9 48 f3 47 4b 43 ba 55 f9 37 f6 1c de be ee df b4 7d fb 21 98 48 66 81 31 9c dc b6 6d 34 4f 07 00 04 c5 4d 3e 92 c7 97 cf a5 b0 50 cb d6 1a 20 d5 6b a8 de 29 da 3d 47 aa 2e 31 28 c6 c8 98 b3 01 36 15 9a 7f e7 37 f9 37 0e 91 cf bf 11 3a 02 13 89 51 d5 47 4e 3d b7 6d cb 07 90 a4 13 13 8f 1c 14 69 38 34 fc 4e 69 d3 9e fc 9e 0e eb 2a 28 56 ea 57 78 e8 a1 81 28 9d c3 44 cc bf 57 ce df
                                                                                                                                                                                                                        Data Ascii: M-Z_I~6RF@$H92HNR7!y=50:C%`0 1M'TKlDFRP*PJfQ?){'HHGKCU7}!Hf1m4OM>P k)=G.1(677:QGN=mi84Ni*(VWx(DW


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        119192.168.2.749854203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC387OUTGET /im.qq.com_new/de9c920b/img/guild-7.12c86460.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:54 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 59873
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:53 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: d2af1ab8-9948-4f48-8c0f-0ec27b71da83
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 f7 50 4c 54 45 0d 15 2d 29 06 1d c8 cc df 1c 2a 48 8c 04 41 30 52 75 12 04 0d 8d b4 cb 2f 52 74 d5 da ea fb fb fb e9 f0 f5 be f3 fd 74 89 9b fc fd fe 0a 05 0e 14 0f 0c 0e 0b 08 1f 30 4f 33 0b 28 22 06 1c 2d 41 66 2b 3c 5d 27 36 53 1b 2a 4a 32 4d 75 17 25 44 20 28 3e 07 0b 18 36 49 6b 1c 22 37 2c 06 1d 16 02 10 0e 15 32 f4 f6 fa 11 1b 39 3a 53 7b 13 1f 3f 0a 0f 22 5b 54 5a 25 2e 45 30 53 81 52 4a 4d 22 33 5c 2b 43 71 16 1c 31 5e 5c 70 4a 44 47 3a 5a 89 63 5e 68 65 63 6f 53 4f 57 12 17 29 69 68 77 4b 63 8c 60 5a 60 0a 10 2b 5b 59 67 40 13 34 ef ed f2 1d 14 11 66 61 76 d0 c8 d5 cc c2 d0 38 43 5d 3c 61 97 ac a1 a8 20 3e 5f 33 3c 53 d8 c9 d9 c9 bd c9 6c
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTE-)*HA0Ru/Rtt0O3("-Af+<]'6S*J2Mu%D (>6Ik"7,29:S{?"[TZ%.E0SRJM"3\+Cq1^\pJDG:Zc^hecoSOW)ihwKc`Z`+[Yg@4fav8C]<a >_3<Sl
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC16384INData Raw: d2 a5 95 95 6c 89 1c 2f a6 6a e9 27 d1 06 c0 c5 df 7f ff bd b5 6d 77 62 02 6a 23 e4 fe 82 4c b8 55 30 26 a8 19 97 58 ad a2 a6 a5 4a b1 e1 b7 2a ce 9d 58 10 68 5c f1 9d e3 8a cc 14 29 83 8d 0d a9 e1 8a 76 fb 55 b0 fd f4 c3 0f d0 c2 4f c2 6d 7f 7f 1f cb dd ab dc 90 c1 c6 13 b0 d1 03 76 e7 f3 3b 9f 5f fd 01 6a 8a 8d 8d 01 d2 4a 93 1d 55 2f 04 b9 6c d0 d1 aa 51 3a 06 64 06 86 a8 84 ad ca ba ed 5f d8 aa ca 5a 5a 5a 78 c6 0e 39 b0 8d 06 2d 37 c0 41 0e 66 4f 2b 37 44 4f 32 d8 74 ae ff 9c 53 9c 86 78 c1 5f 9c 61 68 26 4a 5b 4e fe 48 bc 46 4f c5 58 28 32 ee 1c e7 16 71 27 95 d5 80 3b 72 ac 7e b3 a3 68 36 d7 a9 c5 0d 07 8a ad 41 4d fa 09 c0 f6 7d 9e 40 49 fd 66 d5 e1 64 78 86 be 11 47 89 1b f9 24 95 1b a8 84 dc 4c 91 de 82 9f e1 53 87 43 5a db 53 63 3a 67 92 49 14
                                                                                                                                                                                                                        Data Ascii: l/j'mwbj#LU0&XJ*Xh\)vUOmv;_jJU/lQ:d_ZZZx9-7AfO+7DO2tSx_ah&J[NHFOX(2q';r~h6AM}@IfdxG$LSCZSc:gI
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC16384INData Raw: b5 72 cc 03 07 39 2a 81 29 ad 5e 74 ed 82 6d 6e 28 f3 ba bc bc cb bb cc b4 79 1f f8 4a f1 97 98 9b 92 11 68 7c 49 4f 3f e0 c6 5d 64 c9 fa 27 74 1a 36 de 15 06 06 36 71 b3 ff 00 6e 5a d4 13 0e b3 a2 df 1f 8a f7 50 37 88 b6 62 4f e1 b6 dc 08 bb ad b9 85 85 ad c5 ed 75 da 0a 4a 80 d9 db d6 09 b5 ad b1 31 76 ab eb b7 46 3b 26 4d 98 93 bf f5 1d b5 ed 23 f9 19 21 1c 6c db 04 eb 24 a1 48 30 f0 85 6f bf ed dd 5a bf 00 bb 37 30 d2 e5 1f 1d eb 08 75 c6 fa 39 dd 08 75 86 39 ef b9 6c 76 e8 48 c3 43 d0 f2 01 75 5a ab 1d d5 68 a9 f5 d2 63 5d 54 b7 03 f5 60 3f 84 d7 0f 61 84 3f 42 c2 4c 3e 8e ac 1a 64 b6 c5 7c f3 8c d7 84 57 30 73 db 91 89 81 30 c9 e0 8a c8 f1 55 cc a7 68 99 b7 01 37 a0 21 f1 94 8d 1d 2f cf ee 7b e3 1b b4 68 f2 95 af 7a 25 dc fe f0 fb 3f e0 26 99 05 e0
                                                                                                                                                                                                                        Data Ascii: r9*)^tmn(yJh|IO?]d't66qnZP7bOuJ1vF;&M#!l$H0oZ70u9u9lvHCuZhc]T`?a?BL>d|W0s0Uh7!/{hz%?&
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC11254INData Raw: 03 43 cd 14 04 9f 96 a8 e9 60 4c e2 0b 58 45 0c a4 47 b0 05 3d 46 2b 49 ec 0e 9c 14 6f b1 29 42 9d cf e4 98 0e 70 f2 d1 eb 16 6c 88 15 55 03 5b 81 34 32 b1 90 63 30 33 1a 4a 5e 50 9e 88 ca 1d 21 55 1d 78 f5 b1 11 4f 2a 8d 58 c1 b6 7b 49 d7 b7 a5 e5 45 69 5d cc b9 ca 42 eb bf 5e 25 4d 4f 47 c4 5a 6e 3e 35 71 60 04 c3 c9 2c c6 6c c4 04 34 31 6b 3b e6 10 dd da c1 e6 12 90 c6 37 80 23 fe 70 82 3d ec 27 c9 07 e6 36 58 d8 04 9a e8 9b 66 0d b8 bd 1c 32 b6 18 2b 1b b1 14 b9 58 d5 f5 aa 5c b5 4d b8 55 25 5e 21 79 51 26 1c bd 02 b7 71 6c c3 ef 77 c5 88 d5 1c 48 58 4c f6 c4 62 8e a3 01 8d 24 29 70 d9 13 9e 76 f6 6d 44 98 1e bc ab eb b2 60 3b 7e 1c 9d fb f3 d8 38 a5 a1 a3 a3 a1 d0 68 d6 25 d0 0a c5 de de 7e ab db 61 9a c8 e7 09 67 38 64 ac bf 57 93 fe ac b1 b4 b9 11
                                                                                                                                                                                                                        Data Ascii: C`LXEG=F+Io)BplU[42c03J^P!UxO*X{IEi]B^%MOGZn>5q`,l41k;7#p='6Xf2+X\MU%^!yQ&qlwHXLb$)pvmD`;~8h%~ag8dW


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        120192.168.2.749855119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-3.2b846208.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10792
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:54 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: a37ff8c1-04f2-41ff-8a32-429dbe3ff966
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC10792INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fd 50 4c 54 45 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDR #]^PLTE


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        121192.168.2.749856203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC387OUTGET /im.qq.com_new/de9c920b/img/guild-8.2357f6e0.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 78041
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:54 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 75afaf76-f40b-414b-b7b0-80de014bb262
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 02 fd 50 4c 54 45 52 60 6c df e9 f1 c6 cd d7 d2 e1 e9 89 94 a1 e5 ee f5 d8 e3 eb 62 75 83 ce de e6 db e7 ed d2 de e5 90 a5 b4 be c7 ce ea ee f5 b4 c5 cf f7 f8 fa f7 fd ff e3 ee f4 e1 eb f2 e3 ec f2 dd e7 ed e7 ef f5 cf de e6 de e9 f1 2a 33 37 d6 e3 eb 30 3f 46 da e4 eb d9 e5 ee e1 e9 ef 2e 3b 42 d6 e0 e7 d1 e0 e8 d3 e1 ea db e7 f0 d9 e2 e8 d3 de e5 2b 37 3d 3f 4e 58 35 41 45 cc db e3 36 45 4c 32 42 4a 5c 73 82 3d 4b 54 e9 f2 f8 33 3e 42 42 56 63 42 52 5c 47 55 5e 31 3a 3d cb d8 e0 3a 48 51 dd e4 ea 64 75 81 3c 52 5f 77 82 8d ce d4 da cf da e1 d3 dc e2 56 6f 7f 82 8c 95 2f 35 38 ee f4 f9 c8 d3 dc ce c1 bc 5e 76 88 53 73 88 4b 59 62 54 60 69 3b 45 46 a0
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTER`lbu*370?F.;B+7=?NX5AE6EL2BJ\s=KT3>BBVcBR\GU^1:=:HQdu<R_wVo/58^vSsKYbT`i;EF
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC16384INData Raw: 83 a8 41 76 05 14 bf 98 17 2c db ab 01 b0 42 f4 53 b7 c5 9d 1c 09 90 de d1 a5 a5 6b 75 23 73 73 23 cb cb cb 23 cb 23 4d 03 3f b4 36 b6 d6 0d 9f 1d 3e db 5c d7 dc f2 72 df d2 ce f4 d4 d4 d4 52 df 53 75 e7 2e be 3b 75 a1 af ae ee ec fb af 5e a9 3e d7 13 f5 6f 7e 13 0f 3a 22 9b 9d b1 24 82 8f d0 27 fe 24 c9 80 03 d7 c1 cf 68 63 58 f5 f0 70 1f d4 8e e8 d6 8d cd 67 36 6e fc fc ef bf ff 0e b2 28 a2 3a 36 a0 9b 5c d3 83 a9 05 db 20 1b ab a1 ac 29 7b 66 bd 91 de 48 6c 56 e5 c3 d3 62 06 e9 a9 11 f2 b1 c4 64 22 29 d7 f1 da f0 4d 94 c1 9c 95 a5 45 1d cf 2b 73 9c 78 f7 a7 89 8c 94 00 92 9e 60 17 9c d0 ae 60 e2 03 f8 25 89 4d 9b 4e e0 16 9b b2 ca 2a 85 b4 28 e3 93 07 7c 63 00 47 af 00 1b 5f 6b 32 39 64 54 8d 8d 07 45 73 23 c9 8c 46 40 17 e8 4b e0 6c 19 8a f6 94 0e d2
                                                                                                                                                                                                                        Data Ascii: Av,BSku#ss###M?6>\rRSu.;u^>o~:"$'$hcXpg6n(:6\ ){fHlVbd")ME+sx``%MN*(|cG_k29dTEs#F@Kl
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC16384INData Raw: 4c 0b 68 c2 96 69 9b 1e 3f ce c5 ec 0f 7f 7d ef 10 97 37 f2 79 51 73 14 e0 1a 63 1a bb 1e 2c 2d 75 75 ce b6 e9 65 b2 e2 1d bb f5 8d 31 f5 31 bd 31 50 43 ab 00 56 a3 b1 a1 e4 c2 85 0b 25 bd bd 42 32 44 13 8e 68 10 11 97 8f 45 20 85 d5 1b 22 c2 4c 96 e8 ac 28 47 0f a8 d9 13 7f 92 e3 8c 2c b2 4a 3b b7 1b 41 43 3d 43 fc e7 19 64 19 2a 85 5b 2a 80 85 e8 ee c8 e0 19 99 16 ef 90 53 a0 e2 11 41 04 c0 33 f3 4a 26 fe 06 4f df fd 70 bf d0 13 7f 0d 3f 74 ba a7 6f 96 ad 79 e3 d8 b6 23 7f 42 f2 53 f6 2a 4c 18 e2 a0 18 52 b9 1f fb 6c 3f cb 8d 11 93 8b d9 fd b2 b2 b7 8e ad 29 7b 91 78 c9 08 08 cf b6 eb 86 87 7f 0d bc b7 7e f3 b3 37 3e 1d 1e 43 f1 dd 57 d3 de 6d a3 f3 ac 4a 03 5b 61 a4 8f f8 97 3a 71 fa da c8 00 65 8d 78 81 cd 5d 91 56 24 51 23 44 aa 42 09 7f a1 c1 70 c3
                                                                                                                                                                                                                        Data Ascii: Lhi?}7yQsc,-uue111PCV%B2DhE "L(G,J;AC=Cd*[*SA3J&Op?toy#BS*LRl?){x~7>CWmJ[a:qex]V$Q#DBp
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC16384INData Raw: e2 a2 02 32 f1 74 f6 b8 b7 68 b1 91 fc da d5 2a 70 6b a0 d6 44 a7 80 24 1b e9 cf 65 23 c4 1a b6 32 92 7a 36 2e b6 84 e9 66 ab 29 ab b5 bf c9 10 bb be 9a 30 7e c3 e3 01 d5 e0 e3 bb 11 8c c0 8b 87 84 1d 8e ed 71 74 4d c8 b6 47 98 b8 e3 76 96 84 1b 58 b0 38 05 66 c0 e5 11 dc 16 88 90 a5 01 9a bf 22 de 4b c0 ff f8 e5 55 0e 37 79 4a c9 52 e4 2f 7a 36 d8 d0 ef 2f 2c 2d 48 c5 96 7f c0 b6 b2 d2 0b a5 12 d1 3f 92 b7 1c cb 48 ba 07 36 ad 77 90 37 b7 8f 46 b0 ad 9f 3c 39 17 6e 53 d6 7b cd 0a d8 94 43 df 7e fb dd a1 0e ad 4c e5 a7 51 c6 9d 5d 43 eb 0c 86 58 83 0a 65 0b d9 2e 0b c1 c9 3b 66 42 b4 19 56 57 7d 8d 4a a3 b5 5a b4 b6 00 b5 7f ac 7f ad 88 16 1b 1b 4b f4 15 b5 5b 0d 25 11 b1 86 88 32 ee 00 e9 6a 2b 38 61 57 61 d7 eb 4d 7d 47 36 df 7c fd f1 2f 4f d9 db 04 cb
                                                                                                                                                                                                                        Data Ascii: 2th*pkD$e#2z6.f)0~qtMGvX8f"KU7yJR/z6/,-H?H6w7F<9nS{C~LQ]CXe.;fBVW}JZK[%2j+8aWaM}G6|/O
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC13078INData Raw: f5 81 79 d4 41 38 18 65 4c 0d 9d da 4f cb d2 8e f9 d6 51 a3 bd ad 7e f0 e9 fb 2c 6d f0 5e e6 78 e2 88 43 6e bf fd d7 cf 7e 3d f9 28 54 77 b7 1d 93 c9 ee dc 99 c9 e4 5b 66 8c 05 73 5f c0 e6 a7 10 e4 c5 4d 1a 6d 68 0d 78 7e bb 4c 5d 89 ed f9 ae d7 1f ce c2 4f 33 a8 35 1c f2 98 98 c5 a4 6e 65 11 43 ab de 63 8f fb ec c5 d1 fe e7 df 9c 4a 17 eb 58 ff 1f b0 53 11 40 68 c7 7a 5c 5a 23 d9 91 9b 6d 41 07 31 31 91 4d 74 0f d0 a3 c3 ba b3 e4 48 5b db 68 ca 6d d0 e0 8c fd de b1 86 d5 e4 ec 60 5b 5d ce 96 9b 6e a5 1d 6c 21 df 95 8f 72 73 46 cd 0c 3c a1 67 0a e0 20 ef f5 14 ee 6a 36 b9 10 f1 8d 9b 06 27 6f c6 35 42 3a fe 29 e9 21 94 14 5b ab 28 25 51 b9 fe 6c 20 72 83 12 f6 68 e8 12 01 35 60 93 ca e8 bf 13 00 a5 cd 14 1a b2 44 2c a8 d3 96 6b 49 8c c7 18 60 ed d4 11 a5
                                                                                                                                                                                                                        Data Ascii: yA8eLOQ~,m^xCn~=(Tw[fs_Mmhx~L]O35neCcJXS@hz\Z#mA11MtH[hm`[]nl!rsF<g j6'o5B:)![(%Ql rh5`D,kI`


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        122192.168.2.749857119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-4.8c005656.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10030
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:55 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 41666840-ad60-4b8e-8046-526212a0fcf7
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC10030INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a2 00 00 00 a2 08 06 00 00 00 c2 f2 16 1b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        123192.168.2.749859119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-5.8836fb89.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 15596
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:55 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ea527f79-e9ef-4af5-8994-d07ef04503c8
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC15596INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 71 00 00 00 6f 08 06 00 00 00 db a2 2f 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRqo/;pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        124192.168.2.749865101.33.21.914437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC537OUTGET /sdk/4.5.16/beacon_web.min.js HTTP/1.1
                                                                                                                                                                                                                        Host: beacon.cdn.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC720INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Tue, 13 Dec 2022 14:47:32 GMT
                                                                                                                                                                                                                        Etag: "78ce85cf25b73a3e634dcbf283f5c4bd"
                                                                                                                                                                                                                        Content-Type: text/javascript
                                                                                                                                                                                                                        Date: Fri, 18 Aug 2023 03:03:04 GMT
                                                                                                                                                                                                                        Server: tencent-cos
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 5574060019002018929
                                                                                                                                                                                                                        x-cos-request-id: NjRkZWRmNjhfODhlM2MwYl80MmQ0XzVmYzY4MTc=
                                                                                                                                                                                                                        Content-Length: 31768
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8476851308090688581
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                        Access-Control-Expose-Headers: *
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC16384INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 22 42 65 61 63 6f 6e 41 63 74 69 6f 6e 22 2c 65 29 3a 28 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 7c 7c 73 65 6c 66 29 2e 42 65 61 63 6f 6e 41 63 74 69 6f 6e 3d 65 28 29 7d 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72
                                                                                                                                                                                                                        Data Ascii: !function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define("BeaconAction",e):(t="undefined"!=typeof globalThis?globalThis:t||self).BeaconAction=e()}(this,(function(){"use strict";var
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC15384INData Raw: 6e 28 74 29 7b 7d 29 29 29 7d 72 65 74 75 72 6e 20 74 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 43 6f 75 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 28 74 68 69 73 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 28 74 68 69 73 2c 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 73 77 69 74 63 68 28 74 2e 6c 61 62 65 6c 29 7b 63 61 73 65 20 30 3a 72 65 74 75 72 6e 20 74 2e 74 72 79 73 2e 70 75 73 68 28 5b 30 2c 32 2c 2c 33 5d 29 2c 5b 34 2c 74 68 69 73 2e 73 74 6f 72 65 2e 67 65 74 43 6f 75 6e 74 28 29 5d 3b 63 61 73 65 20 31 3a 72 65 74 75 72 6e 5b 32 2c 74 2e 73 65 6e 74 28 29 5d 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 20 74 2e 73 65 6e 74 28 29 2c 5b 32 2c 50 72 6f 6d 69 73 65 2e 72
                                                                                                                                                                                                                        Data Ascii: n(t){})))}return t.prototype.getCount=function(){return n(this,void 0,void 0,(function(){return r(this,(function(t){switch(t.label){case 0:return t.trys.push([0,2,,3]),[4,this.store.getCount()];case 1:return[2,t.sent()];case 2:return t.sent(),[2,Promise.r


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        125192.168.2.749861119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-6.1922815c.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 19176
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:55 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: c9efc538-3835-4efb-9423-843d4ee91a7f
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 98 08 06 00 00 00 18 c2 20 21 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDR !pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC3262INData Raw: fe 64 b0 ec fd d4 db 4a 6e 69 aa f0 fe ad 37 06 2f 8c a7 cb f5 07 86 1e 7c 71 88 ec b7 c3 79 a7 2e b3 f3 a6 a6 9e 84 65 8b e7 49 47 7c 00 27 5b 3f 05 e3 ed 1d 09 b4 53 7b 46 60 f9 f2 21 18 1c 68 c1 64 7b 0b 8c 07 85 d1 d7 5a 06 7d bd 28 8c 65 22 33 e1 67 7c b2 d6 35 9c 98 0a cb e7 5e 98 ca d8 7e ea 33 70 b0 3f d7 e5 f8 a4 4e b7 e0 6d d1 59 57 e0 31 b6 b3 5b 1a d7 15 6e e3 93 a1 0d 82 f8 af 4e fb fd c0 f6 41 c3 9e fe d3 6c 86 1f 5d 0d d9 33 07 90 48 ee 31 21 ec 58 19 cc 31 b9 ae 4b 4f 79 d6 eb 82 c0 7f 09 54 0b 45 0f 9d 7a 6a ac f5 cc 5e 00 dd 97 fd 27 32 59 30 97 55 d0 69 ed c5 01 a4 bb ee c8 17 cc 37 8a ea 4d 5b fd 8d 6d 36 80 f5 2c 7e 21 b4 9f bc 09 5a 2b 7f 19 aa 1f 79 7d 00 d5 ce b0 75 49 e8 a4 c1 6c ef 7d 28 54 24 9b 44 0c c7 d7 3f fc 2a 54 11 9c a1
                                                                                                                                                                                                                        Data Ascii: dJni7/|qy.eIG|'[?S{F`!hd{Z}(e"3g|5^~3p?NmYW1[nNAl]3H1!X1KOyTEzj^'2Y0Ui7M[m6,~!Z+y}uIl}(T$D?*T


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        126192.168.2.749862203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:54 UTC388OUTGET /im.qq.com_new/de9c920b/img/guild-11.dabd0e54.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 64092
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:55 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8f028a8a-a886-41dc-bfe2-489709595c44
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 b6 00 00 00 f7 08 03 00 00 00 46 a4 81 3f 00 00 03 00 50 4c 54 45 2e 3b 29 34 2f 15 39 1a 07 54 53 3a 57 5d 41 6c 74 60 57 61 47 23 1f 07 59 56 3e e3 e3 ce 86 8e 7e 3a 48 3e 32 50 4a 42 50 36 3d 44 2a cf d3 be 32 34 1c 21 1a 05 22 1d 06 1e 1c 05 23 18 04 1f 18 05 20 1f 06 22 22 08 91 9e f5 8d 9f f5 8d 9b f4 92 a2 f6 26 20 07 25 26 0a 98 a4 f7 25 23 0e 95 a1 f6 21 2c 17 8d a2 f6 23 1f 0b 8a 9c f4 8a 98 f2 9a a8 f7 25 30 1c 9f ac f7 88 97 f6 25 25 15 28 2b 18 8f a6 f7 28 2a 10 21 28 10 1e 1c 0c 2b 24 0d 1f 2a 1d 9c ac f7 9f af f7 2c 3a 26 66 38 95 2b 33 21 1e 27 16 20 22 0f 2e 28 12 4e 58 44 4f 58 3b 24 3e 2e 68 73 5f 28 36 2a 59 6e 56 83 91 f4 2b 3c 32 63 6d 58 2f 38 2c 53 5d 3d 2e 2f 14 84 95 f2 94
                                                                                                                                                                                                                        Data Ascii: PNGIHDRF?PLTE.;)4/9TS:W]Alt`WaG#YV>~:H>2PJBP6=D*24!"# ""& %&%#!,#%0%%(+(*!(+$*,:&f8+3!' ".(NXDOX;$>.hs_(6*YnV+<2cmX/8,S]=./
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC16384INData Raw: e3 06 b6 a3 3d 52 42 38 eb 95 69 d2 b5 0c d7 89 4c 11 e8 dc 42 ee 5e 67 85 57 9b 9a 15 95 7b 33 d7 28 8b 88 fd fa bd 3b c8 d2 be 93 89 8f dd 02 9b f3 eb 0c de 4d 31 e0 11 bc 72 cd a5 b5 5c be 08 ef a6 a4 32 e3 90 01 57 66 9e 17 fb 72 96 1e fe 33 9b 9d ee 37 2b bf 2f f1 a4 71 d9 ba a4 b4 ad 75 92 d8 39 61 23 6b 53 16 a9 68 f8 ec 84 2f 44 f8 03 fe c2 c5 b8 a9 dc 77 b3 4d 16 bc 82 07 d3 19 d8 39 b0 c5 17 9b 92 4e 45 a0 6a 4f f2 46 36 9c db c5 b8 89 ee 9b d8 01 5d 52 d0 78 7d c2 7c 9b a9 83 73 42 6e 25 b9 93 13 6e f8 36 61 fb 1b bf 86 c2 99 6f e3 f7 da fc c0 ed cd a7 58 27 09 36 fe 6c 56 39 89 91 7c 9c 2d 37 20 d3 29 8a 5a 98 2c 42 a0 d2 ea e4 71 f3 0e 7d e0 0e 9e 8d d3 38 14 7a 0b 36 88 f8 98 ca a0 6d ad a3 3d 73 19 c9 4a e7 b9 21 46 26 4d 0e 93 1e 4b ed 0f
                                                                                                                                                                                                                        Data Ascii: =RB8iLB^gW{3(;M1r\2Wfr37+/qu9a#kSh/DwM9NEjOF6]Rx}|sBn%n6aoX'6lV9|-7 )Z,Bq}8z6m=sJ!F&MK
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC16384INData Raw: 19 84 bd 1b 72 4a f8 a5 0d e8 21 da 29 33 d9 03 b6 fb 1e 20 9a 4e 52 e9 ce 2c e3 d2 30 d8 02 5e 82 fb ce 4e 00 74 16 25 b7 e7 5f cb ff 83 db 75 97 0e e0 f0 b5 46 6d f7 88 ae ba 1c c1 af 88 e4 aa 5a a9 1f 55 84 58 e5 36 6a 53 de fa f8 c9 e9 bc 5e 07 30 0c 49 bb db 6a ff f2 cb 7c 5e 6d 77 ab f5 6a c4 db d2 0f 1b 8f 49 49 4a 4a 1b 00 c2 df 60 f6 86 39 81 9c 5c 20 79 2d 4c 12 06 76 15 af c9 08 ca 12 58 44 6f 7c b2 a8 d1 9a 03 86 b6 08 47 b1 d4 1a 71 36 48 e5 9c 7c 3e 4b 03 28 26 79 9a 35 f0 b3 9a 23 c8 d0 ed f1 cc 78 dd 23 96 8e c5 bd 92 1b cf 65 32 29 a0 cc 40 29 2f 91 cb 64 f3 b8 c8 6c d6 63 77 7b 39 ff e3 e9 c7 99 0f bf 7f 19 3a 32 bb e6 bf 54 28 34 4a e9 ed ed d7 32 b5 6d a6 c0 8a 7c 27 49 c7 55 35 05 6f 40 f3 5c 9c d1 38 6e 7c f4 d5 88 af 18 a8 1f 67 19
                                                                                                                                                                                                                        Data Ascii: rJ!)3 NR,0^Nt%_uFmZUX6jS^0Ij|^mwjIIJJ`9\ y-LvXDo|Gq6H|>K(&y5#x#e2)@)/dlcw{9:2T(4J2m|'IU5o@\8n|g
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC15473INData Raw: 1e b7 62 bb ce 18 e4 55 e6 8c d0 62 8a 14 52 44 79 bd b1 f6 e0 f7 47 1f de fb e7 e9 5f 7e f9 fd 51 63 ef e0 ed 8f 3f 7e fb ed b7 cf 9f ff f4 d3 8f cf 4e 9c 3f 7f 11 c2 e0 9b d3 a7 df 7c f3 dd 77 df 1a 7d eb 3b aa 47 b8 4b d3 c0 d0 10 a2 c7 c4 c0 d7 fa e4 b0 64 87 b9 86 b1 3e 14 45 29 c4 42 ad 66 59 da 69 57 52 25 cd 10 de 44 3b 03 66 81 39 5b a4 23 26 c5 f3 ee 0c 40 52 41 e2 f4 0a db 43 69 be 92 db 3e 66 82 4d b4 13 e2 ec 24 90 4c a1 29 9c 34 c3 f9 7f de dc f7 45 95 3f cf 13 93 a2 76 10 89 2d 9c dd 76 ac e7 bc aa 1d 4d b3 a8 ca e8 b2 94 de 95 9b 63 f6 d4 42 05 2c 9c e3 f7 52 77 53 ee 2b 87 92 e5 0f 4c b8 88 14 e7 b1 fc ec c4 7b ed a0 ab 82 fe 7a 3d 28 83 59 03 95 f8 5f 7b 67 f7 da c8 57 c6 71 af 04 2f 14 77 57 77 6f 5c 4a d8 8b 81 84 64 1b 18 a6 69 1d a7
                                                                                                                                                                                                                        Data Ascii: bUbRDyG_~Qc?~N?|w};GKd>E)BfYiWR%D;f9[#&@RACi>fM$L)4E?v-vMcB,RwS+L{z=(Y_{gWq/wWwo\Jdi


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        127192.168.2.749863119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-7.c9b84e44.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10613
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:55 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: a52a9490-d166-497b-83db-23bb42403067
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC10613INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 91 00 00 00 91 08 06 00 00 00 c3 d8 5a 23 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRZ#pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        128192.168.2.749864203.205.137.2364437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC718OUTGET /cache/wuji/object?appid=tenvideo_offline_log&schemaid=whileList&schemakey=d5dccc35902346b2bdcbcef774fefe99&include=encryptValue%2Ctype%2CerrorCode%2Crate&filter=projectId%3D%2270201%22&otype=jsonp&callback=offline_log1 HTTP/1.1
                                                                                                                                                                                                                        Host: v.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: script
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC647INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                        Content-Length: 49
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: NWS_UGC_HY
                                                                                                                                                                                                                        Cache-Control: max-age=60
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 07:52:54 GMT
                                                                                                                                                                                                                        Last-Modified: Fri, 16 Feb 2024 07:51:00 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: bcf2301e-6cf5-48d2-b075-500be8add38e
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Client-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Server-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Upstream-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: Date
                                                                                                                                                                                                                        X-Client-Ip: 127.0.0.1
                                                                                                                                                                                                                        X-Server-Ip: 203.205.137.236
                                                                                                                                                                                                                        X-UA-Compatible: IE=Edge
                                                                                                                                                                                                                        Vary: Origin, Accept-Encoding
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC49INData Raw: 6f 66 66 6c 69 6e 65 5f 6c 6f 67 31 28 7b 22 64 61 74 61 22 3a 5b 5d 2c 22 63 6f 64 65 22 3a 32 30 30 2c 22 76 65 72 73 69 6f 6e 22 3a 2d 31 7d 29
                                                                                                                                                                                                                        Data Ascii: offline_log1({"data":[],"code":200,"version":-1})


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        129192.168.2.749781116.148.161.1584437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC602OUTGET /tencentvideo/txp/style/img/loading.png HTTP/1.1
                                                                                                                                                                                                                        Host: vm.gtimg.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        130192.168.2.749867203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC393OUTGET /im.qq.com_new/de9c920b/img/guild-logo-11.b87d994b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC664INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8572
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:54 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: ff335922f8ce4d2b7fcc86b38a3514e4
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 09413405-a3dd-4de0-98cc-14c88d0048c8
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC8572INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 79 00 00 00 79 08 03 00 00 00 2a 24 7e 7b 00 00 02 f1 50 4c 54 45 00 00 00 ab b4 b5 61 6c 6f 77 81 86 96 a3 a5 88 93 97 60 6f 70 48 53 59 47 51 56 40 49 4f 4b 55 57 48 52 56 16 17 1b 4d 58 5d 44 4f 54 46 4f 55 92 9d a1 86 92 93 9b a5 a7 9e aa ab 47 51 56 85 91 91 90 9b 9e 93 9e a0 9e ab ab 93 9e a1 90 9b 9f 95 a2 a5 a2 b0 af 71 7a 78 48 52 58 87 95 96 99 a4 a6 85 91 90 79 84 80 93 9f a0 a2 b0 af 81 8f 8b 15 14 19 13 12 17 0d 0c 11 17 16 1c 19 18 1d a2 b0 af aa b6 b6 5a 65 67 4c 57 5d 53 5d 5f 9c a8 a8 aa b4 b6 11 0f 15 58 63 65 03 04 08 9f ac ac ab b7 b8 54 5f 62 46 51 53 02 01 05 0f 0e 13 5d 68 6a 4f 5a 5d 9a a4 a6 95 a1 a2 56 61 63 50 5b 60 92 9d 9f 69 74 76 49 54 56 98 a3 a4 a6 b4 b3 1b 1a 1f 91
                                                                                                                                                                                                                        Data Ascii: PNGIHDRyy*$~{PLTEalow`opHSYGQV@IOKUWHRVMX]DOTFOUGQVqzxHRXyZegLW]S]_XceT_bFQS]hjOZ]VacP[`itvITV


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        131192.168.2.749866119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-8.492bed09.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC469INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 9918
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:55 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 25d42cc5-df9d-4bf7-bc4d-691e61519dc6
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC9918INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c9 00 00 00 c8 08 06 00 00 00 42 9a c5 a0 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRBpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        132192.168.2.749858203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-1.b1b04c2f.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 20188
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:54 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 6c942d7a-6670-4dae-a1df-2878f4f03e5e
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fd 50 4c 54 45 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fa dc 08 6e d1 40 ff ff ff fd fe fd fb fd fc ef f5 f3 f3 f8 f5 f1 f7 f5 72 d3 3e f4 f8 f7 f1 f5 f3 f9 fb fa 82 da 40 7f d8 3f ef f4 f1 f5 fa f8 78 d5 3f f7 fa f9 7a d6 3d 76 d4 3d 7b d7 40 ec f5 f1 89 de 43 86 dc 40 92 e4 46 8c e0 43 8f
                                                                                                                                                                                                                        Data Ascii: PNGIHDR #]^PLTEn@r>@?x?z=v={@C@FC
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC4377INData Raw: 48 10 a6 b1 4c 40 37 93 8c 08 e4 1d 7c 21 f4 ce bb f9 da 0f 40 3a df a1 ea 4c 7a d1 05 8d 4a ea 05 9f a3 37 d1 f1 d7 53 17 60 bc b3 38 0c c4 7a 38 9c 5e b5 c7 cc e4 2c 03 1d 4c 46 57 2b 33 a1 2f bd 56 7e f0 c7 b9 65 8e 21 13 52 85 d1 67 4b 82 94 62 1c b0 09 41 23 44 41 f5 e7 8d 0c bf bc 9b 67 fb 05 7a 18 0a 38 94 4b 2b c5 79 fb c0 0d 21 e7 bd b5 ef 2e 5f 64 83 5f 70 85 01 09 de 17 1b 57 b6 ea d1 c1 24 94 b5 30 13 82 89 db 37 0a 0c 7d 8a 25 b5 fa 96 62 ce e2 16 af 32 4c 99 57 af 10 a5 6f 86 20 64 d5 04 30 bf e7 6f 3f b8 c1 0a fc 60 02 c3 c6 5d 7a 15 81 3a 1b fc e2 eb 6f c8 33 39 81 1f cb 12 e5 a7 9c e7 47 46 47 3f 4b 64 b1 24 75 32 ec 97 7e 1f dc 8c 70 84 2b 08 39 f5 67 c2 16 05 11 39 7c 7e f8 09 6c 87 fa f0 a3 dc f5 cf 59 f4 1b a3 da 6d 29 53 17 2e 5c 58
                                                                                                                                                                                                                        Data Ascii: HL@7|!@:LzJ7S`8z8^,LFW+3/V~e!RgKbA#DAgz8K+y!._d_pW$07}%b2LWo d0o?`]z:o39GFG?Kd$u2~p+9g9|~lYm)S.\X


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        133192.168.2.749860203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-2.3e3799e7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC585INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:55 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 18401
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:54 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:32 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 20c21c581643deecc64d0f5a796861fd
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 6c0e7513-4029-43de-82eb-9c33ae752744
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC15799INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fa 50 4c 54 45 00 00 00 fd fe ff fe f9 f1 ff ff ff ff ff fe f7 c7 62 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 25 18 0c e5 a4 4c ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f3 b1 4f ff ff ff ff ff ff ff ff ff ee a0 44 f9 c6 5d e9 aa 50 e8 97 41 f2 b1 50 ff ff ff ff ff ff f0 ae 4f de c6 b6 f2 b0 4d db 8b 3d b9 74 32 95 6a 46 ff ff ff d9 c3 d3 cd c7 b9 f2 ec e0 ca bd b2 d3 d3 d3 ff ff ff ff b1 ee ff ab ed ff b5 ef ff d9 51 ff da 57 ff dd 64 ff a0 ea ff db 5d ff a2 eb ff d8 4b ff df 6f ff de 6a 25 dd 5d ff b8 f0 ff a7 ec ff e0 75 4a 79 f0 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDR #]^PLTEb%LOD]PAPOM=t2jFQWd]Koj%]uJy
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC2602INData Raw: 54 7a 18 4d bb 2a c2 59 e4 34 8f e2 69 52 8c e0 0c 84 33 c6 44 e1 04 21 16 c1 6f f2 bf 2f 25 2c 57 bc 87 76 a3 01 fd 1b 21 0d a1 31 34 8a 9c 2a e2 e1 fd bc 74 28 69 b1 c0 3c 40 ee a4 c6 f1 d2 32 5a cc 13 43 49 41 39 4d 95 0b 4e 28 cb 12 4b 07 01 96 f1 98 83 85 80 08 49 4a 79 08 e5 59 1f f9 f7 bc fc 89 29 cc bf 71 e8 c8 5f d2 21 a1 be 45 84 18 0c c2 c1 bd 4d 2d 5a 83 f1 8f 14 d8 05 1c 9e cc 5f c2 49 7e 05 36 52 46 90 40 02 a5 24 cb b2 11 48 39 8d 32 48 d9 00 4e a4 9a 08 1d 52 f1 c7 f3 d8 e8 37 21 04 0d 86 79 f2 fb fc ed 0d 93 3d e4 f3 f7 84 0e 35 30 09 3a 0b 12 43 a3 c8 d0 18 dc df b6 25 f9 60 30 1c 20 a5 18 d9 31 4d c7 27 54 4b 6c 44 46 f4 52 be 10 50 2a 50 81 e6 4a 66 16 51 80 3f 29 7b 87 fd 27 ec d2 17 48 08 f9 e4 c9 48 f3 47 4b 43 ba 55 f9 37 f6 1c de
                                                                                                                                                                                                                        Data Ascii: TzM*Y4iR3D!o/%,Wv!14*t(i<@2ZCIA9MN(KIJyY)q_!EM-Z_I~6RF@$H92HNR7!y=50:C%`0 1M'TKlDFRP*PJfQ?){'HHGKCU7


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        134192.168.2.74982543.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC892OUTGET /speed/performance?dnsLookup=0&tcp=0&ssl=0&ttfb=356&contentDownload=37&domParse=2235&resourceDownload=1070&firstScreenTiming=4583&id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC134INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        135192.168.2.749874129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069914610&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        136192.168.2.749875203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:55 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-3.2b846208.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10792
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:55 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: d3b88db0-7e3f-464d-b253-ee5a4db85fa9
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC10792INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 20 00 00 01 20 08 03 00 00 00 23 5d 5e b2 00 00 02 fd 50 4c 54 45 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDR #]^PLTE


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        137192.168.2.749876116.148.161.1584437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC602OUTGET /tencentvideo/txp/style/img/loading.png HTTP/1.1
                                                                                                                                                                                                                        Host: vm.gtimg.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC602INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Fri, 10 Jun 2022 03:32:06 GMT
                                                                                                                                                                                                                        Etag: "2433529c29fafdafa32fca89b813c9e4bff69f57"
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Wed, 31 Jan 2024 04:14:18 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Ip: 11.140.21.66
                                                                                                                                                                                                                        x-cos-storage-class: STANDARD_IA
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 13442067596970513494
                                                                                                                                                                                                                        x-cos-object-type: normal
                                                                                                                                                                                                                        Content-Length: 4121
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 3670220960104734425
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Client-Ip,X-Server-Ip,X-Upstream-Ip
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Client-Ip: 191.96.227.222
                                                                                                                                                                                                                        X-Server-IP: 116.148.161.177
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC4121INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 52 00 00 03 84 08 03 00 00 00 05 7d 96 06 00 00 00 5d 50 4c 54 45 00 00 00 99 9c 52 54 bc 69 ff 63 00 37 ab ed 6a c8 00 ff 65 00 37 ab ed 7d da 00 00 66 00 ff 66 00 37 aa ed 7f d9 00 00 65 00 37 ab ed 80 d9 00 ff 65 00 ff 65 00 38 ab ed 7f d8 01 37 aa ed ff 66 00 7e d8 01 7f d9 01 38 ab ed ff 66 00 ff 66 00 7f d9 01 38 ab ed ff 66 00 7f d9 01 8a 06 83 d7 00 00 00 1d 74 52 4e 53 00 0a 17 21 2b 2f 42 4b 4c 58 65 66 67 7f 81 81 81 99 99 9a b3 b3 b4 cd cd cd e7 e7 f0 fe 94 e0 0e 00 00 0f 4e 49 44 41 54 78 da ed 5d 6b 77 e2 38 0c 45 4e 42 28 30 bc 4b e9 63 fa ff 7f e6 26 10 92 f8 21 59 76 c4 94 3d d5 ed 7e da 73 e6 1e 49 be 96 65 61 3b b3 99 42 a1 50 28 14 0a 85 42 a1 50 28 a6 00 00 84 09 8b 06 f0 fb 28
                                                                                                                                                                                                                        Data Ascii: PNGIHDRR}]PLTERTic7je7}ff7e7ee87f~8ff8ftRNS!+/BKLXefgNIDATx]kw8ENB(0Kc&!Yv=~sIea;BP(BP((


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        138192.168.2.749868129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=c2bbdc3683944bb50b2159ec3e5051d6; Expires=Fri, 16-Feb-2024 08:21:56 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        139192.168.2.749872129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=c43dd670e30560e0bc938b91e3755b0f; Expires=Fri, 16-Feb-2024 08:21:56 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        140192.168.2.749871129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=83efa11e81cb097c956498f685944822; Expires=Fri, 16-Feb-2024 08:21:56 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        141192.168.2.749869129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=8d400027b1ee7035c63f041c753919ed; Expires=Fri, 16-Feb-2024 08:21:56 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        142192.168.2.749873129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=749cf267ba203c3414461e8c77a9d42d; Expires=Fri, 16-Feb-2024 08:21:56 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        143192.168.2.749870129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=ddff5fb28f93edf5a5177811ffaa9f1a; Expires=Fri, 16-Feb-2024 08:21:56 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        144192.168.2.749877203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-4.8c005656.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC665INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10030
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:55 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: c7eb701453168e794aa3889fc94b48b0
                                                                                                                                                                                                                        X-NWS-LOG-UUID: d743033f-59eb-4886-ab0b-59e56f846204
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC10030INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 a2 00 00 00 a2 08 06 00 00 00 c2 f2 16 1b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        145192.168.2.749878203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:56 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-5.8836fb89.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:56 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 15596
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:55 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ffb102aa-e5d0-43f1-8a7d-707fade9e6d4
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC15596INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 71 00 00 00 6f 08 06 00 00 00 db a2 2f 3b 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRqo/;pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        146192.168.2.749883129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC535OUTOPTIONS /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Access-Control-Request-Method: POST
                                                                                                                                                                                                                        Access-Control-Request-Headers: content-type
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC648INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:57 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=b7a09d2af866e998371f5cdacfda4de3; Expires=Fri, 16-Feb-2024 08:21:57 GMT; Path=/
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        147192.168.2.749884129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC676OUTPOST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 594
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC594OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 5f 31 37 30 38 30 37 37 30 30 30 35 35 33 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0WEB0QEJW44KW5A5","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB0QEJW44KW5A5_1708077000553","A1
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:57 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=b2fdb5fd6c7302e090747e0c94600844; Expires=Fri, 16-Feb-2024 08:21:57 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 31 37 34 37 32 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069917472", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        148192.168.2.749881203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-6.1922815c.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:57 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 19176
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:57 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 369f4803-23b2-4eec-8f2a-05a6ffc93305
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 98 00 00 00 98 08 06 00 00 00 18 c2 20 21 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDR !pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC3365INData Raw: 84 e7 3b e5 2e b2 7b 03 d6 3b ef 86 ea 47 5f 0a 70 e1 85 00 77 dc 01 76 b3 9a b6 6e 65 90 29 ab f5 c6 ef 5e 66 ba c8 66 e1 d3 5a 30 0c 93 f5 3c ec 05 19 56 21 9f 89 ba cf e2 59 4e ee 27 d8 13 74 cf 22 36 93 11 1c bd 0b 87 13 6b b5 ce 7c 83 5d b6 bd 7f 47 44 55 02 5b 4a c1 f3 83 6d 37 84 46 db 9f 8e d5 d4 3f fe 64 b0 ec fd d4 db 4a 6e 69 aa f0 fe ad 37 06 2f 8c a7 cb f5 07 86 1e 7c 71 88 ec b7 c3 79 a7 2e b3 f3 a6 a6 9e 84 65 8b e7 49 47 7c 00 27 5b 3f 05 e3 ed 1d 09 b4 53 7b 46 60 f9 f2 21 18 1c 68 c1 64 7b 0b 8c 07 85 d1 d7 5a 06 7d bd 28 8c 65 22 33 e1 67 7c b2 d6 35 9c 98 0a cb e7 5e 98 ca d8 7e ea 33 70 b0 3f d7 e5 f8 a4 4e b7 e0 6d d1 59 57 e0 31 b6 b3 5b 1a d7 15 6e e3 93 a1 0d 82 f8 af 4e fb fd c0 f6 41 c3 9e fe d3 6c 86 1f 5d 0d d9 33 07 90 48 ee
                                                                                                                                                                                                                        Data Ascii: ;.{;G_pwvne)^ffZ0<V!YN't"6k|]GDU[Jm7F?dJni7/|qy.eIG|'[?S{F`!hd{Z}(e"3g|5^~3p?NmYW1[nNAl]3H


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        149192.168.2.749882129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC676OUTPOST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC580OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 5f 31 37 30 38 30 37 37 30 30 30 35 35 33 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0WEB0QEJW44KW5A5","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB0QEJW44KW5A5_1708077000553","A1
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:57 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=8e7adca91cce03a789aff4f05cbd078c; Expires=Fri, 16-Feb-2024 08:21:57 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 31 37 34 35 34 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069917454", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        150192.168.2.749880203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-7.c9b84e44.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:57 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10613
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:57 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 368c8ded-85cf-4af6-9447-c534ddf0b429
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC10613INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 91 00 00 00 91 08 06 00 00 00 c3 d8 5a 23 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRZ#pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        151192.168.2.749887129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC677OUTPOST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 1509
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC1509OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 5f 31 37 30 38 30 37 37 30 30 30 35 35 33 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0WEB0QEJW44KW5A5","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB0QEJW44KW5A5_1708077000553","A1
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:57 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=a92a3d4eee7957b887888bd1559c68f3; Expires=Fri, 16-Feb-2024 08:21:57 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 31 37 34 39 30 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069917490", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        152192.168.2.749885129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC677OUTPOST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 1509
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC1509OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 5f 31 37 30 38 30 37 37 30 30 30 35 35 33 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0WEB0QEJW44KW5A5","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB0QEJW44KW5A5_1708077000553","A1
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:57 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=54e70ea73fd4c96dedd2e9f1563ac82c; Expires=Fri, 16-Feb-2024 08:21:57 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 31 37 34 39 30 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069917490", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        153192.168.2.749886129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC676OUTPOST /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 594
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC594OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 41 4e 44 30 46 38 54 35 4e 34 4e 37 51 54 30 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 41 4e 44 30 46 38 54 35 4e 34 4e 37 51 54 30 5f 31 37 30 38 30 37 37 30 30 30 35 35 35 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0AND0F8T5N4N7QT0","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0AND0F8T5N4N7QT0_1708077000555","A1
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:57 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=4d961e0e5d7bf831e0f0e948facbed0b; Expires=Fri, 16-Feb-2024 08:21:57 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 31 37 34 37 36 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069917476", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        154192.168.2.749879203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-8.492bed09.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC532INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:57 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 9918
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:57 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: e271199b-5b79-4ac1-94b3-bf471a161b94
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC9918INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c9 00 00 00 c8 08 06 00 00 00 42 9a c5 a0 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRBpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        155192.168.2.74988942.177.83.634437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:57 UTC373OUTGET /tencentvideo/txp/style/img/loading.png HTTP/1.1
                                                                                                                                                                                                                        Host: vm.gtimg.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC601INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Fri, 10 Jun 2022 03:32:06 GMT
                                                                                                                                                                                                                        Etag: "2433529c29fafdafa32fca89b813c9e4bff69f57"
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 22 Dec 2023 06:21:29 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Ip: 30.162.25.244
                                                                                                                                                                                                                        x-cos-storage-class: STANDARD_IA
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 13442067596970513494
                                                                                                                                                                                                                        x-cos-object-type: normal
                                                                                                                                                                                                                        Content-Length: 4121
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 17239733652417620012
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Client-Ip,X-Server-Ip,X-Upstream-Ip
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Client-Ip: 191.96.227.222
                                                                                                                                                                                                                        X-Server-IP: 42.177.83.30
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC4121INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 52 00 00 03 84 08 03 00 00 00 05 7d 96 06 00 00 00 5d 50 4c 54 45 00 00 00 99 9c 52 54 bc 69 ff 63 00 37 ab ed 6a c8 00 ff 65 00 37 ab ed 7d da 00 00 66 00 ff 66 00 37 aa ed 7f d9 00 00 65 00 37 ab ed 80 d9 00 ff 65 00 ff 65 00 38 ab ed 7f d8 01 37 aa ed ff 66 00 7e d8 01 7f d9 01 38 ab ed ff 66 00 ff 66 00 7f d9 01 38 ab ed ff 66 00 7f d9 01 8a 06 83 d7 00 00 00 1d 74 52 4e 53 00 0a 17 21 2b 2f 42 4b 4c 58 65 66 67 7f 81 81 81 99 99 9a b3 b3 b4 cd cd cd e7 e7 f0 fe 94 e0 0e 00 00 0f 4e 49 44 41 54 78 da ed 5d 6b 77 e2 38 0c 45 4e 42 28 30 bc 4b e9 63 fa ff 7f e6 26 10 92 f8 21 59 76 c4 94 3d d5 ed 7e da 73 e6 1e 49 be 96 65 61 3b b3 99 42 a1 50 28 14 0a 85 42 a1 50 28 a6 00 00 84 09 8b 06 f0 fb 28
                                                                                                                                                                                                                        Data Ascii: PNGIHDRR}]PLTERTic7je7}ff7e7ee87f~8ff8ftRNS!+/BKLXefgNIDATx]kw8ENB(0Kc&!Yv=~sIea;BP(BP((


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        156192.168.2.749892129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC442OUTGET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:58 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        157192.168.2.749893129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC442OUTGET /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:58 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        158192.168.2.74988843.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC876OUTPOST /speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 1296
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydCpPom7FP8Rnyyk9
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC1296OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 64 43 70 50 6f 6d 37 46 50 38 52 6e 79 79 6b 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 61 79 6c 6f 61 64 22 0d 0a 0d 0a 7b 22 64 75 72 61 74 69 6f 6e 22 3a 7b 22 66 65 74 63 68 22 3a 5b 5d 2c 22 73 74 61 74 69 63 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 65 61 63 6f 6e 2e 63 64 6e 2e 71 71 2e 63 6f 6d 2f 73 64 6b 2f 34 2e 35 2e 31 36 2f 62 65 61 63 6f 6e 5f 77 65 62 2e 6d 69 6e 2e 6a 73 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 22 2c 22 64 75 72 61 74 69 6f 6e 22 3a 31 31 30 34 35 2e 39 2c 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 73 74 61 74 69 63 22 2c 22 69
                                                                                                                                                                                                                        Data Ascii: ------WebKitFormBoundarydCpPom7FP8Rnyyk9Content-Disposition: form-data; name="payload"{"duration":{"fetch":[],"static":[{"url":"https://beacon.cdn.qq.com/sdk/4.5.16/beacon_web.min.js","method":"get","duration":11045.9,"status":200,"type":"static","i
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC134INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:58 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        159192.168.2.74989443.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC875OUTPOST /speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 692
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarykQMd4Ev0RKrxAESr
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC692OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 6b 51 4d 64 34 45 76 30 52 4b 72 78 41 45 53 72 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 61 79 6c 6f 61 64 22 0d 0a 0d 0a 7b 22 64 75 72 61 74 69 6f 6e 22 3a 7b 22 66 65 74 63 68 22 3a 5b 5d 2c 22 73 74 61 74 69 63 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 76 6d 2e 67 74 69 6d 67 2e 63 6e 2f 74 65 6e 63 65 6e 74 76 69 64 65 6f 2f 74 78 70 2f 73 74 79 6c 65 2f 69 6d 67 2f 6c 6f 61 64 69 6e 67 2e 70 6e 67 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 22 2c 22 64 75 72 61 74 69 6f 6e 22 3a 31 32 35 39 39 2e 36 2c 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 73 74 61 74 69 63
                                                                                                                                                                                                                        Data Ascii: ------WebKitFormBoundarykQMd4Ev0RKrxAESrContent-Disposition: form-data; name="payload"{"duration":{"fetch":[],"static":[{"url":"https://vm.gtimg.cn/tencentvideo/txp/style/img/loading.png","method":"get","duration":12599.6,"status":200,"type":"static
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC134INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:58 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        160192.168.2.749890129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC677OUTPOST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 1632
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC1632OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 5f 31 37 30 38 30 37 37 30 30 30 35 35 33 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0WEB0QEJW44KW5A5","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB0QEJW44KW5A5_1708077000553","A1
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:58 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=52106fcd22995ff2046aa52ded550634; Expires=Fri, 16-Feb-2024 08:21:58 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 31 38 39 39 38 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069918998", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        161192.168.2.749891129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC676OUTPOST /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC580OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 41 4e 44 30 46 38 54 35 4e 34 4e 37 51 54 30 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 41 4e 44 30 46 38 54 35 4e 34 4e 37 51 54 30 5f 31 37 30 38 30 37 37 30 30 30 35 35 35 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0AND0F8T5N4N7QT0","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0AND0F8T5N4N7QT0_1708077000555","A1
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:59 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=0d8abcd973991220828a14d6958d8690; Expires=Fri, 16-Feb-2024 08:21:58 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 31 39 30 31 34 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069919014", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        162192.168.2.749895129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:58 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069917611&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:59 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        163192.168.2.749896129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC442OUTGET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:51:59 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        164192.168.2.749897119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-9.32e87ba4.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:00 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 14148
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:59 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 5080db34-9e61-4937-afff-4f7f5a592d23
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC14148INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 92 00 00 00 92 08 06 00 00 00 ae 7b 93 8e 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDR{pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        165192.168.2.749901119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-10.fdbd43f2.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:00 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10650
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:59 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 1cfd3352-5374-4b5e-a3db-5c23d19ddbfc
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC10650INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6d 00 00 00 6d 08 06 00 00 00 ab f8 ef 56 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRmmVpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        166192.168.2.749899119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC665OUTGET /im.qq.com_new/de9c920b/img/role-me.8d49096f.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:00 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 40507
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:59 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b5edabd1-a189-43f3-88e9-38ffe57969da
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 cd c4 bc 52 55 49 2c 2a 9f 5a 5d 6c d6 cb c9 ad ae d8 fe f0 9c 22 44 c4 4e 53 68 39 3a ad e2 d8 dd 8f 99 de 70 78 c9 7d 82 c4 62 69 bb 7e 89 d5 6a 75 d2 34 38 a3 40 45 dd ec e0 e1 42 65 c8 ae c4 f9 4b 4d be ec dd d9 e8 db de 56 65 de e5 d3 7e fe e2 39 b2 ac da ef e2 e1 8c 87 6c 6c 77 dd 3a 3f 52 f6 ed ea 51 49 79 ed e1 e1 ef e3 e0 7a 76 5c 41 49 be 8b 85 6c af ab e2 ce c2 a1 9d a0 e0 a1 99 80 4e 52 49 f8 ea 9a e9 b8 60 fe f4 9e 71 7b ec fc ef 9e c5 ba a1 c3 b9 9f 9d 96 80 ce ba dc fe e4 44 f4 da 42 b7 a2 cc fc df 3d e2 db da e7 e0 dd de d3 d1 e6 dd db dc d1 cf ea e3 e0 e0 d6 d4 e3 d9 d6 ab 9f 80 a8 9c 7b a4 98 77 96 8c 6b ae
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTERUI,*Z]l"DNSh9:px}bi~ju48@EBeKMVe~9llw:?RQIyzv\AIlNRI`q{DB={wk
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: 58 20 e1 f7 e6 9e dd 6b cd fa 31 3c b6 d1 1f 29 97 0b b5 5a 0d f0 19 0a 9d e6 2b 0d af 59 f8 14 37 7c 3e e5 40 b9 ec ba a9 3f 82 37 18 fe e5 b7 b3 8f b3 37 3d 1b d0 ad 59 b7 1c 78 27 e3 17 01 be ab 9a cb 85 db 08 de 6a 02 be 7e ff 15 c1 df b8 75 ab fb 0b b9 37 f5 ed e7 fa 72 ce f8 18 cb 6f 22 77 07 7e 4d 47 f8 7c df 85 d2 95 d0 25 7c 3c 7e 69 5e dd c7 85 d4 39 0b f0 cd 06 7e dd 74 fd 48 3e f7 2c d7 59 6d 4d 2c 02 1e 5b 5b 43 e9 a9 17 cf 14 30 52 93 e1 90 10 86 aa aa e6 a7 b8 f7 ae 4f 7e 5f 9e e2 36 77 2c 5a 3d 20 19 b7 19 fe f4 87 d7 59 8f 5f d3 69 2e c4 86 9f e3 c0 e3 3e 4d 5d 45 c0 ff 48 46 4a 80 2f 37 3e d7 bf 22 e7 e1 7e ff e4 49 a4 2f 2a c5 97 46 fa 8a fe 22 d7 61 37 92 c2 fd 17 7c 50 c8 77 44 9f 54 8f 94 b6 cf 9c 8e 4f 01 37 8e d8 57 2b 5d 6a 7e ad
                                                                                                                                                                                                                        Data Ascii: X k1<)Z+Y7|>@?77=Yx'j~u7ro"w~MG|%|<~i^9~tH>,YmM,[[C0RO~_6w,Z= Y_i.>M]EHFJ/7>"~I/*F"a7|PwDTO7W+]j~
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC8209INData Raw: 0f d4 cc 19 05 78 91 dd c8 12 3e 9e 92 ed 26 fa 7d 78 ab bf e5 87 cc 96 8a 6d 6c 6c 30 21 cc dc 75 0a bc b8 29 08 ee 76 bb c4 0a bf 49 81 6f 64 f0 1e 2b f5 17 ce 76 64 3f c1 b7 74 75 1d ee bd 7e 05 63 56 6c ae 41 8d 5f 5a ff f1 0a 6a ce 1d e3 70 27 f8 cb 33 2f 33 f8 7e 52 a7 40 4b 5f 4e 5d cf fb 1f fc 70 75 11 f0 93 80 a7 65 ee 3c e6 0b 8a 05 5e 2d ca 3e 1c a7 70 2a 1e 0b 39 bd e9 50 01 f2 e9 fd 8d 08 dc fd 87 47 c8 e6 30 c6 d0 ff 8f 3b 12 3e 2e 1b 0d e0 16 f3 5d bb 02 e3 73 9a 1d de 1e f9 b2 5d 68 e2 55 78 fa c8 12 5e ab 33 d8 3c c1 66 70 10 2a 3c 8d 9a 9c 31 0f dc 9d c8 7b af bb 0a f0 dd 80 3f 7a 1d 19 8f c8 9e 5e bf 6b fa 0b 2c 45 f1 62 33 8e 69 61 6c 15 ee ef e7 29 af c6 cc dd 04 8f 87 43 2f 02 9e 77 35 34 5f 80 65 6e 49 08 0b 9c 50 33 a4 53 8b a9 58
                                                                                                                                                                                                                        Data Ascii: x>&}xmll0!u)vIod+vd?tu~cVlA_Zjp'3/3~R@K_N]pue<^->p*9PG0;>.]s]hUx^3<fp*<1{?z^k,Eb3ial)C/w54_enIP3SX


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        167192.168.2.749902119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC665OUTGET /im.qq.com_new/de9c920b/img/role-yd.e89120ca.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:00 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 32253
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:59 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: bbe4a6de-4179-40d5-a72c-b759a1d6986c
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 02 fd 50 4c 54 45 00 00 00 36 70 8d 8e aa be bf c3 e2 b1 c3 d6 a7 aa d6 b4 b8 dd 3d 6c 89 8c b1 cd 62 8c a4 36 70 8c 98 bb d3 9a bb d5 94 c1 d6 3c 69 87 96 bd d4 99 be d7 dd d8 de db d9 e0 db d9 e2 e0 e1 e6 b1 ca d5 3a 72 8e 3b 76 92 39 71 8f 8b 90 c0 ea e8 ea c0 c5 e0 6d a2 bb 82 b4 ca 6b 9d b8 d1 d3 d9 6a 9d b9 5a 8f ab 28 47 65 2d 4f 6a c4 4b 44 34 4a 67 79 ad c5 b2 b1 be c3 96 98 f6 d3 cf ae 68 69 b4 5d 59 62 4e 67 ed ed ee eb ea ec fa db d7 ef ef f0 f8 d9 d5 fb dd da f5 d5 d0 f6 d7 d3 ae d3 e2 e8 e8 eb 90 be d4 f4 c7 c4 2d 64 82 b1 d5 e3 b4 d7 e5 a3 cc dc f8 cd ca aa d0 df fa d5 d1 f9 c8 c7 9f ca da fb d8 d4 9c c7 d8 a7 ce de 8b bc d1 f4 cd c8 f7
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTE6p=lb6p<i:r;v9qmkjZ(Ge-OjKD4Jgyhi]YbNg-d
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16339INData Raw: 23 83 58 61 37 12 f7 73 ba 7f d7 d3 d3 b6 c0 7e 2f 77 09 77 28 12 3f 40 dc ed 38 67 cd bb 68 bd 13 eb 67 d4 d9 76 85 83 a1 86 80 8b e4 11 f0 31 0f c0 57 a2 e0 f1 86 22 05 72 e7 8b ec 98 b9 d6 a7 2b f7 6a 93 ef 10 51 d7 92 2d 1c dc 1c f0 37 f7 75 59 a9 bf 23 e4 b3 25 e8 15 77 ea 42 2f 2b ee de 58 8c fc ce dc 1f f8 3b ee e7 f8 d5 c4 e8 bf 33 e5 dd 34 a6 06 42 cb bc ce 87 a6 18 7c 0e f0 09 5c 8c 00 f0 e1 a0 37 16 dd 56 74 56 bb 5f db 5b 22 4b d8 06 bb 76 7c a6 aa f9 aa 04 de 36 e3 f7 8f 76 11 6e 08 6f 2c 71 7d b6 c4 ee 52 cc f4 bc 3c 8f 7a 06 a2 ce 69 ab e6 2e 05 4d 36 f9 73 7f f9 e3 c2 0d 6e a2 5c 8e 3c 71 87 4b 97 eb a9 3f c0 cd 48 80 8f b7 b7 ba f1 89 10 f8 50 22 be 35 ff 2c dc 37 5d eb 40 b8 10 7a e1 ab c1 73 d2 58 d1 03 3c 65 0d c8 77 4e 3c fa a1 60 c7
                                                                                                                                                                                                                        Data Ascii: #Xa7s~/ww(?@8ghgv1W"r+jQ-7uY#%wB/+X;34B|\7VtV_["Kv|6vno,q}R<zi.M6sn\<qK?HP"5,7]@zsX<ewN<`


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        168192.168.2.749898119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC665OUTGET /im.qq.com_new/de9c920b/img/role-wz.c59f5aa3.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:00 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 33514
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:59 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b6e1fdcf-7d96-4d13-a93b-0032b6c047f8
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 f9 92 7f 9a 53 4e 54 51 58 a8 16 03 48 43 46 bf 1f 05 e6 80 75 e1 70 66 a1 3f 37 e7 bc b4 e3 48 1c f7 f4 f4 d1 90 84 8c 27 26 e5 cc bf d7 b3 a3 d5 a3 95 8d 2a 26 d1 81 76 c1 31 1b aa 0b 05 a5 19 10 ef dd d0 ea cd c0 eb d7 c9 c2 68 60 db b8 ac a1 14 10 e1 b8 ad e0 44 15 b5 4d 44 f0 8d 7c ea d5 c2 aa 39 33 d3 7e 75 d8 78 6c f3 ed eb f8 92 80 cb 5e 58 eb 50 14 47 31 35 b3 46 3a e6 47 17 b9 6c 66 d6 9c 8e e9 d4 b9 ff 6c 19 ff 66 1d ed dc c3 ff 6b 20 ff 6e 1f ed da c0 e6 d1 b6 fc 63 11 ef de c5 ea d8 bf e5 ce b2 fe 64 17 e3 ca ad e8 d5 bc ec d6 bb ee ec ed f0 df c9 ff 67 16 f0 e1 cc f1 d2 ca f1 cd c5 e8 d1 b3 f0 49 03 f1 50 03 f9
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTESNTQXHCFupf?7H'&*&v1h`DMD|93~uxl^XPG15F:Glflfk ncdgIP
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: 19 75 98 f0 46 de 34 1b 3d a7 cc 82 1e 3f ea 85 3f bd ca 8d 1d 06 8c b8 33 e2 ce a8 a9 3c fa 90 6e f0 d6 f6 92 88 ef 1f 32 83 f7 bd 99 31 83 8f 65 c0 13 82 4f b6 5b ee e8 71 59 e7 77 36 11 de ce f0 23 0a de c8 5b 35 cf 21 96 1f 42 4a 7b e0 23 58 80 d2 7b c8 96 fe 74 47 2c 77 34 1a 71 37 09 b5 85 fe 6d e5 8c fb 96 bc f8 31 ec 43 db db 2e ee 8b 04 5e e4 9d 1f 5e 05 de 96 9f ca dd 00 bf d7 bc 55 f4 ea 43 d1 03 5f 67 31 d9 e1 6e e0 c9 ce f4 72 b7 27 8f 89 b6 5a 9a 42 f4 cd 85 27 6a 09 0a c7 ca 84 47 87 63 f8 04 52 d7 87 57 81 b7 e3 4d 05 7c cb 1b 2d af e9 09 2f f2 e4 95 60 2d 5b 62 7e 5b 91 53 9d c9 48 bd 57 74 f7 2e 85 6b ba c9 e0 f6 ed b2 5e c6 9a d0 f0 70 df 3c 7b a9 eb c3 ab 81 b7 d6 d5 5a 18 53 f3 96 bc 32 ce c2 3c ab f9 cd 57 36 fb a2 8c c0 5b ee 56 42
                                                                                                                                                                                                                        Data Ascii: uF4=??3<n21eO[qYw6#[5!BJ{#X{tG,w4q7m1C.^^UC_g1nr'ZB'jGcRWM|-/`-[b~[SHWt.k^p<{ZS2<W6[VB
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC1216INData Raw: aa c0 8f fe 38 37 3e d1 ed 4e 3c ea 3e d6 e0 e3 f8 26 27 4a 8f 11 f8 51 01 5f 2c a6 7c df 76 2b a5 62 a9 98 29 15 8b 15 d7 31 ed 62 0a ad da 03 0e 7e e1 f9 f9 93 e2 34 c0 8e b3 da 8e 1c 80 58 6a d5 9f 2f 11 17 ee bd 7e 7d e1 47 b4 d3 f3 64 35 c5 17 cd 27 b0 08 fe 53 81 bf f3 4a 71 d7 e0 45 f1 07 02 cd 6f 63 d1 cb ba b7 e2 ce c4 d5 2b 7d 36 41 be 0c f0 90 fc 78 eb 59 ab d5 6e 9a 1a 7c 5c 86 80 31 02 cf 83 2b c0 1f cb 78 18 63 9d a2 ed d8 06 66 ae be 85 71 d5 4c 25 cd 5a 6d b0 17 a0 66 af 9a 4f 46 73 58 71 47 e4 8e e4 b6 9f 38 73 ea 54 64 e4 cd 4c 64 3a 32 33 72 e3 f5 ad 77 9d 44 08 3c 82 33 c2 cd 3f c1 5d 62 ce 3f 82 57 e0 85 bc 48 7e 87 32 7a b5 e5 6a 5f f4 fc c4 1c ab e3 4e 14 e4 9f 8e 9f 0b 12 f9 84 ce 6a 00 5e 59 0d ba d3 d6 14 33 06 f8 db 45 3f 6e 24
                                                                                                                                                                                                                        Data Ascii: 87>N<>&'JQ_,|v+b)1b~4Xj/~}Gd5'SJqEoc+}6AxYn|\1+xcfqL%ZmfOFsXqG8sTdLd:23rwD<3?]b?WH~2zj_Nj^Y3E?n$


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        169192.168.2.749900119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC665OUTGET /im.qq.com_new/de9c920b/img/role-gm.6afa3939.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:00 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 37338
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:51:59 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 667d8d4f-c630-4384-8c12-6d513fd15478
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 34 30 36 e0 da e5 c7 c2 c7 2e 2b 31 2c 2a 2f 95 95 b5 7d b4 d8 8e 8b 97 26 22 26 aa 9f ac 88 81 8b be be c8 25 1e 22 53 4a 51 6a 65 70 26 21 24 0f 0d 0e 62 61 71 35 2c 31 6e 65 70 4f 44 51 1b 16 19 69 9e bd 5a 4f 5a 5c 4d 57 58 4a 53 55 46 50 4e 40 49 52 43 4d 6a 5c 65 4a 3c 45 02 01 02 6e 5f 6b 68 57 63 40 36 3e 39 2e 36 34 2a 32 64 52 5f 5f 4f 5b 45 3a 43 76 68 72 e0 b5 b2 e4 c3 c2 6a 5a 6a dd b1 ae 7a 6c 77 2e 18 1f 72 63 6f 81 77 7e dc c4 c6 46 36 3f db ab aa 7e 71 7b 60 54 5c 2a 22 2a e9 c6 c4 64 58 60 8b 7f 89 8f 85 8d 3b 32 3a 2f 26 2d e4 c6 c7 23 1d 24 de c1 c0 b7 bd ef 40 31 3b 16 0d 10 aa ac e9 e4 bc c1 27 13 18 eb
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTE406.+1,*/}&"&%"SJQjep&!$baq5,1nepODQiZOZ\MWXJSUFPN@IRCMj\eJ<En_khWc@6>9.64*2dR__O[E:CvhrjZjzlw.rcow~F6?~q{`T\*"*dX`;2:/&-#$@1;'
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: d2 5f bb c8 98 8d 85 d9 cd 68 f4 8b 0a 7f 57 d7 e8 1e d8 bf 71 0e 39 73 00 8f cd 14 c0 57 d1 67 2f 1c 4f 81 a7 85 3c 87 1f ec e8 08 80 5a 27 cb c1 56 08 95 d2 20 95 a6 ed c5 f5 f2 6b ec 38 22 8c 07 10 00 2f c1 31 45 69 70 a2 b4 d4 44 88 65 f8 c6 0a fa 24 af 02 fc 01 3d c2 86 37 bc 0a 49 73 8a bb 17 f3 84 ef ac 43 15 b9 5a 5d 01 da 65 52 c0 fd aa ab 6e da 47 d2 b0 15 fc 6e 74 e1 85 ef 36 a3 5f 54 12 fc 3a 4b 1a a7 33 c2 a2 26 3b e7 e4 cd 04 af 24 f8 f3 1c 9e b6 fd 9c 49 f8 75 a9 c5 a2 c5 bb b2 10 f2 70 97 e9 a5 96 74 bd 81 c2 2d 94 b8 12 67 c5 18 7c 96 45 aa 97 86 9a 9b ab 4d 88 ea b3 6c e8 d2 e7 a2 9a 98 28 c6 65 15 f2 cd ac 38 3d c9 23 ef c9 bd 0e 1d df 2e 14 83 37 95 4d b8 06 83 38 2d 96 7f 09 ee e7 ce 65 6c 50 d4 50 d7 8f 6f 5e b8 f0 dd d7 d1 8d 26 fc
                                                                                                                                                                                                                        Data Ascii: _hWq9sWg/O<Z'V k8"/1EipDe$=7IsCZ]eRnGnt6_T:K3&;$Iupt-g|EMl(e8=#.7M8-elPPo^&
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC5040INData Raw: 3e 0a 78 c1 0e eb c2 6c 05 ee 59 c9 68 6a 3b ed 5a 5d 81 07 a8 0d c8 3f 98 fc 83 5d c5 df 78 95 cc 3a bb f1 85 e5 1a 85 02 2b 9c e5 3a d6 b3 4f 5e d5 df e0 49 c8 e3 86 ef 70 2a ca 18 36 c0 77 a7 98 ec 7b fc c6 46 d4 aa ad 1c 7d f6 d9 0b 1d ee 7f ac b2 0e c5 17 3e 98 1c fd 68 64 b5 b4 b8 98 49 86 84 fc aa 70 07 fe 78 1c f0 5a f5 b6 0f c1 0f f7 c0 47 5d 96 15 02 bc 0a b0 0b f9 bd bd bd 2a 1d 64 9c 98 b7 5a 60 af 67 27 ce 23 b2 2d 01 df 16 87 27 38 38 2f 44 87 fe a4 18 31 f9 7b 6f ec 4c 45 7c f0 b3 a7 8f 8e 5a 2d bf 15 2e 8e 6b f0 57 de d6 cf e0 07 47 9f 89 1b 19 d3 bb eb 8f be f9 d0 0d d7 74 c1 df dc f2 f8 a3 c3 b9 c8 d6 56 b5 d5 4b 24 ff fc 13 b3 3e 28 8f c6 83 84 19 0a ae 0a f9 55 b8 c3 de 20 c0 5e 16 f0 2e 5b 53 d7 e0 c1 6e a9 b4 a6 43 be 54 e2 11 a3 73
                                                                                                                                                                                                                        Data Ascii: >xlYhj;Z]?]x:+:O^Ip*6w{F}>hdIpxZG]*dZ`g'#-'88/D1{oLE|Z-.kWGtVK$>(U ^.[SnCTs


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        170192.168.2.749903129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:51:59 UTC442OUTGET /analytics/v2_upload?appkey=0AND0F8T5N4N7QT0 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:00 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        171192.168.2.749909211.152.148.324437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC553OUTGET /web/im.qq.com/qq9_1080.mp4 HTTP/1.1
                                                                                                                                                                                                                        Host: static-res.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept-Encoding: identity;q=1, *;q=0
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: video
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Range: bytes=0-
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC488INHTTP/1.1 206 Partial Content
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:00 GMT
                                                                                                                                                                                                                        Content-Type: video/mp4
                                                                                                                                                                                                                        Content-Length: 7028214
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=600
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 08:02:00 GMT
                                                                                                                                                                                                                        Last-Modified: Tue, 19 Dec 2023 13:01:30 GMT
                                                                                                                                                                                                                        Content-Range: bytes 0-7028213/7028214
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 845c1d99-9013-499f-94f3-2a6cdeb66097
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC15896INData Raw: 00 00 00 20 66 74 79 70 69 73 6f 6d 00 00 02 00 69 73 6f 6d 69 73 6f 32 61 76 63 31 6d 70 34 31 00 00 73 38 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 e8 00 00 ac 40 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 3a d4 74 72 61 6b 00 00 00 5c 74 6b 68 64 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 ac 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 07 80 00 00 04 38 00 00 00 00 00 24 65 64 74
                                                                                                                                                                                                                        Data Ascii: ftypisomisomiso2avc1mp41s8moovlmvhd@@:trak\tkhd@8$edt
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: 00 00 00 02 00 00 00 01 00 00 00 ed 00 00 00 01 00 00 00 01 00 00 00 ee 00 00 00 02 00 00 00 01 00 00 01 02 00 00 00 01 00 00 00 01 00 00 01 03 00 00 00 02 00 00 00 01 00 00 01 18 00 00 00 01 00 00 00 01 00 00 01 19 00 00 00 02 00 00 00 01 00 00 01 2d 00 00 00 01 00 00 00 01 00 00 01 2e 00 00 00 02 00 00 00 01 00 00 01 42 00 00 00 01 00 00 00 01 00 00 01 43 00 00 00 02 00 00 00 01 00 00 01 58 00 00 00 01 00 00 00 01 00 00 01 59 00 00 00 02 00 00 00 01 00 00 01 6d 00 00 00 01 00 00 00 01 00 00 01 6e 00 00 00 02 00 00 00 01 00 00 01 82 00 00 00 01 00 00 00 01 00 00 01 83 00 00 00 02 00 00 00 01 00 00 01 98 00 00 00 01 00 00 00 01 00 00 01 99 00 00 00 02 00 00 00 01 00 00 01 ad 00 00 00 01 00 00 00 01 00 00 01 ae 00 00 00 02 00 00 00 01 00 00 01 c2 00 00 00
                                                                                                                                                                                                                        Data Ascii: -.BCXYmn
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: 9e 4f c9 2e 5e 2f ba eb 3f c9 cb 92 b0 4e 20 68 bb 0b f0 8e 04 c8 32 5b 3a 05 cd d4 db f6 1e 94 07 72 8b 9e 5d d8 04 cd 66 50 87 55 ad 05 82 f0 16 1d c8 14 0c f2 c7 e8 ca f1 78 f9 15 ca f9 83 cc fc e1 3d a6 6b ae 4e ab 78 41 4d 41 7b d0 55 e8 e1 3b 73 a1 22 10 02 33 4e 52 17 c3 c6 27 47 33 6e 57 f1 d9 e5 87 98 a1 47 e3 01 0b 17 86 91 87 b4 73 9d 85 13 1f 37 c3 33 59 2e e1 f2 b8 b7 3f a6 15 b9 11 31 fc 4c 17 3c 52 e7 c8 1a 07 66 ca 2c 6c 50 64 f9 f8 e7 bb 25 59 b0 f6 0e 85 09 aa bf af f2 2f 83 31 28 7d 64 63 65 80 d3 f9 c3 34 83 21 c8 ec ef ed ba fb 13 ad 59 b3 ca 20 03 4b 3d d0 3b 1f c6 68 0b 5b 21 97 0f 0f 78 19 6e 12 4a 11 92 be c7 fa 12 15 8f 60 72 ce 6d 92 2a d1 64 64 e1 a4 f6 37 72 b9 2c f8 6a 84 1a 7a 93 14 85 5d 39 4a 1f 42 a0 9a d4 4a 4b 44 0f 10
                                                                                                                                                                                                                        Data Ascii: O.^/?N h2[:r]fPUx=kNxAMA{U;s"3NR'G3nWGs73Y.?1L<Rf,lPd%Y/1(}dce4!Y K=;h[!xnJ`rm*dd7r,jz]9JBJKD
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: 8f 9b 91 29 5e 02 16 1e ea ca 36 1a 1b 44 e2 c1 49 a0 31 5d e5 7e 68 c2 39 ea 69 c6 2c 35 f3 d3 89 58 9c 73 e7 b4 f9 15 9f 8f 70 66 4c c7 d4 dc 87 e3 33 85 9f f5 b8 7f ac b9 e3 c8 62 d3 23 e3 2d 12 c2 45 77 86 14 30 3c 83 5e c9 14 ab c5 48 a5 0c bf 43 76 07 ca b0 b7 98 2c 65 2e 84 85 8d e7 be 92 60 97 b2 66 af 4b a7 6d 3e 74 2b bf 4d ca 49 4b a9 48 8e 37 23 17 56 93 10 b1 d3 32 9e 17 4a 92 6a f2 1a a5 49 11 eb d9 40 ae 86 8e d3 7b 72 24 90 be 44 c9 74 3f 36 49 cf a2 64 cc 50 6b c9 cb d4 75 15 ed 80 be 6e 10 bb 29 55 ce 24 f5 1e 1c dc af b0 94 92 6f 67 68 89 4e 33 ab 47 e6 54 0b 1b 76 fe 06 5f 6d a0 7f 8e e6 fc 32 af e5 62 63 e7 f9 96 89 f5 b1 a7 5f 71 fa 78 e7 4c b0 9e 2a 79 f3 f0 2e f8 d2 e2 fe ee 0d 25 99 da 54 e8 e0 83 ea f0 0c 5a 46 8a 9d a2 50 e7 78
                                                                                                                                                                                                                        Data Ascii: )^6DI1]~h9i,5XspfL3b#-Ew0<^HCv,e.`fKm>t+MIKH7#V2JjI@{r$Dt?6IdPkun)U$oghN3GTv_m2bc_qxL*y.%TZFPx
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: 88 17 38 ed 51 ca 57 f0 06 a3 27 89 ee ea 64 b9 c1 67 c0 46 21 79 4f ff ff ff ff e8 2d 88 32 42 85 82 23 51 69 80 22 c5 d9 29 6e 06 15 1a c1 e5 e3 54 a6 b6 85 83 c1 04 e2 08 22 27 27 96 bf 6d b8 f1 3d 22 a6 2b c3 5e 6f fb 34 65 73 28 e4 8f 79 c9 3c 6b e3 5f 3f 57 35 a8 ba d7 ad e8 e0 aa a5 14 da 0e 0c 8b 3a cc 06 20 10 f0 9b f1 8d 84 8f d7 90 a3 a2 ff 96 f2 1c d9 1e fc 11 e3 0b 48 58 b5 d0 fb b9 7a 37 dd 46 03 55 eb e5 a6 70 80 a0 8b c4 e5 18 c8 c4 13 02 b4 c0 10 14 69 5e 5a 07 b7 8d 52 9a da 16 0f 04 13 88 b2 4a 6b c7 5f 7c 50 f9 7b b8 c1 3d b0 1d e5 cd 18 02 90 fc ba 2a 8a ca 20 27 c9 d5 f3 fe 93 81 43 07 21 19 55 25 b0 d2 c1 41 89 90 82 27 00 ca 8e a3 c9 9a 78 07 05 f8 00 4e 23 3a 6a 1b 73 50 0c 61 78 52 c4 b0 55 56 48 7d b3 09 82 9b 29 2b a6 e2 e4 76
                                                                                                                                                                                                                        Data Ascii: 8QW'dgF!yO-2B#Qi")nT"''m="+^o4es(y<k_?W5: HXz7FUpi^ZRJk_|P{=* 'C!U%A'xN#:jsPaxRUVH})+v
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: dd 8c 69 2b 9e d1 e9 e5 10 00 8d d0 01 a7 61 93 15 f6 b9 28 55 2a 89 3b 9c 4a d0 70 93 38 77 21 39 04 0c 43 48 32 68 70 7c fd 8b f7 c4 16 0f 92 70 ad 5d 92 08 ff 10 83 ac 83 27 34 b9 fe ba 05 31 46 b8 46 2f 78 5c bd 31 7e 78 7d bb 4b d5 1e f7 6d 79 75 9f f7 df 4d 76 64 c5 9e b9 77 9d a0 99 a8 0f 11 43 99 a0 0b 19 7f a1 7c d0 ee 5f f1 c8 fa d9 f4 e1 d4 5e 91 e9 5c eb 98 a8 70 1f 9b 91 e9 23 6e d0 9b c2 96 4a 14 9d 32 46 29 45 68 99 9c b4 65 2f 97 eb e3 62 2b 3d 82 fd 32 c1 9b a2 0d 98 ba 4d 94 42 20 d8 6e 48 12 03 1f b2 2e 11 32 ff 0e b5 8d af e0 0b cf 0b a4 37 a9 e3 92 29 6d 22 c5 47 32 2e 59 71 8f 44 14 be f4 bd 9a 69 77 f0 67 c6 29 a0 09 72 ce 31 fc 09 52 c9 33 6e 00 fd 3a b4 10 c3 e2 d8 7b b9 01 f0 e3 33 32 a6 b2 a5 46 a7 08 07 f5 5a c1 0d 6e c3 78 00
                                                                                                                                                                                                                        Data Ascii: i+a(U*;Jp8w!9CH2hp|p]'41FF/x\1~x}KmyuMvdwC|_^\p#nJ2F)Ehe/b+=2MB nH.27)m"G2.YqDiwg)r1R3n:{32FZnx
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: 78 30 82 25 64 6a c1 9d 51 ea 6b 72 32 cb f2 31 1b bf a9 18 dc 01 d7 3e 55 73 92 36 a7 7c ca 7a 3f b3 4e 12 fa 2d c0 45 9f a5 fe 5c da 0f a6 d1 30 70 c2 a7 35 02 af 01 e6 79 b4 c6 70 ba 6b b1 ac 28 f8 66 0a a2 25 d4 d6 a1 fb b2 20 49 dc be a8 1f 37 8f 98 13 bf 7d f5 f2 dc 07 a3 20 9a e1 81 67 c9 31 69 05 af a0 eb 78 b3 6e 99 bc 6e 31 c4 da 5a f3 b5 fd 00 2f 67 31 b8 9a b5 b2 b9 f4 61 70 e0 6b 52 44 a5 27 94 83 56 a4 5a 53 79 6c 6f 2c 46 29 6c ad 91 78 b7 90 73 1b f5 33 14 51 bb c3 f8 a4 06 68 da 5c bf 2b c4 bd 1a 9b e3 a6 2c 11 21 02 34 c3 b7 18 54 78 9b 77 50 a9 4c 19 53 e1 b6 34 51 dc f6 e0 fe d4 4c b1 ab 66 f9 5f 37 35 fe c9 0f 28 c8 91 b3 94 f9 f5 e6 fb 0a 38 f0 0a bf 9c 1d 5b 03 4c 06 41 47 18 d3 72 6b 6a cd aa 07 78 aa 60 d6 de 64 69 ca 6d 97 63 62
                                                                                                                                                                                                                        Data Ascii: x0%djQkr21>Us6|z?N-E\0p5ypk(f% I7} g1ixnn1Z/g1apkRD'VZSylo,F)lxs3Qh\+,!4TxwPLS4QLf_75(8[LAGrkjx`dimcb
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: 35 6f 1c bc 3a 87 27 87 59 19 f3 d6 0e 9b c1 1c e3 2b 65 a4 40 82 03 ac a9 80 ed 07 b1 c3 9c 73 08 87 0f 42 47 4d c4 6f 05 a9 dd 50 55 19 af a3 3a 58 d3 26 4a 01 c3 ab 9e 5d 86 a0 ed 01 3d 87 f4 95 08 fa 06 fb 7b ca 57 c8 f8 fa 56 63 49 a1 55 6c 97 26 af 7c 67 74 a5 2c 90 41 e0 64 f8 8c 33 31 ac e9 08 e5 61 8a 69 f2 e2 97 e2 7d 52 f6 81 61 f1 68 1b ab 84 10 aa 74 7a 48 8d 1d 39 15 2f e7 d9 e0 0e 06 e6 e0 70 f9 b3 b6 52 d7 57 e9 a6 8d 23 f0 11 fc 3c 61 a2 1c 72 10 4b d9 60 80 c8 8a 6e ec 92 0f 55 1d 09 9e 78 17 07 9b 27 68 94 ef a7 46 51 db da ea 20 0d fc c8 1d 4c be b7 47 d8 96 97 3f 16 71 dc f9 da a9 e1 77 b0 3c 0c 61 98 0e 5e f8 49 dd 7b 0b 85 d6 ff 1b 5d 2a 1c b9 e5 6d 19 45 5b 2c 6a 62 7a 5a 33 eb b9 88 9e f2 bc 88 ba a5 b0 a9 a6 ca 0b 47 1f e9 a7 45
                                                                                                                                                                                                                        Data Ascii: 5o:'Y+e@sBGMoPU:X&J]={WVcIUl&|gt,Ad31ai}RahtzH9/pRW#<arK`nUx'hFQ LG?qw<a^I{]*mE[,jbzZ3GE
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: 06 4e 6d ed fc 56 9d 16 7e d2 f6 b9 4f 5d 31 29 86 38 40 9c cf 72 38 45 da a7 e2 ff 29 d0 c0 31 52 3c 7f 66 5d 1b 0b 9f 6b 80 35 2e be 09 11 d2 b5 94 87 02 a3 b3 75 5a 12 95 0e c2 f2 2d b2 af 6b 4e 20 0f c3 f6 5b 81 28 5b fb bc 1a fa 74 11 3e 33 9f 08 81 89 00 89 45 60 35 60 dc 08 f9 d0 14 64 f8 ff 73 47 80 2b 8a e5 96 8d 22 ad 22 27 7d fd 77 52 12 0a 81 8f 32 af 66 d4 db cf 84 e8 ac e9 93 f7 58 c4 0a e6 3b 02 09 e8 2e c2 b8 b2 46 b4 22 d8 36 30 d5 c9 3e c7 99 d7 d4 30 cc 4f f9 b8 46 e0 2d b0 2a ef 9e d1 52 dd 3b d6 0c 47 97 0e 89 52 30 38 ff d4 2d 35 4e 7c 63 59 1c 77 de a8 ce 45 a2 7e 23 6d 1f 34 a5 67 92 68 0b 7c 67 c4 c2 c9 65 96 df 9f c5 5c bc 79 a8 e8 4b 3b 1d 99 d4 70 0a 2c 57 1e 3b 9a 74 b2 76 2c c9 d4 34 6e 8f 88 f8 18 ff 31 68 ed 4c 63 fa ec ed
                                                                                                                                                                                                                        Data Ascii: NmV~O]1)8@r8E)1R<f]k5.uZ-kN [([t>3E`5`dsG+""'}wR2fX;.F"60>0OF-*R;GR08-5N|cYwE~#m4gh|ge\yK;p,W;tv,4n1hLc
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC16384INData Raw: ff ba 25 36 26 6c b9 10 a5 f5 6d ed 7a 78 a2 5d 06 77 59 0d 53 c7 7e 8e 6d 75 98 25 37 8e 68 ef d0 d7 0c cb 62 0a bc 47 92 a7 1a 64 75 61 7e 52 00 fe 90 b5 13 d2 eb d6 2e 27 71 53 38 a6 69 22 c8 15 e7 0c f9 bf 6a 17 7c 9c 4a 20 54 2a 71 38 ce 46 69 cc cb 94 17 85 f1 f1 fd d9 ea 8f 67 e6 6d 84 71 98 95 e6 73 1e 55 1d 42 93 23 55 4b 3d 69 a2 a3 78 94 85 82 6e 61 c2 3c 18 e4 9e 83 60 14 4b ec 40 3d 22 f2 d1 57 38 71 5c 51 d8 60 6a dd c1 83 c3 f0 cd a4 d3 a9 ff 4f d9 46 3c ad 66 0a 6a c4 15 2c ec 67 a3 8d 47 6c fb 27 1d 2e 0f 58 6c 6c cf 05 e7 02 87 0d f4 55 4e 97 27 6a ea 90 fc 23 be 41 69 a6 2f 19 f4 78 1e 6e 45 98 c2 01 eb d5 83 5e 6e 58 52 89 0d e3 48 a4 f2 cb 8b 22 01 37 5b 26 e3 9e 0e 37 81 67 db cb 9b 77 3f 7d 94 59 5a 47 a5 9b e0 a4 8a 89 7e 1b 88 e4
                                                                                                                                                                                                                        Data Ascii: %6&lmzx]wYS~mu%7hbGdua~R.'qS8i"j|J T*q8FigmqsUB#UK=ixna<`K@="W8q\Q`jOF<fj,gGl'.XllUN'j#Ai/xnE^nXRH"7[&7gw?}YZG~


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        172192.168.2.749908211.152.148.324437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC561OUTGET /web/im.qq.com/qq9-introduction.mp4 HTTP/1.1
                                                                                                                                                                                                                        Host: static-res.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept-Encoding: identity;q=1, *;q=0
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: video
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Range: bytes=0-
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC553INHTTP/1.1 206 Partial Content
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:00 GMT
                                                                                                                                                                                                                        Content-Type: video/mp4
                                                                                                                                                                                                                        Content-Length: 24005058
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=600
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 08:02:00 GMT
                                                                                                                                                                                                                        Last-Modified: Tue, 19 Dec 2023 13:01:32 GMT
                                                                                                                                                                                                                        Content-Range: bytes 0-24005057/24005058
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 38f94113-45fc-4a8c-8c12-542f0258d4fb
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15831INData Raw: 00 00 00 20 66 74 79 70 69 73 6f 6d 00 00 02 00 69 73 6f 6d 69 73 6f 32 61 76 63 31 6d 70 34 31 00 00 fd ff 6d 6f 6f 76 00 00 00 6c 6d 76 68 64 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 e8 00 01 56 d6 00 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 7e df 74 72 61 6b 00 00 00 5c 74 6b 68 64 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 01 56 a8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 07 80 00 00 04 38 00 00 00 00 00 24 65 64 74
                                                                                                                                                                                                                        Data Ascii: ftypisomisomiso2avc1mp41moovlmvhdV@~trak\tkhdV@8$edt
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 00 00 07 38 00 00 05 7c 00 00 03 cf 00 00 03 a5 00 00 02 80 00 00 06 72 00 00 02 4d 00 00 02 63 00 00 03 3b 00 00 04 23 00 00 47 2f 00 00 16 ca 00 00 15 99 00 00 40 32 00 00 21 9f 00 00 11 a6 00 00 14 1c 00 00 3b f4 00 00 38 9f 00 00 38 f5 00 00 42 ac 00 00 1f 08 00 00 3e 53 00 00 50 29 00 00 3d a9 00 00 4a 62 00 00 40 6e 00 00 4d c1 00 00 43 b9 00 00 60 42 00 00 5c e4 00 00 24 70 00 00 60 6d 00 00 25 71 00 00 69 45 00 00 26 f8 00 00 24 e5 00 00 19 19 00 00 45 94 00 00 33 cb 00 00 1f 86 00 00 17 31 00 00 11 60 00 00 19 ae 00 00 12 2d 00 00 10 c4 00 00 1d 75 00 00 15 88 00 00 0c 70 00 00 0e af 00 00 15 ac 00 00 0f 05 00 00 0b 91 00 01 1b 11 00 00 2d 78 00 00 0c 72 00 00 05 13 00 00 01 c1 00 00 02 50 00 00 07 aa 00 00 02 86 00 00 04 66 00 00 4c b6 00 00 0a
                                                                                                                                                                                                                        Data Ascii: 8|rMc;#G/@2!;88B>SP)=Jb@nMC`B\$p`m%qiE&$E31`-up-xrPfL
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 01 6d a6 0a 01 6d a7 dd 01 6d a8 c9 01 6d aa 6b 01 6d ab db 01 6d ad 6f 01 6d af 1c 01 6d b0 b6 01 6d b2 49 01 6d b3 bd 01 6d b4 8f 01 6d b5 fa 01 6d b7 67 01 6d b8 ef 01 6d ba 53 01 6d bb c9 01 6d bd 32 01 6d be b5 01 6d c5 d1 01 6d c7 6d 01 6d c8 f1 01 6d ca 63 01 6d cb f9 01 6d cd 7f 01 6d cf 0c 01 6d d0 7e 01 6d d1 17 01 6d d1 ac 01 6d d2 00 01 6d d3 63 01 6d d4 fc 01 6d d6 bd 01 6d d8 56 01 6d da 12 01 6d db 20 01 6d dd 46 01 6d de f0 01 6d e0 89 01 6d e2 22 01 6d e3 bc 01 6d e5 55 01 6d e6 f2 01 6d e7 e1 01 6d e9 7a 01 6d eb 18 01 6d ec b1 01 6d ee 4a 01 6d ef e4 01 6d f1 80 01 6d f3 19 01 6d f4 07 01 6d f5 9f 01 6d f7 5d 01 6d f8 f4 01 6d fa 8d 01 6d fc 27 01 6d fd c0 01 6d ff 59 01 6e 00 4c 01 6e 01 e5 01 6e 03 7f 01 6e 05 1c 01 6e 06 b5 01 6e 08
                                                                                                                                                                                                                        Data Ascii: mmmmkmmommmImmmmgmmSmm2mmmmmmcmmmm~mmmmcmmmVmm mFmmm"mmUmmmzmmmJmmmmmm]mmm'mmYnLnnnnn
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 00 00 00 94 00 00 00 b6 00 00 00 b7 00 00 00 82 00 00 00 cf 00 00 00 a8 00 00 00 ad 00 00 00 a6 00 00 00 a3 00 00 00 ab 00 00 00 b6 00 00 00 a5 00 00 00 b0 00 00 00 a6 00 00 00 b1 00 00 00 a5 00 00 00 b1 00 00 00 a9 00 00 00 ac 00 00 00 a9 00 00 00 a9 00 00 00 a2 00 00 00 bb 00 00 00 a6 00 00 00 94 00 00 00 b2 00 00 00 a6 00 00 00 aa 00 00 00 c2 00 00 00 a0 00 00 00 b1 00 00 00 aa 00 00 00 ae 00 00 00 96 00 00 00 ab 00 00 00 c0 00 00 00 91 00 00 00 c1 00 00 00 92 00 00 00 b6 00 00 00 ad 00 00 00 a7 00 00 00 bc 00 00 00 9e 00 00 00 a8 00 00 00 bd 00 00 00 ab 00 00 00 aa 00 00 00 a2 00 00 00 a9 00 00 00 9f 00 00 00 b1 00 00 00 99 00 00 00 c1 00 00 00 9a 00 00 00 bb 00 00 00 9f 00 00 00 c1 00 00 00 ac 00 00 00 a2 00 00 00 9e 00 00 00 a8 00 00 00 b5 00 00 00
                                                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 6c 72 00 00 00 00 00 00 00 00 6d 64 69 72 61 70 70 6c 00 00 00 00 00 00 00 00 00 00 00 00 2d 69 6c 73 74 00 00 00 25 a9 74 6f 6f 00 00 00 1d 64 61 74 61 00 00 00 01 00 00 00 00 4c 61 76 66 35 38 2e 32 39 2e 31 30 30 00 00 00 08 66 72 65 65 01 6d 4b 9b 6d 64 61 74 00 00 00 25 06 05 21 dc 45 e9 bd e6 d9 48 b7 96 2c d8 20 d9 23 ee ef 20 20 20 39 2e 31 36 20 68 65 61 64 65 72 73 20 00 80 00 00 cc 99 65 88 81 00 04 7f fe 97 ce 65 70 b9 a2 da 9c 72 62 39 dd f2 4a 40 7a 71 d0 68 02 2a 44 79 91 69 eb 3e 6f 6d 23 bc 5d 7b 83 93 24 50 96 6e d7 cf 22 cf 5f f9 0c 43 ab 2f 4b 3b b4 91 cf 6b 09 92 27 13 21 e3 e0 89 aa 43 45 34 e0 ee ec 2c f1 4e 46 19 13 e5 ad d3 2f 63 b4 78 b4 99 a1 db 81 8d 42 b3 a8 6e 9d 02 c4 2e 60 0c f0 02 c4 71 ec ae db 05 af 5a 7d 71 97 44 c6 a9
                                                                                                                                                                                                                        Data Ascii: lrmdirappl-ilst%toodataLavf58.29.100freemKmdat%!EH, # 9.16 headers eeprb9J@zqh*Dyi>om#]{$Pn"_C/K;k'!CE4,NF/cxBn.`qZ}qD
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: ad ff 3b e8 25 23 af d0 64 0c 40 05 b4 6b 52 64 09 37 6e 98 a0 f2 eb fd 66 75 cb a4 ca cc 04 cd ce 40 bc 67 0d 7e 7f 13 f0 f4 4c e4 5d f6 96 70 af 9e 4a cd 75 15 2e ba eb c1 c1 5e ab 7c 24 bb 78 85 8d bc 0c 9b 31 89 98 ee d0 a7 4e b7 7d 3c 41 b6 1b 38 fe e9 82 1a f8 07 93 73 a9 be 70 23 fc f4 d6 4d d9 0a bf 94 2d 31 a7 f7 19 d4 73 ab 64 12 c0 20 8e 1c 47 ad 89 a2 65 80 88 80 73 22 6a 04 ae d2 f1 9b f9 a3 99 3c 90 60 ad 8e 09 4f 09 a2 b7 6a dd 32 c5 8c c7 47 2c bd 14 39 b4 2d 3e 19 95 a6 e5 ff a4 2a 1c 37 77 bb e7 c8 3c bc 61 92 a7 2b fb 27 48 35 4f 2d c7 d0 75 20 d3 d0 34 92 f2 1c 72 fc b8 83 7b 95 fc 2e 7d 52 2d f7 c4 9d ce 22 4a 42 2c 6c 8a 71 36 8a 14 ed 84 7c 14 24 59 b0 56 96 3f b1 83 43 b1 e6 ce 6e ce cc f0 23 f7 9d 4a 6f fb 8c 3f e0 7e 40 9f 26 62
                                                                                                                                                                                                                        Data Ascii: ;%#d@kRd7nfu@g~L]pJu.^|$x1N}<A8sp#M-1sd Ges"j<`Oj2G,9->*7w<a+'H5O-u 4r{.}R-"JB,lq6|$YV?Cn#Jo?~@&b
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 1a f2 97 9f 26 71 81 fb 71 f4 86 72 cf 58 9a b5 36 36 46 74 9a ba a0 d1 2b dd cc b8 5a 35 03 98 39 af d4 54 01 1a 79 dc 4d ed ca c2 1c f0 43 4d f7 81 97 4f 0b 6d 02 a5 d2 3f 9a 82 93 9c a0 dd 0c 17 4c 44 ab f0 9c eb ad d9 16 a9 86 35 1d 70 a8 d4 8d 0f d0 4b b2 66 a7 e1 52 d8 00 0e 91 8c 8c 24 49 d5 e9 49 f5 72 7e 9f 2c b8 e8 c1 4d 56 69 38 8d 8f f6 81 db 92 8e 2e 6b 00 35 c0 5c a4 08 5f 6d ae 8d 18 c1 c6 77 d7 8f 25 f0 39 30 3d 0e e8 93 56 49 2e 31 ea 6c 11 67 24 d8 55 cb a9 03 ac 9d 42 65 b8 1e 18 60 fd 3d 5d cd fa 4f 30 f1 5c 99 e1 13 24 40 b3 32 85 24 f2 b1 bd ee 08 81 f5 6b 30 58 26 06 34 6e 38 af 57 e7 c4 5f 0c 80 d8 bb b9 64 43 42 b5 85 eb d0 ef 8e 3b 2d 0b 93 fe 1c d8 d7 c9 cf 42 06 8d 78 6c 34 e0 03 11 98 c2 cc 24 9c 64 09 52 f3 02 a9 58 62 72 f1
                                                                                                                                                                                                                        Data Ascii: &qqrX66Ft+Z59TyMCMOm?LD5pKfR$IIr~,MVi8.k5\_mw%90=VI.1lg$UBe`=]O0\$@2$k0X&4n8W_dCB;-Bxl4$dRXbr
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: cd 2d 46 60 1e 1f 23 87 92 cc a8 95 4c 04 06 cf a0 8b 1a dd a0 cf e6 74 46 a3 a1 ca ed 92 86 e2 8c f7 60 a2 bf 00 9e 8b da dd 34 2e 8a fe 60 36 1f c4 06 e5 2c 76 9f bd 5a a1 62 d4 54 8d a2 3d f5 23 51 72 f7 29 c8 2d ef 3a 5d c0 81 bc fc 80 58 95 0f cd ee 33 e1 fe e2 29 6c e5 ae b2 79 b8 37 d6 82 f6 34 e6 a8 f4 d0 a5 11 4b 79 56 33 8f 5f 5b 45 54 bc 83 2c 8d 22 48 b9 a6 d2 45 02 df 3b d4 76 29 12 f8 69 48 a0 04 d4 42 81 d9 83 08 a4 a9 99 c8 38 02 22 7e ac 20 25 55 58 9d 52 3e ae 05 fd 9f 6c e9 8e fc 2c bb be c2 f1 a6 28 b7 89 6c de 06 ca a1 00 e0 33 e7 60 a6 f2 d7 1e 0a 0d d3 a7 a7 10 15 20 ec 16 0f d0 87 03 4a f3 1c 3d 6e 6b c3 ed 9e ab da 88 06 1f ac b0 7e f2 4f f0 7b d6 3f 88 5b 1f 3d 9f df 44 94 73 e3 3e 02 dc ab ed 38 2f 34 b1 95 da 1e 9f c9 99 c6 95
                                                                                                                                                                                                                        Data Ascii: -F`#LtF`4.`6,vZbT=#Qr)-:]X3)ly74KyV3_[ET,"HE;v)iHB8"~ %UXR>l,(l3` J=nk~O{?[=Ds>8/4
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 6a 56 98 a1 69 45 2f 2a d3 df 83 4c 17 d9 34 1a 7c 30 e6 1d 83 77 c4 dd 56 7b e8 7c 86 77 03 1a e7 75 fe 19 f7 15 0f 16 87 50 40 f3 b5 bf 7a 3a 4a d4 a1 5b d8 e6 5d aa 84 19 b9 58 9c 9c b2 9f 5b f6 e8 79 c0 48 0c ca 95 a1 45 8e 8d c9 a2 ca 43 f3 65 f8 9a c3 d4 00 e5 8f d6 95 93 84 e9 6c e0 89 88 fc d8 83 c0 4d ea 3d a8 72 27 18 bb 32 b7 b2 70 9e 15 46 62 c6 eb 68 3c 75 2a 00 78 2c 12 37 d5 d8 ad ad 85 59 6f 21 b9 50 91 95 c4 b2 4f 50 7a 78 5c 8c 08 d0 c3 da 88 10 97 20 e6 52 2f 8a 3e 6d cb 10 78 17 44 9c 2e 08 f6 6e 2a 63 5d ac 98 ff ea c5 9f b1 c0 35 f7 08 2c 46 5e 4a 9f 1a d7 08 87 08 f5 84 d8 62 84 b3 ea 96 26 4f 31 97 4e 0f 1b 7b 89 67 03 e3 ba 17 5e cb ad a2 f3 23 4f c9 86 c1 ec bb 47 9f 25 88 6c 13 f9 a1 64 bd 12 99 8c b4 25 18 1b 0d 2d 25 84 49 bd
                                                                                                                                                                                                                        Data Ascii: jViE/*L4|0wV{|wuP@z:J[]X[yHECelM=r'2pFbh<u*x,7Yo!POPzx\ R/>mxD.n*c]5,F^Jb&O1N{g^#OG%ld%-%I
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 55 02 47 4a 63 bb 6a f9 83 8b e6 34 2b 6b 3e 9f 8d 45 7e 39 90 69 ce 87 24 ec 7d ec 47 f3 1d a2 71 82 cd f9 00 4f bd 84 48 3f 9c 4c 20 15 00 00 e0 b0 02 61 25 6a 10 d8 5c 67 07 08 95 54 00 40 0e 83 b3 ea 9c 6b 90 00 14 75 f5 ef f0 94 9a 63 a3 5a 7b ee 43 bf 44 f8 92 48 03 6d e0 3f c0 8d 1b 45 8e 3f 48 6f fa fa 61 e1 3e 11 ae 56 85 5f cc 62 20 6a 87 3a 41 70 09 81 e8 00 2e 00 2d a4 02 bb 1b 00 02 e8 05 c5 a2 01 00 01 c0 00 00 02 a1 01 9e 40 b6 d1 0a 7f 08 8a b0 30 a9 c2 c0 4c 06 74 54 e8 d5 9e 42 60 63 15 f0 e4 08 f1 77 35 08 04 05 1f 68 e5 4d de 87 25 4c 5c 78 97 ae c0 76 3e 9f 1d 49 23 52 df e5 cd e1 4d 38 57 0d 8d 32 c3 95 3f 43 c5 11 8d fc 80 63 5b 3c 86 f6 df 55 46 9a 25 f6 a1 78 1f 5e c7 83 df 07 77 cd c1 6d 1e e2 8a a0 d1 0c 89 1b 79 b3 de ec bc 55
                                                                                                                                                                                                                        Data Ascii: UGJcj4+k>E~9i$}GqOH?L a%j\gT@kucZ{CDHm?E?Hoa>V_b j:Ap.-@0LtTB`cw5hM%L\xv>I#RM8W2?Cc[<UF%x^wmyU


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        173192.168.2.749904129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC442OUTGET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        174192.168.2.749905119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC665OUTGET /im.qq.com_new/de9c920b/img/role-ql.44e6743e.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 34850
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 39cb701f-4a44-4d46-91c1-93985283707b
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 35 2f 30 44 4e 6d 31 2c 2f dc 83 82 38 30 32 23 1d 1c 23 23 29 3d 45 5f f0 b4 af d1 90 6e d2 78 74 08 08 0c ce 9e 69 1e 1e 22 2c 2a 2e 42 4a 64 0a 0a 0f 68 44 23 0c 0b 10 42 4a 66 af 72 3f 51 38 24 ef a2 9a da 9d 4f dd 8c 80 df a3 53 ce 73 6f ea 93 8c 73 4c 26 bd 82 41 fd b8 ae ab 6d 30 75 50 28 f7 b4 9d d6 79 77 de 7a 72 b1 80 43 b5 7e 3d a8 6a 15 99 60 2e 28 26 2a 20 1f 23 24 23 27 2a 2a 2f 2f 2d 31 02 01 03 0d 09 0e 1c 19 1f 08 05 09 19 15 1b 15 12 17 33 31 35 39 35 38 10 0e 13 f0 a3 99 2c 2e 37 34 29 26 ff e9 e4 23 25 2f 39 2f 2b 17 0d 0e 3b 3a 3e ff e4 e0 ff d5 cf 2c 24 23 ff d1 cb ff d9 d3 25 1e 23 f4 bd 73 ff dc d8 29
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTE5/0DNm1,/802###)=E_nxti",*.BJdhD#BJfr?Q8$OSsosL&Am0uP(ywzrC~=j`.(&* #$#'**//-1315958,.74)&#%/9/+;:>,$#%#s)
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: e4 57 f0 c9 d0 67 6f 8a f1 33 e4 24 81 bd af cc b4 2a 16 23 7c 31 e7 d7 23 7a 86 be b0 b6 29 12 39 73 fe 8c a5 42 71 fc 49 e7 21 4a 2f 97 e7 ca 63 a8 3c ad 77 64 1f 42 d9 85 6a ef 3b 43 ad 41 74 c7 85 55 2f 21 ee f0 0d 21 f4 f7 fc c1 98 e7 cc f9 a0 42 59 06 f4 2e b1 c9 94 5d f4 bd b9 d3 d1 1d d8 85 26 f3 93 4c b2 6e 46 77 2e 7a 74 15 f1 56 4b d4 6a c9 aa 55 6a 09 91 1f 16 f5 59 82 e7 ad c1 b2 72 a0 7f 25 72 85 b3 e8 a5 98 be d8 ef 8e 17 9a cc 8f 53 70 46 07 6d c6 1c a8 5a 25 91 48 4a f5 fa 6a 87 c3 1b 08 ec d4 af a7 ab ec 9e 2e 9f cf 63 b5 36 2f 2f 2f 2f 57 aa 6e 27 0f f1 55 cf e6 1b d6 dd b3 d8 61 92 49 de 3e 3e 78 50 1e bd 85 f2 8f 96 d6 98 ae 58 b5 19 c6 99 d5 47 aa 6b bd 5e 6f c0 7f 4c cb 71 ee 44 f5 6a 28 fd c2 5d 97 0a bb 12 fe 88 b5 46 b7 72 dd c6
                                                                                                                                                                                                                        Data Ascii: Wgo3$*#|1#z)9sBqI!J/c<wdBj;CAtU/!!BY.]&LnFw.ztVKjUjYr%rSpFmZ%HJj.c6////Wn'UaI>>xPXGk^oLqDj(]Fr
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC2552INData Raw: 90 f7 db 3c 5b de 89 e9 32 21 26 4c 64 9c 14 67 76 21 05 93 1f 5c 77 b5 4b fe 3f fd de de 1d ad cb d2 c1 ce f7 fb 76 4f 91 26 53 62 38 b0 9a 8b 74 a3 5e bf 49 58 af f1 d3 06 55 e4 e9 b2 e0 7b c8 a1 4d d3 95 00 76 da 27 e4 ea 82 ee 91 f9 d2 86 fb ed 12 9a 5a 4b dc e0 78 bd 35 02 1e 2a f4 45 23 38 45 b4 66 9d c0 47 22 9e 08 fb a4 28 c5 37 26 96 67 74 00 8d 8e e4 ee 79 3c e2 51 0f 5d 60 6b fe e4 8e d8 44 0a 84 45 f3 73 e5 48 d7 1a 7f 28 c5 f9 48 9e 83 a9 4a 28 00 78 92 92 a0 bd 03 fb 4f f2 32 73 4d fd aa a6 26 d0 f3 fd be f1 99 99 59 c0 cf 87 78 82 fc a6 e9 ec 62 54 70 9d 8e 2b b5 e7 10 f9 7e 6a 83 19 ed 2c cb a6 bd 86 7b 8b 76 18 58 67 68 28 31 d3 cb 46 16 ee b2 5b 1e 5b 3f 32 cb 24 d9 3a 5a 5f 2d fa a3 e4 f5 a0 2f 6a 6e b0 5c 5e 42 13 8d f2 53 56 94 1f 26
                                                                                                                                                                                                                        Data Ascii: <[2!&Ldgv!\wK?vO&Sb8t^IXU{Mv'ZKx5*E#8EfG"(7&gty<Q]`kDEsH(HJ(xO2sM&YxbTp+~j,{vXgh(1F[[?2$:Z_-/jn\^BSV&


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        175192.168.2.749911203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-10.fdbd43f2.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10650
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8375ed0c-cbdb-4591-a1cd-d5356e01f785
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC10650INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6d 00 00 00 6d 08 06 00 00 00 ab f8 ef 56 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRmmVpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        176192.168.2.749914119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC665OUTGET /im.qq.com_new/de9c920b/img/role-xx.0c154e87.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 35304
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 7429b45c-e054-4180-bf86-adc8f75398f7
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 44 36 31 3d 35 32 3b 35 31 34 2f 2d 3a 32 2f 3d 35 34 e0 7e 71 3d 31 2c 3f 33 2d 22 23 24 27 26 26 45 36 2c 29 28 29 e0 a7 99 24 25 26 8c 6a 57 f9 a6 9c 79 63 4b 4b 48 51 eb 90 86 f9 b9 b3 ff c6 bd 71 68 71 fe af a2 7b 69 34 fd c2 b9 7b 71 37 c6 81 5d fd c4 b8 71 68 71 d3 54 43 fc ac a3 7e 73 3d fb c3 bb cf 84 73 d7 85 7d 8c 77 7c 3e 2b 20 40 2d 21 43 2f 23 39 29 21 3f 2d 25 44 31 26 3c 28 1c 36 26 1d ed cf c4 ef d1 c6 3a 2c 23 33 28 21 26 1f 1d 32 23 1d 01 02 05 1b 19 1a 06 0a 0c 23 1a 19 48 33 27 2d 24 1d ec cc c1 2a 21 21 2f 25 25 1e 20 22 22 26 28 34 28 28 2b 30 32 30 34 36 14 17 18 f2 d4 c8 25 2c 2e 0c 11 14 2b 29 2b 48
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTED61=52;514/-:2/=54~q=1,?3-"#$'&&E6,)()$%&jWycKKHQqhq{i4{q7]qhqTC~s=s}w|>+ @-!C/#9)!?-%D1&<(6&:,#3(!&2##H3'-$*!!/%% ""&(4((+02046%,.+)+H
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 05 5f ae 40 ae 22 27 ac 14 7c 5d 3e 1f aa 22 95 47 f2 63 61 77 67 c0 8b 41 b9 dc 8c e6 72 f9 e0 68 b6 89 38 6c 12 37 a3 a1 44 b6 f0 3f 87 97 0d 35 03 f1 87 22 2b 72 d9 29 5e 93 28 f8 b6 5a a3 ef eb cd 05 e1 be 5a b9 44 e3 dd da 35 06 59 d3 0b aa 05 6c ad 92 c5 71 22 dc 6b b8 9f 36 1f ae 71 98 77 66 7e 14 d3 69 62 e4 cf 7d b7 51 42 d8 ba 5c ce d0 43 f8 fb c4 95 54 08 5c 29 43 a0 4d 4b 71 92 92 41 19 67 70 df 89 f9 dd c8 8f b6 dc f3 7a 3e af aa aa 39 9e c5 65 07 ea f6 60 36 4d 50 96 9d 43 1e a5 de c2 1b da 01 b7 48 cf d2 87 8a d0 bd 70 75 55 6d 2e 16 e2 1f 5c 06 4b 69 ac 41 05 ec 3b d7 00 ee 59 9c 24 2e dc 59 ab e5 f1 2c b5 39 38 e4 07 85 13 f0 f1 70 78 8e a2 48 78 7b 38 ff 06 9f ea 1b 3d f2 d1 90 f8 25 8f 2f eb 55 c9 25 70 2e 19 65 43 c3 ce 9b 43 57 01 bb
                                                                                                                                                                                                                        Data Ascii: _@"'|]>"GcawgArh8l7D?5"+r)^(ZZD5Ylq"k6qwf~ib}QB\CT\)CMKqAgpz>9e`6MPCHpuUm.\KiA;Y$.Y,98pxHx{8=%/U%p.eCCW
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC3006INData Raw: 01 fc 2e 35 ca fd 73 a9 51 b2 f1 1b e0 21 ae ec 91 4b 69 14 3c b0 0d 3c a9 31 d8 94 bb 97 31 d7 83 dd 1b 64 fc c2 3b 0d b2 61 ae 82 af 84 45 a9 93 d5 c4 88 a5 48 1e d4 1e 7f 6e bb de 1d 8e 9a ef 7c 55 a9 c8 7b 80 27 9d 42 9a d5 04 19 03 5f 24 41 1f 46 d5 61 7b d4 6c 6c 94 d6 18 2f 95 b8 28 00 e0 37 b7 d7 d6 d6 a2 a8 b9 d9 a8 53 18 6e b6 5b bd 6a ae 5c a3 12 8a 74 69 b8 90 9f 4b 42 5e e4 c1 4b 99 6c ef f5 9b 27 27 27 64 35 7c 24 a7 57 05 7f 4e a5 32 da 69 16 1d f8 59 03 ef 2d 1e f0 19 0f 3e f4 f3 dc 06 9d 0f 83 6e c0 9d f3 24 e0 0d ba fe 3f b0 1b f7 f0 d2 73 5c a5 3e 2f eb 31 65 49 13 85 9a a7 4b 4d c0 c7 ef 7c 15 56 ac e5 94 67 75 e0 8b 70 17 f0 85 66 ef 68 14 c7 cc 79 34 20 2d e0 d9 bf 63 83 80 df dc 5c 93 21 55 c4 00 aa df ee 75 d9 f0 72 93 ef 16 f0 92
                                                                                                                                                                                                                        Data Ascii: .5sQ!Ki<<11d;aEHn|U{'B_$AFa{ll/(7Sn[j\tiKB^Kl'''d5|$WN2iY->n$?s\>/1eIKM|Vgupfhy4 -c\!Uur


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        177192.168.2.749910203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-9.32e87ba4.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 14148
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 2363e3c6-0310-4670-b4e9-aa9252b633f6
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC14148INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 92 00 00 00 92 08 06 00 00 00 ae 7b 93 8e 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDR{pHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        178192.168.2.749913119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC665OUTGET /im.qq.com_new/de9c920b/img/role-jy.26b790ff.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 35833
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: cca1247a-29d4-4908-a204-5e171965ebc1
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 a4 93 a0 b7 a4 b1 84 74 76 ce b6 bb d8 c9 cc eb e8 eb dd d0 d7 e7 e2 e7 84 74 75 bd a1 af d0 b9 c5 89 76 78 e1 db e0 c9 bd ca e9 e6 e8 ea e8 ea 9f 8d 97 9c 85 8d b6 a4 b1 74 7b 74 8c 64 66 ec ba c3 e6 d8 94 f0 c3 68 cd 82 88 e5 bb a0 d4 a4 4f 64 93 80 d8 86 a4 71 9c 07 f0 ee f0 ed eb ee eb e7 eb f0 eb e6 e8 e3 e9 e2 dc e3 e5 e0 e6 c4 e8 dc de d7 df ae dd cd e9 b4 ac ed e5 e0 e9 a2 d0 bf e5 d8 b9 e3 d4 b4 e0 d1 e5 9b cc ec a8 d5 e3 a5 9d c1 ac a9 ea b8 b3 ea e0 da c6 b2 ae bd a7 a5 e8 a8 a1 e8 9c 90 e8 9f 96 e0 94 c6 e6 ae aa e5 90 84 ba a3 a1 d8 d2 dd e8 a4 9b 30 21 33 a9 da ca e6 da d2 28 1d 29 cb b7 b2 e1 9e 97 a7 94 90 e8
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTEtvtuvxt{tdfhOdq0!3()
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: be 09 74 e9 ae 6d f5 c8 ba 87 d9 51 70 ef 07 3c c9 5b 82 0d 4f f5 20 f0 ab fa 2a 2a ec 6e 5b 43 75 3d d9 4b a7 91 3a 65 f5 8a cc c0 70 17 e4 b7 77 0e 53 21 f0 36 b7 9b e5 41 6f 97 d0 13 bc d0 ab 66 93 c5 87 58 ae e4 8f 2b 4f 7b ec 59 c0 7f b9 2e a0 e1 ed 31 df ec 1a 1e 05 78 96 c7 e8 8d cd 03 2c 9b e5 f2 57 7b 18 3e 51 de 38 0a 13 3b 8a 02 6f 6f a8 a9 af af af ae b6 01 9d 80 54 59 00 8f c8 a3 82 35 fb e7 1e 5f f5 dd 98 dd 59 e1 70 e3 a4 b9 9a 52 1f 13 f8 65 85 ab 33 d2 d3 d6 0d 77 61 5e 72 58 2a 0c 78 96 77 38 bc 5e 0e 3d ff 6f 64 26 79 5d 0b 83 9b a5 30 a2 3f fe 92 1d 23 91 6b 04 be f4 9f 0b f0 88 bc b8 df ee cb 45 ce 03 60 a7 87 0f ee 53 36 b4 a1 bf 87 57 97 bc 8b 0c 77 a7 07 44 34 e5 46 e5 44 33 56 ec fd 41 6c 14 79 53 b0 ba 67 ae e9 bb b0 a3 c2 e9 f2
                                                                                                                                                                                                                        Data Ascii: tmQp<[O **n[Cu=K:epwS!6AofX+O{Y.1x,W{>Q8;ooTY5_YpRe3wa^rX*xw8^=od&y]0?#kE`S6WwD4FD3VAlySg
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC3535INData Raw: 18 8f 97 39 14 9e 89 e2 d1 02 cf d4 59 f1 52 a0 c9 4b 42 a9 9a 7f 8d 07 07 9d 20 87 2f 39 e9 93 d7 76 03 e1 8e f8 61 05 7e 7e 3f ae 3a da 3e ab e4 e9 70 b8 53 6b 70 3d 90 4d c4 1b f6 d7 cf a4 db e0 53 b7 78 b2 87 5b 3b 74 6f 40 9e 0e 38 f5 bd 65 75 78 de 86 48 45 f0 89 d3 20 e4 65 44 d3 a7 f3 79 0c 9b a1 0b c8 d5 62 1e c7 21 a1 a7 f7 f1 f5 8d 8d 20 d6 0f b9 23 2c fc 45 b2 c9 bf 0b 16 bf b9 e4 76 c6 6b 40 3d d7 cc 78 08 70 e7 d8 c9 3d 93 e1 f5 c3 2d 17 82 ff 60 c3 8b 6f 6e 6e 1a 45 1c 93 e9 45 4b ef 7d a9 34 03 76 76 79 05 af 53 d7 21 b8 8f a2 64 61 04 f1 80 ba a8 5d f4 2e 97 bc 77 67 cb 82 b7 89 d5 e4 b5 ce 2b 2b 34 7d 9a 4e 58 ed d9 54 26 3f 01 f5 21 b8 5f ef eb a4 a3 fe f5 d7 cf a2 b3 e9 a5 9d 3b 69 6c 7c b0 ef 45 b1 75 63 f9 19 94 47 e2 b8 8d 7e 82 20
                                                                                                                                                                                                                        Data Ascii: 9YRKB /9va~~?:>pSkp=MSx[;to@8euxHE eDyb! #,Evk@=xp=-`onnEEK}4vvyS!da].wg++4}NXT&?!_;il|EucG~


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        179192.168.2.749912119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:00 UTC665OUTGET /im.qq.com_new/de9c920b/img/role-sd.a5b9101b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 35683
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 15329da9-e96b-4a44-81bf-3c1dde52bf1c
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 e0 cd d0 e0 c3 cc cd 6a a9 e8 17 a4 fa 20 ab d3 27 99 fd 55 c3 e4 bf cd e6 c7 d0 3e 45 cf e6 c9 d2 2d 2e b4 f2 40 ad 92 46 81 e4 c7 d1 e1 bd c9 99 1f 67 fe 50 c5 76 21 53 fe 3d c1 bf 34 8b e4 1a a3 98 69 80 94 6b 7d 34 3a be 37 3e c4 88 5f 70 d6 1a 98 a5 04 6c fa 10 b2 35 39 bf c4 92 a5 d5 9f b1 fc 5d 72 f5 58 6d b5 00 76 7f 1d 52 5e 22 42 b8 01 78 2a 08 48 8d 0a 5e e8 d3 da e6 c8 d1 e8 cf d7 e6 cb d4 f2 d6 d3 e9 d7 dd e4 c4 cd ff 83 94 ea d5 dc e7 c0 cc e5 bc c9 f4 d7 d5 e9 c8 c4 ec cd c9 e7 c3 be f0 d1 ce ea d9 df ff 5a 76 e3 d2 d4 e5 b8 c6 ff 7e 8f 6c 46 56 ff 6e 85 f4 cc cc e3 bc b7 e8 c4 cf ff 88 99 f5 d0 d1 f1 c7 c7 92
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTEj 'U>E-.@FgPv!S=4ik}4:7>_pl59]rXmvR^"Bx*H^Zv~lFVn
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: e3 0e 25 19 78 e6 ce 5b a7 4a c5 14 33 78 a9 95 13 1b de 2e 6e 1b 5e 6c 6c 86 d8 57 da bd c8 55 7c 26 fa 1a 37 65 8d b1 78 5d 67 e6 71 f0 39 eb d5 6a 16 e0 4b f3 14 78 90 6f 19 22 cb 57 72 07 0f ee b9 fe bf bd f1 e3 af fc f8 2b 5f f9 f1 1f 1f bd 71 73 b1 12 dc ab 40 9d ce f7 e1 2f 0a c0 97 4e 4c 07 a5 e1 69 5e c0 fb 4f 18 da 25 15 f8 67 76 da 95 df 21 bd 58 95 6a 9b 15 d9 0f ee 06 78 39 36 b0 b4 79 71 9c cc 22 c9 d3 1e 14 b2 46 57 57 2d d0 4f 74 7d 29 6f 8a 60 09 4b e4 ab 28 e5 a7 3b 8a 98 7b 6e 53 f8 ad 47 8f 80 1d 62 f6 6f f9 8b 9a f6 f3 71 56 02 0f e5 55 f5 22 68 b4 e1 85 e3 fb 93 0b 3c 02 de e4 f7 62 1c 7d 07 70 1f bf 71 e3 31 2b b8 db 94 e1 71 b3 c1 0a 63 37 c4 da ef 73 a3 bc f2 a7 94 3c b5 05 6a 42 a9 43 1e 86 d7 61 df 2b 5c cf e8 ab 80 12 e0 89 22
                                                                                                                                                                                                                        Data Ascii: %x[J3x.n^llWU|&7ex]gq9jKxo"Wr+_qs@/NLi^O%gv!Xjx96yq"FWW-Ot})o`K(;{nSGboqVU"h<b}pq1+qc7s<jBCa+\"
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC3386INData Raw: a0 9c 51 dc 1f 5d 49 26 19 3c a6 07 b7 b6 0a c7 d3 d4 62 76 fe 71 64 7c c5 f1 6d fe 0e 51 c7 63 4a a9 0b 93 20 7b 9a 17 8b 1d 16 c3 17 03 5e 0a 74 64 bb 27 46 59 83 b0 01 f9 78 4c 80 0f 91 ed 73 46 ae 42 1e dc 67 67 0d 1c 52 d1 4f 1a cc 37 f2 04 9a 8d 39 b6 7d ea ec f6 a6 f0 bd d5 f8 8a fe df f0 f7 29 bf 7b 54 d4 18 fc 37 26 ee db dd 15 8e af 5d d2 68 ee 00 0f a8 92 fb f1 33 8f 9e 71 1e da 20 f0 47 e6 93 3d e0 2e 04 f6 12 3c 39 9e 05 f0 c5 fc 20 2c cf dd 93 ad 88 1a ab e7 61 f8 70 06 f1 12 88 c7 7d a6 19 8c 53 b8 7b 03 44 3e 1a 12 e0 f9 a6 35 67 06 41 5e 73 9f db e0 5d e0 f8 6a d6 13 78 28 b9 03 f6 cb 67 11 fc cc be ca f8 0a 3e 60 6a 29 d4 12 bb 16 73 67 f2 b3 63 02 fc d5 57 d7 ce f0 9a 3b 96 15 bb 98 3b 1d 17 0d ee 28 da c9 f1 63 dd 73 98 cb 0d 69 f6 00
                                                                                                                                                                                                                        Data Ascii: Q]I&<bvqd|mQcJ {^td'FYxLsFBggRO79}){T7&]h3q G=.<9 ,ap}S{D>5gA^s]jx(g>`j)sgcW;;(csi


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        180192.168.2.749918203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC387OUTGET /im.qq.com_new/de9c920b/img/role-me.8d49096f.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 40507
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: fee5f505-677e-498e-a62b-0c4f316c8390
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 cd c4 bc 52 55 49 2c 2a 9f 5a 5d 6c d6 cb c9 ad ae d8 fe f0 9c 22 44 c4 4e 53 68 39 3a ad e2 d8 dd 8f 99 de 70 78 c9 7d 82 c4 62 69 bb 7e 89 d5 6a 75 d2 34 38 a3 40 45 dd ec e0 e1 42 65 c8 ae c4 f9 4b 4d be ec dd d9 e8 db de 56 65 de e5 d3 7e fe e2 39 b2 ac da ef e2 e1 8c 87 6c 6c 77 dd 3a 3f 52 f6 ed ea 51 49 79 ed e1 e1 ef e3 e0 7a 76 5c 41 49 be 8b 85 6c af ab e2 ce c2 a1 9d a0 e0 a1 99 80 4e 52 49 f8 ea 9a e9 b8 60 fe f4 9e 71 7b ec fc ef 9e c5 ba a1 c3 b9 9f 9d 96 80 ce ba dc fe e4 44 f4 da 42 b7 a2 cc fc df 3d e2 db da e7 e0 dd de d3 d1 e6 dd db dc d1 cf ea e3 e0 e0 d6 d4 e3 d9 d6 ab 9f 80 a8 9c 7b a4 98 77 96 8c 6b ae
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTERUI,*Z]l"DNSh9:px}bi~ju48@EBeKMVe~9llw:?RQIyzv\AIlNRI`q{DB={wk
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 97 da f0 07 31 7a 1e 9a ba 1d f0 8d fa 97 af f5 2f 02 ed 44 ef 09 c0 c1 bd 6e 95 5e e4 72 e2 26 aa 76 ba 2f de e4 54 79 9e 07 41 d6 df 7b 9e be 62 d1 ef 8c 38 74 f7 8f f7 36 9a 38 0c 4d 8c 58 20 e1 f7 e6 9e dd 6b cd fa 31 3c b6 d1 1f 29 97 0b b5 5a 0d f0 19 0a 9d e6 2b 0d af 59 f8 14 37 7c 3e e5 40 b9 ec ba a9 3f 82 37 18 fe e5 b7 b3 8f b3 37 3d 1b d0 ad 59 b7 1c 78 27 e3 17 01 be ab 9a cb 85 db 08 de 6a 02 be 7e ff 15 c1 df b8 75 ab fb 0b b9 37 f5 ed e7 fa 72 ce f8 18 cb 6f 22 77 07 7e 4d 47 f8 7c df 85 d2 95 d0 25 7c 3c 7e 69 5e dd c7 85 d4 39 0b f0 cd 06 7e dd 74 fd 48 3e f7 2c d7 59 6d 4d 2c 02 1e 5b 5b 43 e9 a9 17 cf 14 30 52 93 e1 90 10 86 aa aa e6 a7 b8 f7 ae 4f 7e 5f 9e e2 36 77 2c 5a 3d 20 19 b7 19 fe f4 87 d7 59 8f 5f d3 69 2e c4 86 9f e3 c0 e3
                                                                                                                                                                                                                        Data Ascii: 1z/Dn^r&v/TyA{b8t68MX k1<)Z+Y7|>@?77=Yx'j~u7ro"w~MG|%|<~i^9~tH>,YmM,[[C0RO~_6w,Z= Y_i.
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC8272INData Raw: 2c 2e ac b3 b3 b3 cb c8 fd d1 9f d5 5a a3 c2 ab f2 f4 e1 ee 69 9a 51 18 7b f7 dc c6 55 c0 0f 73 f8 a9 7c 1e 73 d3 e4 ad c8 03 8b 86 9f 41 5f a4 50 48 a3 af 89 a5 31 ff ef b0 b1 cb 6b 95 15 0f d4 cc 19 05 78 91 dd c8 12 3e 9e 92 ed 26 fa 7d 78 ab bf e5 87 cc 96 8a 6d 6c 6c 30 21 cc dc 75 0a bc b8 29 08 ee 76 bb c4 0a bf 49 81 6f 64 f0 1e 2b f5 17 ce 76 64 3f c1 b7 74 75 1d ee bd 7e 05 63 56 6c ae 41 8d 5f 5a ff f1 0a 6a ce 1d e3 70 27 f8 cb 33 2f 33 f8 7e 52 a7 40 4b 5f 4e 5d cf fb 1f fc 70 75 11 f0 93 80 a7 65 ee 3c e6 0b 8a 05 5e 2d ca 3e 1c a7 70 2a 1e 0b 39 bd e9 50 01 f2 e9 fd 8d 08 dc fd 87 47 c8 e6 30 c6 d0 ff 8f 3b 12 3e 2e 1b 0d e0 16 f3 5d bb 02 e3 73 9a 1d de 1e f9 b2 5d 68 e2 55 78 fa c8 12 5e ab 33 d8 3c c1 66 70 10 2a 3c 8d 9a 9c 31 0f dc 9d
                                                                                                                                                                                                                        Data Ascii: ,.ZiQ{Us|sA_PH1kx>&}xmll0!u)vIod+vd?tu~cVlA_Zjp'3/3~R@K_N]pue<^->p*9PG0;>.]s]hUx^3<fp*<1


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        181192.168.2.749906119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC664OUTGET /im.qq.com_new/de9c920b/img/room-1.25daaddf.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 50879
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: af6a2d4d-0e64-4cd0-9d12-f0c297b64975
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 00 00 00 94 94 94 6e 6e 6e b3 b3 b3 e2 e2 e3 a7 a7 a7 c6 c6 c6 be be be b6 b7 b7 cd cd cd c4 c4 c4 d8 d8 d8 cd cd ce bf bf c0 c8 c8 c9 d9 d9 da bf bf bf d9 da db eb e0 e4 ec e1 e7 ee e3 e7 ee e3 e4 f0 e6 e7 e9 de e3 e5 cc e6 c7 ae cf a9 85 c7 e8 d0 ea c5 ac ce ac 88 c8 ad 85 c7 d7 c7 e6 e5 c7 e7 ca ae ce e8 cb ea c8 af d0 e9 d3 e9 af 89 c9 e7 c8 ea e9 c3 eb e3 c4 e6 e3 bd e7 e7 ca e6 ea ce ea d0 bf e6 e9 c5 eb e7 cf e6 e6 c2 eb af 86 c7 e3 c1 e7 e4 bf e8 d5 ca cf b5 a3 d7 e3 b4 e7 eb eb eb e5 c3 e6 e7 e7 e8 e8 ba eb e5 d4 e5 ea d8 e8 c8 c8 c8 e3 b8 e7 e8 be eb d9 c8 e7 cd bd e5 b0 8c c9 e6 b6 eb c4 b1 dd c1
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEnnn
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 60 3d 06 f1 69 5c cf 32 cf e6 77 e1 9c 13 30 c5 58 06 52 a6 53 44 12 87 69 c5 a8 10 98 9e 7f 9d 50 4d 06 1b 74 96 3a 36 f7 ad 5e 4a a0 9a 8c d5 9e 20 b2 a9 44 5f 58 56 b0 46 0b e6 54 01 3a ca dd fd 8a 71 34 aa 12 9f 89 69 47 9f 26 7e 3f 38 92 e6 5f 67 a6 05 9f 69 a6 5a 67 a4 de 88 14 d0 26 27 e6 e6 b0 a6 f3 9e a9 69 37 06 59 6a 6e d6 3b a6 d9 ae 18 8f 23 2d 4c 57 42 ef 39 cc f4 78 62 2a 54 17 f1 4f 7a f7 2c 5f 0a 94 4c 0a a8 60 ba ee ba 84 f8 6b 46 b5 c4 9a 62 c2 06 6a df d7 0f a1 86 11 98 6a 5f 22 0a a0 19 03 a9 b6 15 5c 91 4e d9 c4 9c 3a 3d a2 9c 60 53 e5 d3 8c 61 95 43 c9 a6 1e c1 c8 2e b5 b8 90 f0 5d bc a5 89 c9 39 88 2e 0e 29 62 af 02 85 a2 d8 bd 0c bd 80 f9 cf 32 63 05 ce c1 20 f4 12 d6 de 0d dd 9e 4f ef 54 96 eb 99 a5 5e 70 3a c1 a6 10 c8 26 db 14
                                                                                                                                                                                                                        Data Ascii: `=i\2w0XRSDiPMt:6^J D_XVFT:q4iG&~?8_giZg&'i7Yjn;#-LWB9xb*TOz,_L`kFbjj_"\N:=`SaC.]9.)b2c OT^p:&
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: a0 f7 7f b4 6f d4 90 6c e7 1a 23 bc 77 18 a6 78 8c f6 9c 54 80 c4 f8 6d d8 4c 8e 16 2d 68 fc ca ce 8f a4 9c 5d c4 67 7c 2c c6 69 c3 f4 c8 84 df a4 2a d9 01 7f 0a d1 66 21 2a 54 1d d3 ad 0f 1b a2 0a 52 89 92 f0 0f 3f 7c f2 c6 1b 64 3a ca 45 2d 96 a9 da 34 0f 55 eb de 3c 57 2c 10 a5 51 4f e7 0c 38 88 94 ea a8 f6 73 f1 af 9f a8 f1 e9 bd d8 70 8f 4e cb f4 a2 e2 7c 2a 4c 01 f5 82 0b 4b 86 5d 75 ea b5 5b 8e 16 6d 79 f8 b8 13 4e 38 ee 94 e3 3e 7b f3 9d 3d b7 dd 3d 41 9c 07 d7 7e 7e f6 c8 a3 8f fa db 30 dd 3e 36 fa e1 c8 f6 db 47 2c 53 ca 30 7d 4a 98 e2 4f 12 4a 34 35 02 6a 87 21 4a 75 8b 18 83 7b 7a 86 7d 87 46 09 15 3e a5 15 ad 75 59 14 59 9f 4a df aa ad 8c 0a 5f 74 a3 7c a0 53 87 2a d4 09 3c 26 0e 1d 3c 78 a8 bf 15 0c 8b ee 4a df 67 88 22 ec fa 4e 7d 24 46 df
                                                                                                                                                                                                                        Data Ascii: ol#wxTmL-h]g|,i*f!*TR?|d:E-4U<W,QO8spN|*LK]u[myN8>{==A~~0>6G,S0}JOJ45j!Ju{z}F>uYYJ_t|S*<&<xJg"N}$F
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC2197INData Raw: 60 a1 8a 04 1c 0f 55 54 5c 42 d3 6e c1 93 9e 67 d3 ad 4f 9e 85 4a 08 6d 6f 68 78 ff bb 30 a5 20 bd a7 e7 6a 31 4b e6 69 32 2f 3f db 94 d0 88 41 6e 30 2e 6e 2b 35 d1 01 8a 7b 49 4e d4 66 4d c0 52 2e 4c 07 41 54 d2 7f 53 19 85 1c a7 33 2b 63 a8 06 29 46 b0 a8 6b f8 0b bf 19 c5 48 9f c5 84 10 92 b4 cb 7c bb 0c 35 c6 e1 4b 79 e9 e1 25 9a 9d 7e fb 94 43 ba fc fb 97 2e d5 df 85 e3 d5 d2 03 2f 9a f8 fe a5 a8 38 18 81 e9 9f a0 9a d0 2e b5 c6 34 34 99 d8 22 0d 63 8a 4a 89 d1 9a a7 12 d1 0e a6 b7 27 5e 74 30 f1 ca 92 80 32 d4 2d 8b f7 d6 e1 bc d5 fd bd 70 80 7a f2 41 36 54 54 ff 0d 53 13 a7 b3 73 f5 92 94 67 d4 99 b1 3a 64 a7 82 94 c6 6c 7b 1c a1 7e 3d 4c f1 e9 8a 54 30 0d c3 c1 20 08 0b 0b f4 fc ce 75 6b 57 a2 91 b6 16 81 f9 14 0e ae 7a 92 b0 d2 bb 70 d0 40 25 1c
                                                                                                                                                                                                                        Data Ascii: `UT\BngOJmohx0 j1Ki2/?An0.n+5{INfMR.LATS3+c)FkH|5Ky%~C./8.44"cJ'^t02-pzA6TTSsg:dl{~=LT0 ukWzp@%


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        182192.168.2.749907119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC635OUTGET /im.qq.com_new/de9c920b/img/bg.252a624b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC472INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 793290
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 2a9b400d-cce3-431f-ae45-6d27d8c9347f
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15912INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 0f 00 00 00 06 ba 08 03 00 00 00 47 2c 7d cf 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 35 37 eb ed f2 e5 e7 ec 54 55 57 e2 e5 eb d9 db e0 6b 6c 6f c5 d0 e9 7d 7e 81 d2 d4 d9 ad b1 b8 cc cd d1 8c 8d 90 b4 b6 ba c3 c5 ca a1 a2 a6 ab ac b0 c8 cc d5 bd bf c2 97 98 9b d5 d9 e2 e4 e9 f2 de e3 ec 0e 96 d4 6b 6c 6f ff ff ff ee f5 ff f4 f4 f6 ef ee f2 f0 f1 f8 f6 f8 fc ec ec ed da eb ff e9 f0 fe e0 ee ff 00 9d ff ef e5 f3 e7 ed f7 19 14 0a eb e7 fe d0 e8 ff ea df fd e3 e7 ff e4 cd fc 25 1d 0e e6 d6 fd 0a 0a 07 e1 df ff e1 e0 e1 e6 e6 e7 dc da da c6 e3 ff e1 e8 f0 4f 4e 50 2c 2e 31 44 43 45 a0 9e 9e db da ff e3 c4 fb ff ca 06 eb d8 f4 5f 54 4e 69 5e 57 ce d0 d5 1b 1f 22 d6
                                                                                                                                                                                                                        Data Ascii: PNGIHDRG,}PLTE557TUWklo}~klo%ONP,.1DCE_TNi^W"
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 26 e6 6b 40 b4 f7 74 d0 11 6d 13 d1 32 1b 0d 45 1f c0 7c c0 18 2c dd 71 53 c4 e8 1b db d7 39 d0 64 81 f7 a2 41 77 42 7d 9f 4c 3f e8 d2 22 e0 9e b1 24 00 03 ff 65 fd 57 4b c0 86 fe c2 e9 91 7f 2c ca bf ec 4f 89 2f 51 df 77 14 30 1e 4c 01 8a 59 b8 99 fd 9a 98 ae a2 6b 7d 0a 70 c5 d4 c5 b7 f5 d4 94 8e 09 b4 fd 8a c9 6e 31 15 9a d9 32 f9 33 75 e0 6e 09 bc 71 3a f6 ba c1 61 17 07 87 e5 76 36 8f 95 9f c4 01 4e 00 ce fc e2 0f dd cd 60 1d 54 27 a5 29 e7 46 d0 1f 29 1d 5a b1 2d 19 e0 58 53 3f df 91 3e ea 02 81 40 50 92 fc 4c fe cc e9 bf ca 85 91 b2 e5 f0 a3 6a c9 2f df 43 5a e5 e6 0e 9c d7 6f 42 7e bd 08 8a 1f ce b9 fd 55 35 d4 78 35 1c 0e a0 04 38 4b bc 70 3a d8 45 83 e1 34 51 0e 93 25 95 bb 80 51 c4 ab 54 80 3b da 5f 5f 96 8f 3b d2 ac 57 5b 0a ca a1 27 fe e6 1b
                                                                                                                                                                                                                        Data Ascii: &k@tm2E|,qS9dAwB}L?"$eWK,O/Qw0LYk}pn123unq:av6N`T')F)Z-XS?>@PLj/CZoB~U5x58Kp:E4Q%QT;__;W['
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: e1 82 75 2d 81 ed d9 81 7f 8b e0 3f d5 a4 a0 ee 81 4f 58 4d c2 ff 75 cc 39 b3 8d 40 de 0b 9d 65 35 d3 9c 0a 1b 99 9b ae 12 62 b2 43 1a a0 b7 af 19 1c 84 fc fb cc 33 cf ef d9 ba 75 eb a0 68 b8 b8 05 c9 72 e1 82 54 78 28 5a 1a 6c 4d 52 b1 ab 5d d0 2f a7 20 95 1d 0d b6 ab a2 d1 0d 6d 95 e3 c5 5d 0d d5 bf 7d 0c c7 87 99 e2 16 68 7f fc 97 f2 2f 4c b9 6f b9 d6 67 df 04 08 3e fd 15 87 b9 40 f8 ed cf ea 16 5c fd 2c 49 39 b0 42 0b 8f 07 bf 6b 0f 04 df 77 c9 7f bd bd 57 12 13 b1 da 9a 16 08 1b 91 27 32 60 25 bd 70 04 d8 8b 13 35 60 8c 02 73 06 18 1a b0 73 27 ff d2 dc 32 68 72 5f 9b ef 47 e5 6e 43 c2 89 cf 02 8b 59 47 e1 e0 77 43 73 11 96 9b 07 06 fd 05 50 61 13 16 22 9c 14 98 49 51 9a 01 06 05 76 0a b0 1b 01 d6 55 58 52 1c b6 ee c2 37 57 74 2f b1 fc b7 73 73 f7 f6
                                                                                                                                                                                                                        Data Ascii: u-?OXMu9@e5bC3uhrTx(ZlMR]/ m]}h/Log>@\,I9BkwW'2`%p5`ss'2hr_GnCYGwCsPa"IQvUXR7Wt/ss
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 78 1d 16 9c 0e 73 32 35 d5 4f 07 38 c7 b3 cb f5 9a 57 b6 5a 75 c7 5c 7d 81 80 b1 b6 b8 bf 3e 47 d6 75 60 18 67 12 f8 e9 7f eb 7e e0 5d c9 f6 da ef 4f f9 1f d3 e9 0c bd 0b 09 44 83 ad 32 c1 ba 22 f8 a9 28 fa e6 f9 cc 09 77 fc 52 fa 3d e4 37 09 78 ae a1 da 7f 1b aa c9 ec f8 5b cb 24 04 fb f4 d1 c6 d8 ff f1 e7 62 83 25 d0 fb 08 fb 4d b6 01 27 c7 5f 21 ea 3b 90 64 03 30 1c 43 da 7f 6f 61 da 0b 53 2e 66 be 68 00 56 4e c5 a5 d5 cf 30 9d fe ea e4 57 26 40 0b f3 7d 06 7e 99 06 cc 9a ef cf f5 cf ca 90 22 08 84 f3 22 91 83 ee 5f f5 b9 49 8c bd 02 c7 4a b6 48 24 9f 52 47 70 18 1d b2 a4 0a 2c c3 a0 65 1c 34 1f b0 5f 99 82 45 06 02 7c 92 4c c1 92 16 60 84 58 01 be 28 b1 0c 29 21 00 13 a0 02 f3 4a e0 c4 34 68 8d f7 26 f7 1f a5 4d c1 02 8e 95 43 06 c8 3c 68 50 5f 00 8c
                                                                                                                                                                                                                        Data Ascii: xs25O8WZu\}>Gu`g~]OD2"(wR=7x[$b%M'_!;d0CoaS.fhVN0W&@}~""_IJH$RGp,e4_E|L`X()!J4h&MC<hP_
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 9c 18 32 28 8c 28 01 56 a8 da 3b 4a 01 18 1d a0 b7 ad fe 1b 1f dd f2 58 e8 fb ef 15 10 42 82 11 61 21 f7 e5 1e 16 02 db ec d7 4c 00 96 56 50 32 04 18 0b 20 f3 3d 67 6c 92 2a 30 c3 8d 90 80 29 fd 62 d9 5d a0 e1 5c 5a 03 ac e2 af d4 ff 8a f0 6b 0e 96 89 0a 2c 95 c0 aa ff c2 61 54 7d 79 5b b3 9f 95 02 f3 8e 70 fe 6f 74 0d b0 aa bf f8 29 a4 c0 99 34 98 c4 5f 84 70 69 82 b5 4e b7 ec 31 c0 58 84 cf e5 4c 0b 8d 86 3d 3f 25 54 80 11 6c 09 f8 64 1a d4 df 13 4e 3f f9 24 65 c0 32 00 49 f9 af 92 60 55 80 25 0f da 18 c4 5f 2c 72 60 1a 05 60 96 00 9f 41 e7 46 fe 2b 81 b0 e7 20 31 d8 29 d0 f6 66 cc 04 6e 93 1b 26 21 4d 9a 20 c3 90 c8 85 99 c5 ed 60 04 b6 21 07 1a 61 04 51 ab 80 e1 34 00 1b 4f 01 ef 11 1e 2c c3 90 10 e1 0e d2 fb ed 03 f6 0b 03 b0 45 25 42 5b f4 b7 5b 2f
                                                                                                                                                                                                                        Data Ascii: 2((V;JXBa!LVP2 =gl*0)b]\Zk,aT}y[pot)4_piN1XL=?%TldN?$e2I`U%_,r``AF+ 1)fn&!M `!aQ4O,E%B[[/
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 8b 7e d0 e9 7c 9f 0b 77 97 cc b5 48 b7 23 3f b5 b8 d8 69 03 3d 0f 23 fa ad db 5e 9b f7 41 c4 06 8f 09 ca d1 f2 92 d9 6c c6 68 18 f7 5e 24 a8 64 23 cb b5 32 54 1f c1 c7 71 2b 5d 6d a8 50 af ef 5f cd f6 f5 25 c0 f7 b2 45 69 86 91 2c 82 84 e5 4d 85 91 ac ef 65 d0 17 8b 3f 47 1a c5 ff 76 12 16 58 65 c8 74 1c 60 bb 12 5a 3d 63 e7 93 f5 d3 fe c2 79 60 f7 5c 1d db 5f 29 fd 86 c3 ec 23 10 d8 f6 80 d7 d4 a1 fc cb b1 fc ef 19 03 16 1e 68 a0 5e c0 2f 25 ed af ba 56 3c 77 b6 c6 1f 49 63 99 2d 4c 2f 2c e4 e5 b9 d9 a1 69 d3 2e 7a 76 7c ba 74 64 fb f8 7c 20 5e 4d dc a1 5a 55 a0 bb 6e 6f 1f d2 e7 14 7f 0f a2 e2 01 58 f5 ce 3b ef 7c da 8a 69 78 d5 03 e3 fa 3f ca c0 ae 0f ec fe 88 9c 87 7f cc 07 5e fe f6 df 4a 61 ff 7a 31 21 f2 a0 a4 fd 1a bf 2c 01 6f bf a3 6d 6f 44 9c 04
                                                                                                                                                                                                                        Data Ascii: ~|wH#?i=#^Alh^$d#2Tq+]mP_%Ei,Me?GvXet`Z=cy`\_)#h^/%V<wIc-L/,i.zv|td| ^MZUnoX;|ix?^Jaz1!,omoD
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: f2 2f 12 41 7d 0c c1 a4 ec cb 5b 8f 18 2e fd 4a 96 ab 8f 44 4f 31 d9 37 fe 72 ca 23 e5 03 7f 39 98 84 7a 91 21 ad 62 37 6b 0c 5b fa bf 6e 29 34 84 d4 23 0b 46 3d 0e 63 92 f2 67 83 bf 98 a4 5f 8f f6 6c ff f1 df ad f7 5d 32 fc 1b 2e 57 67 f9 d7 89 c7 b1 6d ae 81 f1 d4 64 9c e6 6b 16 17 23 95 e5 27 65 26 87 26 43 58 8b d5 45 2b 48 4e 14 4b b5 9a 85 ef 4e b2 14 0f 74 b4 89 e5 b8 0a 34 d4 b6 e8 18 d2 62 03 18 d3 83 c0 2a e5 5f 4f 09 f4 66 0c 9b 80 3b 1e 70 47 1d cd cb 07 3e 60 99 bf 23 b5 aa 53 2d 00 e6 d8 88 41 00 be e8 8e 17 9e bc 65 7a fa 8e 17 3e 9c 79 eb ad b7 ce 5a 73 26 08 f8 48 a3 be 4b 1f bb ee e2 67 2f 7a ee a5 6b 06 12 e1 de 6b ab 2f 5e b8 21 bd 0a e3 bc e6 16 26 97 96 d4 02 53 cb 7a 05 48 9b db c0 f7 bf f7 f6 17 c7 3c f3 cc af a2 67 bc f0 fb f6 7b
                                                                                                                                                                                                                        Data Ascii: /A}[.JDO17r#9z!b7k[n)4#F=cg_l]2.Wgmdk#'e&&CXE+HNKNt4b*_Of;pG>`#S-Aez>yZs&HKg/zkk/^!&SzH<g{
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 7d 18 e1 aa a6 ed 2c 39 f8 6e b8 11 d8 f2 3e b6 37 c0 22 ca c0 0f 6c ac 6e 7c 0a 61 b7 ba 83 2f 6c 58 e2 8d d2 6d 67 a9 b1 e4 0c ba ed 76 a3 ff 57 7c e0 08 ce 7c 12 e5 cf c3 b5 4c 68 04 f3 c6 10 0f 0e 29 f1 da 24 60 89 fd cd c0 38 e6 bb 62 2a 0f be 32 73 7e 7e 65 73 65 9e 5b 33 be d2 eb 8f f6 5c 99 04 92 5d af 16 ea b6 55 c7 75 c0 8b dd 42 a1 91 6d cf 54 8b f9 98 4f 04 60 ca b2 cb d5 c9 9a b6 81 fe eb 0c 9c 54 fc 35 c4 0b b1 fa d9 1d 42 bf e6 63 b4 be 48 c1 d8 19 f4 45 d6 50 06 56 ff 97 09 c1 55 02 e2 2a fd a0 a5 1b 34 83 08 ac 06 30 79 58 9b 60 61 32 4b 00 80 51 04 fd 3d b9 97 10 ac 0c 0c 49 11 b4 2e 08 0c 5a c0 48 04 61 06 85 85 bb eb 0f 2a 07 63 43 a2 55 14 76 d1 57 99 38 84 7d 29 fa be da fc 39 a8 f1 33 a6 cf ff 65 0a 11 e1 d7 65 df 34 d2 ef c2 bb c5
                                                                                                                                                                                                                        Data Ascii: },9n>7"ln|a/lXmgvW||Lh)$`8b*2s~~ese[3\]UuBmTO`T5BcHEPVU*40yX`a2KQ=I.ZHa*cCUvW8})93ee4
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 30 54 4d f3 64 4b 9e 7e de f3 fb 0c 74 fb 2f 26 0d 99 b0 d8 fe ed 50 ff 6c 37 80 3b 9c ff 8b 49 a1 55 fc 3c a2 df 91 fe c7 3a e8 b0 01 21 5b b0 96 f7 22 fa 7c c1 60 2d 1d 8e e5 bd d8 93 0a 17 23 86 13 92 6a e9 e9 94 d9 db 01 be fd 17 e5 fa 1a 75 54 69 37 a2 56 2d 55 a9 e6 7c 30 84 57 ff cd f8 3b 5a 96 a6 8d 93 0f 2c 09 18 17 f4 31 9d 30 ea 7a 3c 93 b7 13 af 7b d7 90 96 9d c0 8c 8f 42 c5 8a 87 0a be 5c 22 9d c8 89 7b 1f 7e 1e 91 b2 62 f3 d5 66 3c 94 0e c7 6b b9 dc 7c ac 4a 6f eb c6 db bd b2 27 c4 fc cb f8 fb f9 6b 8b 9a 6b 1b 21 95 2d 60 f6 80 d7 44 3b ed 33 84 f2 e7 fd 56 db 32 a7 7a 74 1d 08 7c 34 f8 37 48 fc bb e5 b3 67 9e 7b e1 ed 07 6f bd e6 f1 d3 4e bf 35 95 6e 01 f0 74 28 3c 79 21 51 b0 d0 19 67 4c 57 fa 3b 86 83 11 98 68 d7 3e 31 84 b6 66 23 18 2d
                                                                                                                                                                                                                        Data Ascii: 0TMdK~t/&Pl7;IU<:!["|`-#juTi7V-U|0W;Z,10z<{B\"{~bf<k|Jo'kk!-`D;3V2zt|47Hg{oN5nt(<y!QgLW;h>1f#-
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 1d f9 3a f0 ef ab 67 9c f1 e2 25 b7 22 00 73 89 37 df 2c dc 2c 42 7c fa 81 3b de 78 f1 8d 37 7e fe f9 89 27 de 79 e7 9d 0f 1e 79 84 01 b0 f3 eb dd 4c 1c 80 ef 43 1b be ff b2 ec c2 3f 3d 36 86 9a bc 7f 6a ff 99 aa 6d 4c 4e 4e ed ef b9 d5 fb 27 f0 91 3e 78 bb 9f 45 dc 85 61 94 0c e6 ef 98 29 aa b1 eb fb 6e aa 8a c2 c2 49 4f f9 7b 2a 29 48 02 09 26 27 60 14 ac 3a 41 18 3a 66 47 7c 1d f7 0d c3 b7 dd 7a ac 89 80 bb d5 5a 79 3a a8 5a 65 a3 e1 08 60 0b 87 75 ab 56 da af a1 8b 62 60 d9 15 a1 6f 71 1f 18 70 57 26 03 98 7b c2 4b 9f 81 ff 0c c0 e2 b4 67 ca 6c 56 15 71 ba 56 17 f1 a6 ea 96 67 c6 67 3c 37 72 a6 6b be 6d 37 d2 20 88 5d db ab ab 42 8f 5a 8a 3e 30 b7 7d 59 c6 af 38 07 23 df d2 5e c1 38 10 81 b1 06 7a 27 a0 5c 78 18 22 a7 e0 0c f5 f2 84 26 0c b9 42 87 37
                                                                                                                                                                                                                        Data Ascii: :g%"s7,,B|;x7~'yyLC?=6jmLNN'>xEa)nIO{*)H&'`:A:fG|zZy:Ze`uVb`oqpW&{KglVqVgg<7rkm7 ]BZ>0}Y8#^8z'\x"&B7


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        183192.168.2.749915119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC664OUTGET /im.qq.com_new/de9c920b/img/room-2.47e8b6d6.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 57652
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: d7d24cfc-0663-4b34-a19f-eb2261341a11
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 02 fd 50 4c 54 45 00 00 00 00 00 00 00 00 00 d4 d4 d4 bc bc bc 6e 6e 6e 9b 9b 9b c9 c9 c9 e2 e2 e2 b9 b9 b9 bf bf bf b4 b4 b4 be be bf a8 a8 a8 d8 d9 d9 c6 c6 c7 cf dc d7 d4 df dc cd db d6 d8 e0 dc df de dc e2 e2 df d2 dc d8 e2 de dc e6 e1 df dc e1 dd 01 85 72 e0 e0 dd e4 e3 e1 d7 dd d9 00 82 6f ea e2 dd ca de da e5 df d9 db dd da 02 89 75 c3 da d6 e8 e3 e0 be d6 d3 ea ea ea c6 dc d9 fc fc fc c9 c9 c9 ff f8 d8 c4 c4 c4 e6 e6 e6 a8 b8 a1 ce ce ce 99 d9 cf ed e3 df df de d8 4f 91 7b 42 8d 77 a5 b5 9f ff f3 a2 11 86 73 a2 ca c7 ef e5 e2 cf e2 de e6 df da 46 91 7b 9e da d0 ea df d9 a2 b4 9d 1e 88 74 3b 8b 76 ac b9 a4 27 8b 77 15 8b 78 57 90 7a 2e 8a 75 f9
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEnnnrouO{BwsF{t;v'wxWz.u
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: c0 c6 f4 39 52 71 42 a5 4a f1 5a a6 20 aa 91 26 57 7a 3b 2f a8 c7 ce 9d 3b 3b 3d 40 8d 97 e2 8d b8 36 93 29 d9 a2 85 ba 45 23 c7 60 ea f5 98 79 3a fd d4 65 8a 24 21 a8 aa 65 30 31 85 f5 49 a5 30 f3 69 d0 cf f2 32 cf c7 7f a4 55 7b 40 42 05 55 1a c5 70 d2 85 8b 86 a9 b6 2a 8b 95 99 ce 8e a7 7e 09 5a cc 91 c6 62 e6 d0 cd 39 c8 7b 8a 43 f1 b4 22 d9 c8 53 7e bd 7b 8a 1b 1a 12 33 f5 d7 48 6b 16 aa 4c 1a a9 00 7a 4c 02 bd 41 1a 7d e1 f0 85 c3 1d b2 c3 e3 64 9f b6 74 c4 54 db 4c 9d c2 62 52 42 ac 7b 41 95 4a c3 3a 9d ca 14 54 d3 8e 66 3a 4a f3 41 1f 24 1d a5 62 db da b6 4a 6d d1 d8 14 d2 85 70 c0 54 85 93 e9 42 87 69 6d 79 6c 35 86 3a 5f 9f 43 24 73 38 75 11 ba 42 33 c5 70 bc 73 ad 7b 9d fe 7d 26 ea 14 08 92 28 dc c7 64 6f d3 58 d3 4c 39 11 b8 8f 07 11 7d bd f7
                                                                                                                                                                                                                        Data Ascii: 9RqBJZ &Wz;/;;=@6)E#`y:e$!e01I0i2U{@BUp*~Zb9{C"S~{3HkLzLA}dtTLbRB{AJ:Tf:JA$bJmpTBimyl5:_C$s8uB3ps{}&(doXL9}
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: cc 5e 6f b3 fd a5 08 db 5f 06 b1 0a 1b b9 f4 97 66 46 2d 10 9a 9e 05 d1 9b 30 29 a3 ae d1 6c 2a a6 54 0b 99 52 07 bf f0 85 83 be 62 a9 41 db 54 7d 92 a9 8e a7 a0 6a d2 a8 3d bb 01 5f 40 55 1a c0 88 ca 9e 49 fd 4c 09 b5 30 ec 87 1a 16 6d c6 49 ff cb d3 77 86 01 d5 b3 ea 7c 2d 2a a5 7f a1 73 c4 44 ca 2a 78 b2 f6 b7 8d ad f8 83 84 10 f5 98 5a 47 ca 91 c0 46 1a a3 bb f6 d4 3b 10 e6 09 af ee 55 3f d5 fd af f9 34 93 22 44 87 29 bf 07 f2 cd e8 d3 2a 63 2e 13 54 a3 51 b8 d2 24 52 ee 3a d4 4f 8f 19 94 19 b5 70 4e eb bf 46 d4 8c 5a 96 f4 18 a0 7b 92 47 d7 66 3a 10 d2 4c e3 1d 14 5d 4a a4 64 fa 79 8f a9 ee 2e b9 22 51 cb 14 9c ec a4 f6 c4 c4 d8 e4 3c 34 39 39 3e c1 b5 49 8a 29 91 4a 3f 49 6e 46 6f 30 4c 49 b5 39 ec b3 a9 e2 8a b4 fa 00 a8 28 43 75 f2 c7 9b c2 8d c0
                                                                                                                                                                                                                        Data Ascii: ^o_fF-0)l*TRbAT}j=_@UIL0mIw|-*sD*xZGF;U?4"D)*c.TQ$R:OpNFZ{Gf:L]Jdy."Q<499>I)J?InFo0LI9(Cu
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC8970INData Raw: 00 94 04 aa 54 9a 92 37 79 10 76 53 6d 5d 5d 5d 8c 37 e1 64 48 df 9a d2 6e c1 37 97 e9 6d c6 b4 fe da d6 56 23 4f c7 61 48 00 49 a8 9c 25 08 41 69 86 b3 26 2f 03 35 bc 08 db be 92 11 90 56 6a 41 e9 06 21 f2 46 71 fa ca a9 8e 69 ad 98 66 91 8a 68 48 a6 11 e9 6c a5 d3 38 6a f3 1c a3 c4 3a 87 29 8d c0 8e b5 a4 b5 5f 5a 7b ad 25 63 6b f7 ef 17 54 f3 d3 6a 95 ca dc 89 98 46 9f fa a2 cf 43 75 af 7a ee 1e 29 a1 99 54 6a 48 8b 0a d3 29 02 2e df a5 6b c9 a9 34 92 da ba 6e e8 32 aa 45 54 3f 36 9a 59 67 ce 39 16 7c 63 95 04 d3 81 29 53 8c 69 86 7a 4a 4e ed 1d 22 9f 42 11 a8 5e 1c d5 1b c4 d9 39 17 ea 3c 0e 3b 3d a7 af ef 7d 5a 8d 0e a9 8f bc 93 92 36 25 f4 e6 31 3d 90 63 c7 40 2a 19 51 5f f2 ea d6 e9 d2 69 96 29 0a e5 7f f2 ed 09 a1 f7 e2 0a 78 ca a4 6b ad 42 22 4d
                                                                                                                                                                                                                        Data Ascii: T7yvSm]]]7dHn7mV#OaHI%Ai&/5VjA!FqifhHl8j:)_Z{%ckTjFCuz)TjH).k4n2ET?6Yg9|c)SizJN"B^9<;=}Z6%1=c@*Q_i)xkB"M


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        184192.168.2.749916203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC387OUTGET /im.qq.com_new/de9c920b/img/role-yd.e89120ca.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 32253
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 1a4a2a6d-e7a2-44c7-8b90-121879a1b27e
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 02 fd 50 4c 54 45 00 00 00 36 70 8d 8e aa be bf c3 e2 b1 c3 d6 a7 aa d6 b4 b8 dd 3d 6c 89 8c b1 cd 62 8c a4 36 70 8c 98 bb d3 9a bb d5 94 c1 d6 3c 69 87 96 bd d4 99 be d7 dd d8 de db d9 e0 db d9 e2 e0 e1 e6 b1 ca d5 3a 72 8e 3b 76 92 39 71 8f 8b 90 c0 ea e8 ea c0 c5 e0 6d a2 bb 82 b4 ca 6b 9d b8 d1 d3 d9 6a 9d b9 5a 8f ab 28 47 65 2d 4f 6a c4 4b 44 34 4a 67 79 ad c5 b2 b1 be c3 96 98 f6 d3 cf ae 68 69 b4 5d 59 62 4e 67 ed ed ee eb ea ec fa db d7 ef ef f0 f8 d9 d5 fb dd da f5 d5 d0 f6 d7 d3 ae d3 e2 e8 e8 eb 90 be d4 f4 c7 c4 2d 64 82 b1 d5 e3 b4 d7 e5 a3 cc dc f8 cd ca aa d0 df fa d5 d1 f9 c8 c7 9f ca da fb d8 d4 9c c7 d8 a7 ce de 8b bc d1 f4 cd c8 f7
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTE6p=lb6p<i:r;v9qmkjZ(Ge-OjKD4Jgyhi]YbNg-d
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: f0 e7 7c d0 50 2d 19 76 02 b3 d3 03 f6 ee 70 03 e6 aa d4 36 40 39 d3 4a e0 cb f7 e1 70 6c d7 78 a9 37 51 30 5b 7c 56 ec b9 c4 bd c4 a8 9a c1 13 75 86 2f ee af 46 c6 33 79 34 12 26 ba 0c 77 23 83 58 61 37 12 f7 73 ba 7f d7 d3 d3 b6 c0 7e 2f 77 09 77 28 12 3f 40 dc ed 38 67 cd bb 68 bd 13 eb 67 d4 d9 76 85 83 a1 86 80 8b e4 11 f0 31 0f c0 57 a2 e0 f1 86 22 05 72 e7 8b ec 98 b9 d6 a7 2b f7 6a 93 ef 10 51 d7 92 2d 1c dc 1c f0 37 f7 75 59 a9 bf 23 e4 b3 25 e8 15 77 ea 42 2f 2b ee de 58 8c fc ce dc 1f f8 3b ee e7 f8 d5 c4 e8 bf 33 e5 dd 34 a6 06 42 cb bc ce 87 a6 18 7c 0e f0 09 5c 8c 00 f0 e1 a0 37 16 dd 56 74 56 bb 5f db 5b 22 4b d8 06 bb 76 7c a6 aa f9 aa 04 de 36 e3 f7 8f 76 11 6e 08 6f 2c 71 7d b6 c4 ee 52 cc f4 bc 3c 8f 7a 06 a2 ce 69 ab e6 2e 05 4d 36 f9
                                                                                                                                                                                                                        Data Ascii: |P-vp6@9Jplx7Q0[|Vu/F3y4&w#Xa7s~/ww(?@8ghgv1W"r+jQ-7uY#%wB/+X;34B|\7VtV_["Kv|6vno,q}R<zi.M6
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC18INData Raw: f1 9e 62 70 4c 80 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                        Data Ascii: bpLIENDB`


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        185192.168.2.749917203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC387OUTGET /im.qq.com_new/de9c920b/img/role-wz.c59f5aa3.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC665INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 33514
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:00 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 80f6843e2916d26311f0137129aefb39
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 2676e086-d557-40fe-9f24-8bdebb3eaab5
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15719INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 f9 92 7f 9a 53 4e 54 51 58 a8 16 03 48 43 46 bf 1f 05 e6 80 75 e1 70 66 a1 3f 37 e7 bc b4 e3 48 1c f7 f4 f4 d1 90 84 8c 27 26 e5 cc bf d7 b3 a3 d5 a3 95 8d 2a 26 d1 81 76 c1 31 1b aa 0b 05 a5 19 10 ef dd d0 ea cd c0 eb d7 c9 c2 68 60 db b8 ac a1 14 10 e1 b8 ad e0 44 15 b5 4d 44 f0 8d 7c ea d5 c2 aa 39 33 d3 7e 75 d8 78 6c f3 ed eb f8 92 80 cb 5e 58 eb 50 14 47 31 35 b3 46 3a e6 47 17 b9 6c 66 d6 9c 8e e9 d4 b9 ff 6c 19 ff 66 1d ed dc c3 ff 6b 20 ff 6e 1f ed da c0 e6 d1 b6 fc 63 11 ef de c5 ea d8 bf e5 ce b2 fe 64 17 e3 ca ad e8 d5 bc ec d6 bb ee ec ed f0 df c9 ff 67 16 f0 e1 cc f1 d2 ca f1 cd c5 e8 d1 b3 f0 49 03 f1 50 03 f9
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTESNTQXHCFupf?7H'&*&v1h`DMD|93~uxl^XPG15F:Glflfk ncdgIP
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 2b ca 05 17 42 b4 5e a6 65 65 95 31 8c 25 12 eb 9d 64 84 28 db a6 c5 64 b3 5c ba 21 6d ca f7 7b 7e 8e b3 87 9d b1 cc ac ce 77 77 58 d4 e2 33 bf 7e e7 3c cf 39 cf f3 fc 96 48 93 d5 0f 87 ef 3d ca 92 87 bc 6e 36 02 6f e4 55 b2 59 ca ab ad 4c 56 1a 24 74 5f cd 46 23 05 bf 08 ee 1b 17 f3 4a 1d 69 f0 68 34 f6 e8 fe d7 39 74 a8 f0 ec 19 e8 25 c7 1b a9 ae 56 e3 f9 34 1d c0 bb 77 ab ac ea f0 22 7f d8 c8 0b bd 25 0f 7b a8 d2 53 f6 18 50 df e6 17 77 96 bb ba 0c 92 f2 8b 59 f2 52 f0 70 9f e2 eb 95 70 f8 1f 46 c2 e0 ae 25 90 17 fa 42 e3 eb b3 a7 4f aa 25 f9 ac 82 07 fd 6a f7 ee a2 52 15 9e 19 75 98 f0 46 de 34 1b 3d a7 cc 82 1e 3f ea 85 3f bd ca 8d 1d 06 8c b8 33 e2 ce a8 a9 3c fa 90 6e f0 d6 f6 92 88 ef 1f 32 83 f7 bd 99 31 83 8f 65 c0 13 82 4f b6 5b ee e8 71 59 e7
                                                                                                                                                                                                                        Data Ascii: +B^ee1%d(d\!m{~wwX3~<9H=n6oUYLV$t_F#Jih49t%V4w"%{SPwYRppF%BO%jRuF4=??3<n21eO[qY
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC1411INData Raw: 6f 3c 59 d3 1c 7f fa e1 59 f7 ce b3 89 d6 ad f0 f8 2a 8a 6f 08 78 84 93 72 92 60 9e 37 76 75 4c 6b 97 e9 27 1d df 4e 16 0d 17 8a 5f 31 6b b0 63 e1 79 a9 16 80 fb 46 0a e2 24 8f 49 42 ee b8 40 48 9b 3c 84 19 98 3c fd 2a 20 ad 79 25 8a 0f 83 d7 4d 4d 81 c9 4b 4e 49 f0 a9 3a 2c a1 37 4e 09 83 37 09 7c a7 3d de 6d 7d 6c 4d 5c 99 68 77 4c 4d 3d 00 9f 2e 6f 57 8a f7 93 6e c5 4a ed 74 f7 ee 77 1c f7 a0 e3 e0 dc 9a 92 9b cd 5a 50 fc a0 83 27 c1 1f 26 9f e1 3d 81 0a 00 5f a3 a0 76 98 e0 a8 3e 70 26 ca 0c 5e 2b 9e f3 f9 4d fd e0 4f 23 c2 4e 43 8a 87 e6 05 bc f8 4d 50 98 ef 35 d9 08 77 f5 aa c0 8f fe 38 37 3e d1 ed 4e 3c ea 3e d6 e0 e3 f8 26 27 4a 8f 11 f8 51 01 5f 2c a6 7c df 76 2b a5 62 a9 98 29 15 8b 15 d7 31 ed 62 0a ad da 03 0e 7e e1 f9 f9 93 e2 34 c0 8e b3 da
                                                                                                                                                                                                                        Data Ascii: o<YY*oxr`7vuLk'N_1kcyF$IB@H<<* y%MMKNI:,7N7|=m}lM\hwLM=.oWnJtwZP'&=_v>p&^+MO#NCMP5w87>N<>&'JQ_,|v+b)1b~4


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        186192.168.2.749919203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC387OUTGET /im.qq.com_new/de9c920b/img/role-gm.6afa3939.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC625INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:01 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 37338
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:00 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 10720de9bf77ee921a43a2ad60aa9519
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 14eec8ae-bc8b-41f1-97df-d69fa363e2c0
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC15759INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 34 30 36 e0 da e5 c7 c2 c7 2e 2b 31 2c 2a 2f 95 95 b5 7d b4 d8 8e 8b 97 26 22 26 aa 9f ac 88 81 8b be be c8 25 1e 22 53 4a 51 6a 65 70 26 21 24 0f 0d 0e 62 61 71 35 2c 31 6e 65 70 4f 44 51 1b 16 19 69 9e bd 5a 4f 5a 5c 4d 57 58 4a 53 55 46 50 4e 40 49 52 43 4d 6a 5c 65 4a 3c 45 02 01 02 6e 5f 6b 68 57 63 40 36 3e 39 2e 36 34 2a 32 64 52 5f 5f 4f 5b 45 3a 43 76 68 72 e0 b5 b2 e4 c3 c2 6a 5a 6a dd b1 ae 7a 6c 77 2e 18 1f 72 63 6f 81 77 7e dc c4 c6 46 36 3f db ab aa 7e 71 7b 60 54 5c 2a 22 2a e9 c6 c4 64 58 60 8b 7f 89 8f 85 8d 3b 32 3a 2f 26 2d e4 c6 c7 23 1d 24 de c1 c0 b7 bd ef 40 31 3b 16 0d 10 aa ac e9 e4 bc c1 27 13 18 eb
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTE406.+1,*/}&"&%"SJQjep&!$baq5,1nepODQiZOZ\MWXJSUFPN@IRCMj\eJ<En_khWc@6>9.64*2dR__O[E:CvhrjZjzlw.rcow~F6?~q{`T\*"*dX`;2:/&-#$@1;'
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC16384INData Raw: 87 62 0d 03 57 e1 1b 92 9d aa 06 ed ce 32 be 9c 3a 9e c3 53 af b3 ef 45 2d 08 fd 62 8f ab 77 88 e6 01 ba 4b 60 07 fc 5f 7f fd b5 bf e4 16 8d ef c7 e3 71 c8 9f b6 b7 75 8d c6 76 ce 93 7c 80 4d 0c b0 13 ce e1 65 25 a1 08 e0 61 8e 42 e7 0f 27 e1 27 01 af a8 c2 47 e1 31 78 a5 14 f2 e9 0a 7f 65 cf c8 6b 02 bc dc aa 33 18 d6 3b 46 11 2e 14 1b c5 54 6d 54 26 0a 98 ea ea 7a 56 6c 11 99 da f1 a8 4e 06 2f 54 67 0b 32 bf d5 e5 1a 5c c7 50 46 51 b5 bb 7f d3 4d 37 ed c3 fd d2 5f bb c8 98 8d 85 d9 cd 68 f4 8b 0a 7f 57 d7 e8 1e d8 bf 71 0e 39 73 00 8f cd 14 c0 57 d1 67 2f 1c 4f 81 a7 85 3c 87 1f ec e8 08 80 5a 27 cb c1 56 08 95 d2 20 95 a6 ed c5 f5 f2 6b ec 38 22 8c 07 10 00 2f c1 31 45 69 70 a2 b4 d4 44 88 65 f8 c6 0a fa 24 af 02 fc 01 3d c2 86 37 bc 0a 49 73 8a bb 17
                                                                                                                                                                                                                        Data Ascii: bW2:SE-bwK`_quv|Me%aB''G1xek3;F.TmT&zVlN/Tg2\PFQM7_hWq9sWg/O<Z'V k8"/1EipDe$=7Is
                                                                                                                                                                                                                        2024-02-16 07:52:01 UTC5195INData Raw: 1a 3d c9 1b 46 38 6e 68 c1 6b f0 9a bb 97 a7 6d 03 3e e7 0f 86 16 bb b1 94 5e 89 e4 50 fd 4c 2e a7 37 be ad 96 70 cf c2 5d 1b cd 26 0e af 82 7b 40 d1 e3 e0 c5 e4 ef 05 fc d5 80 d7 21 33 43 ef 6e d1 dc c9 05 a0 c9 da db 4f dd de e7 6b ab e3 cc 40 bc 71 38 65 2b f0 da 66 28 1b 3c e4 89 8d 8f f9 ac 95 a3 e7 80 de d5 fb 71 8b 1d 98 2b e6 9b 1f f8 47 de 58 fd 96 c4 bd dc f1 1a d0 8f 64 c6 0d ba 9c 94 e6 49 6e e4 d1 4b 6e a2 72 0e 95 0b 69 f0 ab 12 a5 74 bb 9a c8 42 3e 0a 78 c1 0e eb c2 6c 05 ee 59 c9 68 6a 3b ed 5a 5d 81 07 a8 0d c8 3f 98 fc 83 5d c5 df 78 95 cc 3a bb f1 85 e5 1a 85 02 2b 9c e5 3a d6 b3 4f 5e d5 df e0 49 c8 e3 86 ef 70 2a ca 18 36 c0 77 a7 98 ec 7b fc c6 46 d4 aa ad 1c 7d f6 d9 0b 1d ee 7f ac b2 0e c5 17 3e 98 1c fd 68 64 b5 b4 b8 98 49 86 84
                                                                                                                                                                                                                        Data Ascii: =F8nhkm>^PL.7p]&{@!3CnOk@q8e+f(<q+GXdInKnritB>xlYhj;Z]?]x:+:O^Ip*6w{F}>hdI


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        187192.168.2.749921129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC442OUTGET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        188192.168.2.749920129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069920609&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        189192.168.2.749925119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC664OUTGET /im.qq.com_new/de9c920b/img/room-3.13d69f7b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 51873
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:02 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: fe3221b7-6ae8-4661-96ac-3af84fa797b1
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 02 fd 50 4c 54 45 00 00 00 00 00 00 00 00 00 d4 d4 d4 bc bb bc 7a 7a 7a 9c 9d 9d 51 51 51 e2 e2 e2 a8 a8 a8 be be be b5 b5 b5 c5 c5 c6 c8 c8 c9 d8 d8 d8 c3 c3 c3 ae ae ae d8 d9 d9 b4 b4 b4 bc bc bc c2 c2 c2 b6 b6 b6 c5 c5 c6 bf bf bf ec db da e9 d8 d5 eb d8 d4 eb d9 d6 b0 99 94 52 78 8d af 9b 97 b2 9a 95 45 59 b1 3f 57 b1 4e 77 8c 54 79 8f 48 65 60 4d 69 64 ef dc d8 57 79 8d 4c 66 61 44 62 5e f8 f7 f7 e0 be b6 ec eb eb 40 5f 5b e4 d4 d3 df ba b0 e3 c4 bc db b8 b0 5b 7a 8f e3 c0 b7 52 6d 68 ea e8 e8 51 6a 65 df bc b4 c5 c5 c5 e5 e5 e5 3e 5c 58 5b 28 33 ff a6 4c dc b7 ac ff a5 44 e1 c1 b9 c9 c9 c9 ff a1 3e 49 62 5e d8 b6 ac e2 bd b3 da b5 a9 d7 b3 a8 ec
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEzzzQQQRxEY?WNwTyHe`MidWyLfaDb^@_[[zRmhQje>\X[(3LD>Ib^
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 5e a6 a7 90 69 e3 96 47 a7 05 9f 74 ac 03 29 5b 98 ed 26 df db fc 6e 31 a3 8c 7d 6f 52 99 8a a7 73 c2 74 1a 3a b5 81 ca 4b 31 4d 13 44 c5 94 db 47 f1 06 35 94 ce 0a 34 0f f7 ea 2d 61 9a 6f fe 6e 30 4d a6 23 3a 55 6f cc 54 e2 6a 7a 73 81 16 b7 6c 3c 4a a7 4a 62 08 ab 68 40 44 fb bd 16 53 93 2a 33 75 28 05 26 1b 9d 23 8d da 56 e1 d0 31 32 9e 8e 58 bb 22 cc 0c a6 fa 1d 13 9a 28 ca 91 4c a7 82 d3 d9 e8 48 a6 d9 ef 5d 4e 35 9d 58 3e ea 76 85 a8 b8 dd 8f de db 99 09 99 2a a2 0a e5 f2 5c c8 14 32 15 90 fa 07 49 d2 60 6f 85 62 4a 00 4b 99 4a 8e ca 18 42 ea 30 4f be 53 6e e4 f3 60 4a c6 3a fd 80 5c 30 5f 08 53 e2 4b f3 19 86 aa 98 ae 72 bb f0 21 4b 15 4c a3 75 8d 3b d2 f7 6a a8 11 a6 5e 11 50 6d 9d 9a b1 da 7e 04 80 30 7d 67 5c 7d 8a b0 09 ba da 22 32 96 0f 91 2f
                                                                                                                                                                                                                        Data Ascii: ^iGt)[&n1}oRst:K1MDG54-aon0M#:UoTjzsl<JJbh@DS*3u(&#V12X"(LH]N5X>v*\2I`obJKJB0OSn`J:\0_SKr!KLu;j^Pm~0}g\}"2/
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 6c ef ff 9c fe d6 9d 55 8d 1a b9 6a 07 75 e4 d4 53 2f 42 4e ad a5 cd a6 c6 dc f2 f2 ac d6 64 09 31 1d 35 6d 35 71 a4 c3 74 3a 31 f5 71 57 80 81 a5 29 6f 33 41 d1 14 b4 ac 03 e7 34 c4 98 0e fb 69 ca a2 69 87 04 15 27 ac 10 4c 5f fe 74 55 82 4a 51 d2 a2 a1 ca 36 f0 d1 89 0a aa ac 5f 9c 90 3e 62 45 b1 85 b4 bc dc 60 56 44 00 77 3f 95 62 5b 35 0f 0b 3b 6e fc 12 2e 65 e4 a9 35 26 bc 73 ca 98 12 35 db d6 d6 dc d6 da 76 f8 ca 2b af 7c 1e ff 09 9b 80 3c d5 67 55 4f 77 67 55 4f dc b2 14 d4 a0 be fe fa ea 53 3c d1 41 d7 08 ca 99 94 f1 14 58 57 3d a5 ab 55 92 ca 6a b5 83 a6 5c d4 00 55 4c 81 ca 93 5e 79 cc 5c 4d 25 a7 35 ae 9f 72 29 b3 d7 74 d8 ef 98 6a 4e 75 ec ed f9 5d 4d 8d a8 6d a8 38 41 52 8f 6e 65 2a a2 79 97 e8 f7 f8 3e 29 36 07 6e a6 fa 23 4c 8c d1 04 43 ca
                                                                                                                                                                                                                        Data Ascii: lUjuS/BNd15m5qt:1qW)o3A4ii'L_tUJQ6_>bE`VDw?b[5;n.e5&s5v+|<gUOwgUOS<AXW=Uj\UL^y\M%5r)tjNu]Mm8ARne*y>)6n#LC
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC3191INData Raw: e4 ea 8a 6b 98 c6 67 c0 5b a6 1d a8 68 14 a1 31 21 36 d4 62 ef 83 b9 51 f1 d2 a7 8f 3c 02 4e af 97 fd 4f 02 e9 da 56 97 61 95 a3 b3 0e 23 4d b7 59 04 3e 14 55 97 2b 13 3d 48 95 63 c7 0a ab 52 66 f7 75 b8 9b 5a 95 27 4e a9 f0 74 55 79 26 fb 8e af 22 ec dc 3d 25 45 4f ef 75 ec bb 12 a8 87 6f 1b 61 0d ba ba e1 51 17 1c 14 31 30 6b 67 f5 e3 e1 c1 04 e0 71 fa fa 11 97 5e f7 fe d4 51 93 e8 7f 3b 92 ae a1 ce 5d b8 08 74 0e ab bf b1 f2 ac 6f 82 ba a6 ba 36 d2 e3 47 cc fa c7 c2 8b a2 ab 69 a5 71 e7 de 44 4c b2 50 c6 05 16 d6 05 8e a1 73 8e 21 ec 4a de e0 de ef e0 df c0 50 b7 88 13 a1 c0 23 a2 1a 2c 6b 37 be 29 12 35 48 81 05 26 2d ea 12 33 06 f8 73 77 6b a3 5a 29 81 f4 7f 68 a4 3f b0 77 f6 2c 4e 06 41 1c 07 f1 05 3d 05 41 c4 4e 41 ef 30 16 69 24 86 60 15 9e 2e 90
                                                                                                                                                                                                                        Data Ascii: kg[h1!6bQ<NOVa#MY>U+=HcRfuZ'NtUy&"=%EOuoaQ10kgq^Q;]to6GiqDLPs!JP#,k7)5H&-3swkZ)h?w,NA=ANA0i$`.


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        190192.168.2.749922129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC677OUTPOST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 1641
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC1641OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 5f 31 37 30 38 30 37 37 30 30 30 35 35 33 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0WEB0QEJW44KW5A5","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB0QEJW44KW5A5_1708077000553","A1
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=f6a2aa30dd5f73eaec373d90a436d694; Expires=Fri, 16-Feb-2024 08:22:02 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 32 32 37 38 33 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069922783", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        191192.168.2.749924119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC664OUTGET /im.qq.com_new/de9c920b/img/room-4.4a2b7aa6.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 64325
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:02 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 00d6818f-40c2-4ec3-8e79-0610f61989a9
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 02 fd 50 4c 54 45 00 00 00 00 00 00 de de de bc bc bc d4 d4 d4 6f 6f 6f b2 b3 b3 9c 9c 9c c2 c2 c2 b6 b6 b7 d5 d6 d6 b6 b6 b6 d9 d9 da bc bd bd 86 d4 bf 7c d0 b9 81 d2 be 77 d0 b9 4d 4a 56 8c d4 bf 1f 62 57 e8 e8 e8 71 d0 b9 18 5d 52 7c d4 bf 88 d5 c1 5a 54 60 81 d6 c1 82 cf b8 6e a4 6b 13 61 4b 21 66 5a 51 4c 57 4a 49 55 5f 56 60 c9 c9 c9 15 64 55 cc d1 b5 c3 cd ac 57 52 5d 03 68 4e 1e 63 4c c8 d0 b0 07 5e 4c 04 63 4e 56 50 5a b0 79 40 c3 c3 c3 ce cf ce ab 5d 2b f4 dc c3 52 4f 59 b7 8d 62 c6 8a 50 c5 cf b5 d8 7c 37 f2 98 1f f3 cd 8b ba cd aa d1 d1 ad 18 69 58 bc 95 69 2b 64 4e 14 68 4e da 83 3c 10 61 52 e3 96 4c d2 70 30 df 90 47 f8 ab 32 b4 7c 42 bc
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEooo|wMJVbWq]R|ZT`nkaK!fZQLWJIU_V`dUWR]hNcL^LcNVPZy@]+ROYbP|7iXi+dNhN<aRLp0G2|B
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 1b ef cc cc 80 69 73 b8 fd c4 e6 91 bf 7f fa 72 41 57 d4 50 91 8a 8d df 32 32 02 99 82 e9 1d 98 01 1d 16 b7 3b 86 d3 ef 71 62 ef 78 ad d1 68 ce 58 34 ad d5 0e 7c 44 a6 39 a8 30 52 25 5b fb 8e 50 b3 83 59 c8 0d e4 bb 8e 5e 67 86 5c 28 56 c8 94 8a e5 e8 ca 09 02 93 52 2d 51 6a 52 69 e8 ea 93 69 2f 9d 46 a9 c5 64 96 b8 fd 33 dd ae 3d f3 b7 ec 62 d9 ea 3b 5c 02 52 f8 dd 0f 86 d7 d7 16 36 6f 7c fa a5 0f 00 75 13 2a 85 3e 37 47 f5 0d 09 d2 da 2d 58 08 bd 65 6d 7b b3 3d dc 68 3c b1 f9 85 ae a8 79 6a 54 ab 4d 3c 3a 32 04 99 c2 f5 22 63 ea 9f 80 df 5d 39 7c e7 9b 63 2b eb 4b 07 06 b1 23 7c a6 bf 21 32 95 fd 6d 39 df ab a6 30 6d ff a9 13 b6 c6 af d7 38 b1 a4 e1 2e 46 87 cb 18 4b a6 bb 35 f4 01 81 5c 61 76 18 00 98 ea d3 5e bb e4 49 7d 5e d2 b0 41 e8 62 a5 ef ed a5
                                                                                                                                                                                                                        Data Ascii: isrAWP22;qbxhX4|D90R%[PY^g\(VR-QjRii/Fd3=b;\R6o|u*>7G-Xem{=h<yjTM<:2"c]9|c+K#|!2m90m8.FK5\av^I}^Ab
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 4a 19 35 d8 ef f4 e9 1b 05 39 e3 71 de c8 87 b0 51 38 db 33 7e e6 2d 08 54 d9 aa 17 8c ce 79 7f 50 3e 36 ed 92 54 ba f9 07 06 e9 25 41 fa 7c 59 57 1e 35 8e 1a 61 d3 08 12 69 b3 35 e9 c6 92 92 70 f6 e5 cb 43 d1 fc fc 60 fb 9e 3d 3f 57 a6 db ef 57 55 60 04 c2 8f 21 51 61 aa 48 2b ea 3a 7c 43 44 54 03 b0 0a 5d e0 33 36 ad 16 eb 5a 55 0f 1d 97 1b a8 64 54 de 44 83 ad 42 02 75 bd 89 be 0a 55 53 ea ea 42 40 25 25 cd ba c0 a9 08 c0 53 6f 12 d3 09 54 c0 d5 a4 37 03 0f ad 7b 2d 55 4e a5 c4 54 13 ea e2 75 6f ba 4f f5 ac 29 41 f5 eb ad cb 61 60 84 ba d6 e4 6d 64 9f 16 f5 17 c0 a8 aa e0 a0 a9 91 98 e9 5b bb e1 51 02 fa 2d 88 a0 7a 66 27 5e 7e 4b f4 42 c4 dd 3a 62 b2 6a fc 07 d3 63 d3 9b a5 de f5 4e 17 fe 05 44 1d 48 8b 80 14 c2 83 c8 41 34 25 ec 3e 93 17 de 54 d5 3e
                                                                                                                                                                                                                        Data Ascii: J59qQ83~-TyP>6T%A|YW5ai5pC`=?WWU`!QaH+:|CDT]36ZUdTDBuUSB@%%SoT7{-UNTuoO)Aa`md[Q-zf'^~KB:bjcNDHA4%>T>
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC15643INData Raw: 64 94 e8 2b 10 a8 5e 58 c8 a4 d5 cd a7 29 ad 9e 62 aa 1b 08 2a 3f 51 15 aa ca b5 b2 d9 84 df fc 73 0e 74 a4 b6 23 99 56 e2 94 57 47 ec ad 22 d5 61 e3 1a 25 d2 76 2e c8 d5 a7 60 0a d3 2e 77 e7 a1 aa 01 18 a1 17 85 ae dc b9 75 aa 63 ea 2a 5f a3 96 1b 76 1f 69 bf 48 75 fe fb 58 ef 62 a6 01 3c 19 28 42 ae 63 34 c5 e5 47 d8 45 ee b4 ad 23 c9 a5 86 27 de 54 2b 2a d2 44 c1 0a 85 42 40 9a f0 a1 d4 de 83 3f fe 49 ec 70 7c e7 1d 6c 85 83 55 a1 30 a8 ba 58 65 a5 b0 2a 54 3e 0b a6 c7 95 a9 2e 83 ef 1d 39 72 83 e1 ce de 9a ad 7d 0c dd 78 cc 3a 3e e3 f0 e9 2b 9a 56 7f cf 01 98 37 bd 22 ad 9e 32 54 6b 34 71 ca 0e 47 f0 64 bf 29 d4 2d ab 3f 97 c1 0f 0c d3 5e 45 ca d2 5a 15 4c 5b 95 69 4c 6c 0a d5 8d 52 d8 45 1e 65 83 0a cd 5d 2a 0a c0 23 c5 39 8b 25 70 d4 b4 0a aa 72 8d
                                                                                                                                                                                                                        Data Ascii: d+^X)b*?Qst#VWG"a%v.`.wuc*_viHuXb<(Bc4GE#'T+*DB@?Ip|lU0Xe*T>.9r}x:>+V7"2Tk4qGd)-?^EZL[iLlREe]*#9%pr


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        192192.168.2.749923129.226.106.2104437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC677OUTPOST /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 1518
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        Accept: application/json, text/plain, */*
                                                                                                                                                                                                                        Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC1518OUTData Raw: 7b 22 61 70 70 56 65 72 73 69 6f 6e 22 3a 22 22 2c 22 73 64 6b 49 64 22 3a 22 6a 73 22 2c 22 73 64 6b 56 65 72 73 69 6f 6e 22 3a 22 34 2e 35 2e 31 36 2d 77 65 62 22 2c 22 6d 61 69 6e 41 70 70 4b 65 79 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 22 2c 22 70 6c 61 74 66 6f 72 6d 49 64 22 3a 33 2c 22 63 6f 6d 6d 6f 6e 22 3a 7b 22 41 32 22 3a 22 6a 57 50 42 46 4d 44 34 63 64 34 4b 50 4d 42 58 53 63 57 77 7a 78 43 46 46 74 43 63 30 74 43 6d 22 2c 22 41 38 22 3a 22 22 2c 22 41 31 32 22 3a 22 65 6e 2d 55 53 22 2c 22 41 31 37 22 3a 22 31 32 38 30 2a 31 30 32 34 2a 31 22 2c 22 41 32 33 22 3a 22 22 2c 22 41 35 30 22 3a 22 22 2c 22 41 37 36 22 3a 22 30 57 45 42 30 51 45 4a 57 34 34 4b 57 35 41 35 5f 31 37 30 38 30 37 37 30 30 30 35 35 33 22 2c 22 41 31
                                                                                                                                                                                                                        Data Ascii: {"appVersion":"","sdkId":"js","sdkVersion":"4.5.16-web","mainAppKey":"0WEB0QEJW44KW5A5","platformId":3,"common":{"A2":"jWPBFMD4cd4KPMBXScWwzxCFFtCc0tCm","A8":"","A12":"en-US","A17":"1280*1024*1","A23":"","A50":"","A76":"0WEB0QEJW44KW5A5_1708077000553","A1
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC620INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 98
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Set-Cookie: tgw_l7_route=64bbc7f0a05b23ca28d2ac80952749ab; Expires=Fri, 16-Feb-2024 08:22:02 GMT; Path=/
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC98INData Raw: 7b 22 72 65 73 75 6c 74 22 3a 20 32 30 30 2c 20 22 73 72 63 47 61 74 65 77 61 79 49 70 22 3a 20 22 31 39 31 2e 39 36 2e 32 32 37 2e 32 32 32 22 2c 20 22 73 65 72 76 65 72 54 69 6d 65 22 3a 20 22 31 37 30 38 30 36 39 39 32 32 38 33 36 22 2c 20 22 6d 73 67 22 3a 20 22 73 75 63 63 65 73 73 22 7d
                                                                                                                                                                                                                        Data Ascii: {"result": 200, "srcGatewayIp": "191.96.227.222", "serverTime": "1708069922836", "msg": "success"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        193192.168.2.749928119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC664OUTGET /im.qq.com_new/de9c920b/img/room-5.497658cf.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 53918
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:02 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 2b1eb6be-45e5-4e9d-bbf8-25f23e598761
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 19 08 03 00 00 00 ca bb 25 d0 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 00 00 00 94 94 94 6e 6e 6f bd bd be c1 c1 c1 e2 e2 e2 bb bb bb d8 d8 d8 ca ca ca bc bc bc c3 c3 c3 a7 a7 a7 f2 da d8 ef d6 d3 f4 cf cc f6 d3 d1 f0 d7 d4 f4 d2 d1 f6 df ca d2 ac b2 f3 db d9 ae 7f 8b ad 7d 8a f4 dd c5 f2 d6 d2 ef cf cc f0 d3 d0 a9 7b 88 b1 7d 88 d4 af b4 ea ea ea ed d4 d0 df cd cd d5 ab b1 b1 82 8d cf a9 af f4 db c3 f4 bf bd e5 e6 e6 d1 b9 b7 f7 c5 c3 f4 c3 c0 ca ca ca c6 c6 c6 df c6 c4 b1 7f 8b f3 d6 c4 ff ae b6 d2 aa b0 ed d9 d6 f7 e1 de f5 a8 a4 f5 bd b9 f9 e4 e1 f2 d2 c5 fa a8 a4 c2 c2 c2 cd b8 b5 f1 e0 df ce ce ce d3 c2 c1 e1 c8 c6 f5 a0 9a b4 86 90 e6 9d a1 dd 92 a3 f6 de db f6 a3 9d f3
                                                                                                                                                                                                                        Data Ascii: PNGIHDR%PLTEnno}{}
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 19 47 94 34 b8 14 9c 7a a0 96 d9 3a f2 8d 24 65 4a 81 c6 17 dc 38 65 d3 bd 15 37 af 40 a7 86 92 93 a0 71 3c 75 cc 91 f4 18 8d a7 b6 7f 99 cf 91 5c ca dc e0 4b ff d3 76 46 af 6d d5 51 1c ff 13 da 99 87 82 69 5e 52 61 a2 4d 82 10 57 b7 d4 34 7b a8 c4 36 83 12 ac 69 92 29 18 ec d3 f5 21 99 da 92 52 4d 67 71 64 14 09 08 55 42 84 aa 88 b2 42 4d 75 d5 4a 1a db cd 65 50 bb e1 5c 3a c1 b6 41 1c db 0a c5 da 32 41 86 0c c4 ef 39 f7 77 f3 eb cf ac f6 66 b3 27 dd ed 5d da 54 9b cf be e7 9c df b9 e7 77 ee 7b ef 7d 3a 93 9c 7a 9d 90 8e b4 02 9a bc d3 8c b0 c5 6f ae 5c be bd 76 b9 64 53 f6 89 ef 1a 4f 77 ab e1 93 09 b0 3b 2f a1 56 c3 29 33 65 62 4a 54 65 ae 52 a6 c2 d0 c0 d2 09 48 e8 dd ee 72 b9 5c 0d ea b8 15 95 ad 58 d7 08 53 72 a4 ff a5 c7 4c dd 27 2e 57 31 82 a5 51
                                                                                                                                                                                                                        Data Ascii: G4z:$eJ8e7@q<u\KvFmQi^RaMW4{6i)!RMgqdUBBMuJeP\:A2A9wf']Tw{}:zo\vdSOw;/V)3ebJTeRHr\XSrL'.W1Q
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 28 3f a2 f9 54 98 6a 89 24 4c 23 f8 94 b2 a9 8f c1 41 c1 12 69 c1 dd cc 94 a5 b4 61 53 92 78 9a 7d c9 3f 71 93 df 2c 92 10 7c f7 82 e9 58 b8 45 f9 69 f1 a9 42 55 59 7d 7a 8e 6c d8 c9 91 45 05 c2 f4 56 d1 d8 f0 e4 37 ad a4 e1 ce fa d6 e1 56 81 3a b8 25 2a 53 19 b1 6e b5 13 ca 64 bb 8d ad 4a aa 10 aa c1 b4 aa 44 55 6e 4e ab a7 2d ba f0 a5 7c 4e ab f9 27 f1 a9 0a 3e 25 b0 33 62 da 73 a1 95 69 bc 85 29 c6 31 48 9e 04 4d 99 b6 ac 25 bb ad 05 23 93 29 fe f1 c1 4e 1f 81 03 b4 ab 98 a9 50 c4 07 d6 0e ac 35 7f e2 1f 95 a9 8a 98 18 35 92 3e 66 c8 34 14 ac 52 15 de ca 94 81 0a d2 c9 c9 6f 76 b6 d6 83 69 bd b1 af 6f 9d 24 bd 37 23 9f 1a 54 6d 44 53 d2 ea 3a 88 03 b0 a4 55 e1 89 4d 5f 58 29 b2 b2 f0 34 04 60 51 18 d3 f0 79 19 88 d6 ac b0 4f 41 35 ea 58 e6 b9 8a ea ee
                                                                                                                                                                                                                        Data Ascii: (?Tj$L#AiaSx}?q,|XEiBUY}zlEV7V:%*SndJDUnN-|N'>%3bsi)1HM%#)NP55>f4Rovio$7#TmDS:UM_X)4`QyOA5X
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC5237INData Raw: d0 be d9 9d 78 94 84 cd 01 d5 46 e0 d3 6a 77 46 86 8b 6f ce e7 c5 06 e4 57 18 16 9d 26 64 51 21 4a 5d 5e 4f 73 41 f9 48 61 9a 2e a1 57 a4 33 a6 ac c3 66 3a e7 41 0d bb 71 85 c0 7f 51 ba 68 ff 14 13 80 35 ad 8e c4 16 0f 13 3b 36 6e b1 c6 4e d2 a6 20 94 8d c4 64 55 e8 f7 0a 53 95 e1 27 40 e5 5a 98 96 a3 86 2f 34 71 a0 ed ab 9c 58 59 07 8b f6 75 fa 41 d3 c6 44 71 6e 8a 6c f6 71 f9 0f d3 95 10 61 15 aa 39 0e 59 7e 3b 66 0c 23 6d 80 79 99 69 31 f9 34 4f 6d 2a cb c9 54 e2 d4 94 fb bd 37 7d 6f 70 be 48 61 77 b8 10 8d 5f b4 af 54 29 00 1b ae 51 b0 37 c5 b2 ad 07 53 41 66 05 5c 6b 4f cf e2 1d a9 90 cf 50 82 4f 71 24 d0 95 5d f3 69 9e f9 bd 07 ea 2a 61 51 00 f5 58 30 21 22 db d4 bb 80 98 42 be 34 a1 0a a8 a0 5a 60 73 f3 83 57 aa 02 55 60 8a 8f b6 e6 82 9c 39 e2 53
                                                                                                                                                                                                                        Data Ascii: xFjwFoW&dQ!J]^OsAHa.W3f:AqQh5;6nN dUS'@Z/4qXYuADqnlqa9Y~;f#myi14Om*T7}opHaw_T)Q7SAf\kOPOq$]i*aQX0!"B4Z`sWU`9S


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        194192.168.2.749927119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC664OUTGET /im.qq.com_new/de9c920b/img/room-6.7bfb07b7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 81200
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:02 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 005b87d1-91fc-4297-ab42-68e657bc7de2
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 19 08 03 00 00 00 ca bb 25 d0 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 14 14 15 d9 d9 d9 94 94 94 7a 7b 7b c2 c2 c2 be be be d8 d8 d8 b4 b4 b4 a8 a8 a8 c2 c2 c3 ce ce ce b6 b6 b6 bd bd be 88 aa 6e e1 67 38 91 ad 72 68 97 00 f6 73 37 6f 9b 01 e4 68 39 df 64 37 e2 6a 3e e9 e9 e9 e9 6f 3e e6 6d 3f e9 72 44 f8 70 33 ec 72 40 f1 e2 e1 4a 7f 00 fc 79 3a ea 6a 3b 50 83 00 e9 b4 9d fb 87 4c ec 6d 3d 62 93 00 96 af 77 eb b8 a2 e7 b1 98 f9 78 36 f4 6d 32 c7 c6 c6 e5 64 36 e6 6c 39 fd 7c 3c ec 78 49 f5 ea e8 cc cc cc ed 75 43 f7 77 3e fb 7c 41 e7 aa 8e 57 84 01 ea af 93 e3 70 44 50 7e 01 f2 e6 e4 e1 60 35 fd 8e 51 49 7b 00 fe 80 3e e5 9a 7a e6 a0 81 e7 75 4b ec a6 86 db 5d 35 ce bc b5 ea 96 73 e8
                                                                                                                                                                                                                        Data Ascii: PNGIHDR%PLTEz{{ng8rhs7oh9d7j>o>m?rDp3r@Jy:j;PLm=bwx6m2d6l9|<xIuCw>|AWpDP~`5QI{>zuK]5s
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 0c c3 15 a9 e8 00 95 aa 34 a6 c4 ae b7 d3 a9 46 c0 1e 6a 47 fc c6 fb c8 23 d5 cf 7b b4 2a b7 12 52 7e d5 92 a9 84 69 48 5c 36 82 13 29 99 02 d1 5a 53 33 56 5b 98 e8 bb e9 29 57 b2 d3 c5 c3 f5 a8 39 e8 ce 86 07 39 16 2e 0a 50 d1 d5 7e 12 82 9e 9b 4c df 14 d3 96 4e 27 a7 eb 98 2e 7c fb 73 1f c2 a7 de 24 ea 4c 3f f5 6d e9 aa 9a 25 5a 1c 76 42 6c f2 49 31 ad 93 e8 55 91 ac 35 9a 4d 18 2c e2 f2 7b 47 6a 4c 2d e6 cc 87 8f 26 49 60 0a 54 ba d8 20 aa 0a d0 64 a0 91 f6 de 90 54 97 9e c6 35 04 08 9b 25 d4 36 af 77 0a ef 95 c0 94 33 d2 53 89 05 9d 2a e7 79 d3 a2 4c 9f fc ab 6f 62 3a ee be 7a 2a 9b 3c d6 b1 a9 60 0c 28 b2 03 55 87 da 26 df 44 ed 37 da ed 4c 81 4a 40 4a 49 42 bf a7 49 ae e8 8c 14 15 51 7b 7f 9e 3e 51 cb e0 08 aa eb 29 e3 01 10 27 1a 0c f0 30 79 b6 98
                                                                                                                                                                                                                        Data Ascii: 4FjG#{*R~iH\6)ZS3V[)W99.P~LN'.|s$L?m%ZvBlI1U5M,{GjL-&I`T dT5%6w3S*yLob:z*<`(U&D7LJ@JIBIQ{>Q)'0y
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 72 f8 bd 74 ea c2 e2 14 34 94 fe 14 4c a7 ca 4b e2 57 cb a5 72 69 7b 71 24 df 89 82 52 8c fd 95 f5 55 f2 cf 00 53 37 98 b6 30 b9 14 c9 c8 12 ab 1e 81 6a 8a be 6b eb 69 95 e5 95 a1 ae de 30 88 36 48 19 a7 65 8a 27 26 0f 36 32 c8 16 dc ba f7 db 94 1f 0b d3 4f 68 cc 19 f6 5a 35 ed b2 9b 25 28 83 78 8f f5 19 4c 19 63 9e 41 b3 a6 36 b4 3e df c5 4a 24 6f 00 f5 19 9f 25 52 32 cd 27 23 15 a6 2e 66 02 51 f8 41 f7 4d 31 aa bd cb 83 ca a6 86 45 31 bd 96 e9 3f 7f e9 20 85 9a 3e 59 c5 f4 b9 63 96 e9 73 3b 87 0f 50 4f d5 a1 d2 f8 be 04 a6 2b cd 34 40 2e 9a e1 10 15 4b 55 99 12 29 6b f7 64 a8 8e 27 4a aa 9a bd 6f 20 58 32 45 47 62 57 1b 91 37 f9 61 81 1f 3c f8 e3 bf 51 e2 7b fe bc a8 e9 29 3c 4f ed fc e5 c0 f6 f2 d4 14 50 c2 9f 32 b8 59 9a 01 53 50 9e 29 0d 8c e3 b0 e4
                                                                                                                                                                                                                        Data Ascii: rt4LKWri{q$RUS70jki06He'&62OhZ5%(xLcA6>J$o%R2'#.fQAM1E1? >Ycs;PO+4@.KU)kd'Jo X2EGbW7a<Q{)<OP2YSP)
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16384INData Raw: 71 4f ed ee d6 99 74 52 33 4a 97 94 70 3c 01 f7 fb f8 41 ba b7 37 03 3b 22 50 79 dd ae 2a c0 be a9 e8 9d 5e ea 9e b8 1f 7f f1 e8 96 25 4c ad 46 35 4e fa 5a 9e 2a 3f 39 35 e1 3b 59 4c f4 a4 12 3d f0 1c 99 7e 86 b1 11 98 12 e0 87 39 eb 74 1c 1b d6 24 34 49 c0 84 8a 4c 21 9b b7 d6 63 ed 45 24 cc cb fd 50 31 52 bf 41 14 23 77 c4 1d d3 2c 98 12 2a 22 13 b7 9c 9a cd 0c 81 aa 4e 17 e6 b7 2e 17 33 3d a9 96 14 99 aa 4e d7 a8 d3 b5 0d a4 f3 af e0 73 27 53 83 14 4c 61 12 22 55 7e ce 09 35 be ae 3a a5 eb 05 d3 ba 8f b8 5d 15 ec 3b cc d4 02 6a 43 12 45 da 39 e4 79 91 73 70 4c c5 01 93 a9 52 45 42 09 1a f5 4f 1b a4 16 ec ad 1c ee f7 4b 0b d0 67 cf 00 d5 1c 9a 66 77 09 35 4b a6 1d 1d b3 63 2d 5d 9d 82 94 fe 5c f5 9f f6 46 74 bd f2 96 ba 27 de 14 60 81 58 5b a8 df 21 95
                                                                                                                                                                                                                        Data Ascii: qOtR3Jp<A7;"Py*^%LF5NZ*?95;YL=~9t$4IL!cE$P1RA#w,*"N.3=Ns'SLa"U~5:];jCE9yspLREBOKgfw5Kc-]\Ft'`X[!
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16134INData Raw: 98 a4 6b df 08 55 40 e5 e0 14 c1 54 05 a9 b5 60 44 51 38 60 a4 3d 74 c0 5d 5d 70 bb 0c b9 a2 68 be 34 64 99 0e 8a 46 bb ae 1a 83 47 be d7 69 35 4a 37 2c 09 14 89 0a 56 4b 75 7d 3e 5a 6b a3 33 fc ff bf 61 43 3f c2 a8 5a bc 22 87 28 4d 90 e6 ac c2 10 ae 93 06 91 dc 02 75 d2 7c ce a7 45 54 ea fe 02 d6 77 8c a8 03 be 08 9d e2 18 f2 8f 1d aa 3c f4 33 91 ea 7b e1 80 0b 7c f7 d9 2e f8 0a 4f 96 88 53 a6 4d 98 8b 11 03 d4 d6 a6 6c 35 7f 67 e6 fd ca b4 d2 11 cd 0b a4 a0 65 c7 2f f9 6e d7 89 74 64 6c d6 49 f4 a4 81 e9 de 10 2a 07 36 4f 4a 20 05 4e 3e 49 d7 99 d6 0e 41 d5 14 96 44 9f 88 a6 92 24 cb b4 39 ab 89 35 dd 1d 44 da 25 4c 1d 55 fc 56 7f 67 c1 8f c0 b3 c1 04 5b b1 15 4a 35 17 a0 53 29 2f 35 32 0d ec db b0 21 5c 72 47 b2 df c6 09 a6 c3 2d 96 a8 24 4c cd 82 d4
                                                                                                                                                                                                                        Data Ascii: kU@T`DQ8`=t]]ph4dFGi5J7,VKu}>Zk3aC?Z"(Mu|ETw<3{|.OSMl5ge/ntdlI*6OJ N>IAD$95D%LUVg[J5S)/52!\rG-$L


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        195192.168.2.749930203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC387OUTGET /im.qq.com_new/de9c920b/img/role-ql.44e6743e.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 34850
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 3bc52791-1a2f-4042-91dd-6edc40534811
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 35 2f 30 44 4e 6d 31 2c 2f dc 83 82 38 30 32 23 1d 1c 23 23 29 3d 45 5f f0 b4 af d1 90 6e d2 78 74 08 08 0c ce 9e 69 1e 1e 22 2c 2a 2e 42 4a 64 0a 0a 0f 68 44 23 0c 0b 10 42 4a 66 af 72 3f 51 38 24 ef a2 9a da 9d 4f dd 8c 80 df a3 53 ce 73 6f ea 93 8c 73 4c 26 bd 82 41 fd b8 ae ab 6d 30 75 50 28 f7 b4 9d d6 79 77 de 7a 72 b1 80 43 b5 7e 3d a8 6a 15 99 60 2e 28 26 2a 20 1f 23 24 23 27 2a 2a 2f 2f 2d 31 02 01 03 0d 09 0e 1c 19 1f 08 05 09 19 15 1b 15 12 17 33 31 35 39 35 38 10 0e 13 f0 a3 99 2c 2e 37 34 29 26 ff e9 e4 23 25 2f 39 2f 2b 17 0d 0e 3b 3a 3e ff e4 e0 ff d5 cf 2c 24 23 ff d1 cb ff d9 d3 25 1e 23 f4 bd 73 ff dc d8 29
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTE5/0DNm1,/802###)=E_nxti",*.BJdhD#BJfr?Q8$OSsosL&Am0uP(ywzrC~=j`.(&* #$#'**//-1315958,.74)&#%/9/+;:>,$#%#s)
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 51 43 cd 43 8a f6 59 41 7e 5f 65 4c 73 fc 09 5b 65 d3 8d 5e da 23 69 7a e6 4e 86 19 64 1f 2b 94 7b ef 19 65 b5 cc 5d 4c 3b 8d 7f bd 1a b3 6b 17 b1 37 ee 43 78 6b ac 51 77 fc 26 d2 b3 76 c3 e4 57 f0 c9 d0 67 6f 8a f1 33 e4 24 81 bd af cc b4 2a 16 23 7c 31 e7 d7 23 7a 86 be b0 b6 29 12 39 73 fe 8c a5 42 71 fc 49 e7 21 4a 2f 97 e7 ca 63 a8 3c ad 77 64 1f 42 d9 85 6a ef 3b 43 ad 41 74 c7 85 55 2f 21 ee f0 0d 21 f4 f7 fc c1 98 e7 cc f9 a0 42 59 06 f4 2e b1 c9 94 5d f4 bd b9 d3 d1 1d d8 85 26 f3 93 4c b2 6e 46 77 2e 7a 74 15 f1 56 4b d4 6a c9 aa 55 6a 09 91 1f 16 f5 59 82 e7 ad c1 b2 72 a0 7f 25 72 85 b3 e8 a5 98 be d8 ef 8e 17 9a cc 8f 53 70 46 07 6d c6 1c a8 5a 25 91 48 4a f5 fa 6a 87 c3 1b 08 ec d4 af a7 ab ec 9e 2e 9f cf 63 b5 36 2f 2f 2f 2f 57 aa 6e 27 0f
                                                                                                                                                                                                                        Data Ascii: QCCYA~_eLs[e^#izNd+{e]L;k7CxkQw&vWgo3$*#|1#z)9sBqI!J/c<wdBj;CAtU/!!BY.]&LnFw.ztVKjUjYr%rSpFmZ%HJj.c6////Wn'
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC2615INData Raw: ae ca 9b 56 a8 21 2a fa 2c f4 16 0d 37 a7 07 5a cd 41 98 b8 43 7e d7 60 9d dd ef 7d c4 49 21 91 c7 eb ab e5 78 97 32 51 80 97 45 28 49 17 50 69 7c 39 1e d1 27 22 f2 c4 37 70 37 53 f8 84 dd 90 f7 db 3c 5b de 89 e9 32 21 26 4c 64 9c 14 67 76 21 05 93 1f 5c 77 b5 4b fe 3f fd de de 1d ad cb d2 c1 ce f7 fb 76 4f 91 26 53 62 38 b0 9a 8b 74 a3 5e bf 49 58 af f1 d3 06 55 e4 e9 b2 e0 7b c8 a1 4d d3 95 00 76 da 27 e4 ea 82 ee 91 f9 d2 86 fb ed 12 9a 5a 4b dc e0 78 bd 35 02 1e 2a f4 45 23 38 45 b4 66 9d c0 47 22 9e 08 fb a4 28 c5 37 26 96 67 74 00 8d 8e e4 ee 79 3c e2 51 0f 5d 60 6b fe e4 8e d8 44 0a 84 45 f3 73 e5 48 d7 1a 7f 28 c5 f9 48 9e 83 a9 4a 28 00 78 92 92 a0 bd 03 fb 4f f2 32 73 4d fd aa a6 26 d0 f3 fd be f1 99 99 59 c0 cf 87 78 82 fc a6 e9 ec 62 54 70 9d
                                                                                                                                                                                                                        Data Ascii: V!*,7ZAC~`}I!x2QE(IPi|9'"7p7S<[2!&Ldgv!\wK?vO&Sb8t^IXU{Mv'ZKx5*E#8EfG"(7&gty<Q]`kDEsH(HJ(xO2sM&YxbTp


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        196192.168.2.749929203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC387OUTGET /im.qq.com_new/de9c920b/img/role-xx.0c154e87.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 35304
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:01 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b3f65e07-d6ca-4c59-b836-d47425d21907
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 44 36 31 3d 35 32 3b 35 31 34 2f 2d 3a 32 2f 3d 35 34 e0 7e 71 3d 31 2c 3f 33 2d 22 23 24 27 26 26 45 36 2c 29 28 29 e0 a7 99 24 25 26 8c 6a 57 f9 a6 9c 79 63 4b 4b 48 51 eb 90 86 f9 b9 b3 ff c6 bd 71 68 71 fe af a2 7b 69 34 fd c2 b9 7b 71 37 c6 81 5d fd c4 b8 71 68 71 d3 54 43 fc ac a3 7e 73 3d fb c3 bb cf 84 73 d7 85 7d 8c 77 7c 3e 2b 20 40 2d 21 43 2f 23 39 29 21 3f 2d 25 44 31 26 3c 28 1c 36 26 1d ed cf c4 ef d1 c6 3a 2c 23 33 28 21 26 1f 1d 32 23 1d 01 02 05 1b 19 1a 06 0a 0c 23 1a 19 48 33 27 2d 24 1d ec cc c1 2a 21 21 2f 25 25 1e 20 22 22 26 28 34 28 28 2b 30 32 30 34 36 14 17 18 f2 d4 c8 25 2c 2e 0c 11 14 2b 29 2b 48
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTED61=52;514/-:2/=54~q=1,?3-"#$'&&E6,)()$%&jWycKKHQqhq{i4{q7]qhqTC~s=s}w|>+ @-!C/#9)!?-%D1&<(6&:,#3(!&2##H3'-$*!!/%% ""&(4((+02046%,.+)+H
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 51 af 48 be a1 cd b1 22 33 14 ee f5 08 e8 1a f1 c8 23 7e 69 ab 37 5a 20 e2 96 90 03 1e 87 3f 6d 42 75 e0 e4 e4 e4 48 eb 91 ff a4 5b 83 69 22 e8 87 b6 ff b5 00 07 39 cc 81 6e d8 91 6c 2d bc 05 5f ae 40 ae 22 27 ac 14 7c 5d 3e 1f aa 22 95 47 f2 63 61 77 67 c0 8b 41 b9 dc 8c e6 72 f9 e0 68 b6 89 38 6c 12 37 a3 a1 44 b6 f0 3f 87 97 0d 35 03 f1 87 22 2b 72 d9 29 5e 93 28 f8 b6 5a a3 ef eb cd 05 e1 be 5a b9 44 e3 dd da 35 06 59 d3 0b aa 05 6c ad 92 c5 71 22 dc 6b b8 9f 36 1f ae 71 98 77 66 7e 14 d3 69 62 e4 cf 7d b7 51 42 d8 ba 5c ce d0 43 f8 fb c4 95 54 08 5c 29 43 a0 4d 4b 71 92 92 41 19 67 70 df 89 f9 dd c8 8f b6 dc f3 7a 3e af aa aa 39 9e c5 65 07 ea f6 60 36 4d 50 96 9d 43 1e a5 de c2 1b da 01 b7 48 cf d2 87 8a d0 bd 70 75 55 6d 2e 16 e2 1f 5c 06 4b 69 ac
                                                                                                                                                                                                                        Data Ascii: QH"3#~i7Z ?mBuH[i"9nl-_@"'|]>"GcawgArh8l7D?5"+r)^(ZZD5Ylq"k6qwf~ib}QB\CT\)CMKqAgpz>9e`6MPCHpuUm.\Ki
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC3069INData Raw: 6e e7 d7 6e e3 ed ee a0 35 6a be b0 59 ad 57 85 fd 36 3d 7c 25 5e 85 46 d4 8c c9 47 5b cc 02 b6 8f 0e e2 75 cb e3 e1 9e 66 33 f4 bc bc c6 09 77 94 80 0f 0b c1 77 d7 ae 1d 9e 9c bc 8e 12 af 01 fc 2e 35 ca fd 73 a9 51 b2 f1 1b e0 21 ae ec 91 4b 69 14 3c b0 0d 3c a9 31 d8 94 bb 97 31 d7 83 dd 1b 64 fc c2 3b 0d b2 61 ae 82 af 84 45 a9 93 d5 c4 88 a5 48 1e d4 1e 7f 6e bb de 1d 8e 9a ef 7c 55 a9 c8 7b 80 27 9d 42 9a d5 04 19 03 5f 24 41 1f 46 d5 61 7b d4 6c 6c 94 d6 18 2f 95 b8 28 00 e0 37 b7 d7 d6 d6 a2 a8 b9 d9 a8 53 18 6e b6 5b bd 6a ae 5c a3 12 8a 74 69 b8 90 9f 4b 42 5e e4 c1 4b 99 6c ef f5 9b 27 27 27 64 35 7c 24 a7 57 05 7f 4e a5 32 da 69 16 1d f8 59 03 ef 2d 1e f0 19 0f 3e f4 f3 dc 06 9d 0f 83 6e c0 9d f3 24 e0 0d ba fe 3f b0 1b f7 f0 d2 73 5c a5 3e 2f
                                                                                                                                                                                                                        Data Ascii: nn5jYW6=|%^FG[uf3ww.5sQ!Ki<<11d;aEHn|U{'B_$AFa{ll/(7Sn[j\tiKB^Kl'''d5|$WN2iY->n$?s\>/


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        197192.168.2.749926119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC664OUTGET /im.qq.com_new/de9c920b/img/room-7.814d1434.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 64395
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:02 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 2cda27e5-e83a-4c62-9798-44edbf2af790
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 19 08 03 00 00 00 ca bb 25 d0 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 94 94 94 b9 b9 b9 70 70 70 52 52 52 85 85 85 e2 e2 e2 b9 b9 b9 d7 d8 d8 bf bf bf a7 a7 a7 c2 c2 c2 c5 c6 c6 ce ce ce cd cd cd de de df e5 c5 ba e6 c7 bc e4 c1 b5 e3 c2 b7 e6 93 9b e1 c1 b5 e6 92 87 e2 be b3 eb 9a 90 ea 98 8e e4 c5 bc e4 bf b3 e4 94 9c e6 c3 b9 e9 9b 90 e8 93 88 e2 c3 bb eb 9d 91 e5 c2 b6 e0 bf b3 e5 90 86 e7 c5 bb ed 9b 91 e5 c0 b6 e7 c8 c0 e7 98 8e e9 cb c5 eb cd c7 e4 91 9a e8 c9 c2 e3 91 87 e6 95 8c e6 94 89 df bd b1 e4 c6 c0 e7 c5 bd e2 bd b0 e5 94 89 e2 8e 84 e7 ca c4 e9 96 8c e6 95 9d e5 98 9e ea d3 c7 e6 c3 bb ec cf c9 f1 d7 d2 e9 c5 bd ee d3 ce c9 c9 c9 e5 c8 c3 eb eb eb f0 d4 d0 e0
                                                                                                                                                                                                                        Data Ascii: PNGIHDR%PLTEpppRRR
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: 3d 20 1b a6 a5 4e c7 3d 52 55 78 24 65 ba 1a d1 e9 03 55 62 0a a8 98 4f 69 3f 96 e1 b7 7a 26 ce ce 57 75 da 73 e6 10 3c 52 87 cc 01 c8 85 a9 ce 32 ea 7b 0d d3 43 fa a9 33 3a 65 61 2a d3 b0 0f b5 37 31 6d 0e 62 aa 3a bd 52 9d 5a a6 82 5c 72 24 1f 72 24 07 e9 ca 99 b8 e8 94 94 9b 66 19 61 ba d6 0c 3f 31 a5 7d a9 d3 55 ae 53 7b d6 56 ce 32 5c 8b e1 91 38 73 60 a6 ab b2 f6 a2 9f 2a d3 0e 1f 30 95 4c 9f 7d 6f 77 74 6f 5e 7b e7 91 69 5e 7b 2f 88 29 7c 2f 3c d2 f3 d4 4f 5b be cb b2 cb fb 29 be 8f fd 34 30 ad fe cb 7c 9a 98 be 08 80 d6 23 35 c3 7e ca fb d2 23 ed 67 5a 0b d3 6d d4 29 78 45 a6 9e 99 02 98 cb ef ae b8 3a 3f 3f 6d b2 1c c9 0f ee 39 3c 24 4c 9d 8b fd 14 fb fc de a0 78 24 cb 74 7c 96 e9 07 3a dd 24 9d a2 16 b3 47 b2 3a cd 5f 2c 17 a6 dc 51 d9 f7 16 3a
                                                                                                                                                                                                                        Data Ascii: = N=RUx$eUbOi?z&Wus<R2{C3:ea*71mb:RZ\r$r$fa?1}US{V2\8s`*0L}owto^{i^{/)|/<O[)40|#5~#gZm)xE:??m9<$Lx$t|:$G:_,Q:
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC16384INData Raw: c9 2e b5 cd bb 8f 00 34 1d 83 29 50 d7 3f 03 53 51 e9 45 97 a9 d6 31 ba f8 d6 66 eb d3 50 de 2b d6 1b 89 41 54 05 ca 43 02 e9 f8 bd d1 7b bb 0a 1d f9 62 be 23 fe de d7 9f eb 21 5d 95 06 a1 42 b5 4c 15 a8 59 8d 19 c6 5e 7b ed 2d be b0 b7 de f2 82 2a 4a fd e0 de d9 85 bc 1a 4c 8b ca 34 3b de 92 b5 4c 4b 39 6c 34 4f b5 fa a3 e5 27 b3 dd 0a 55 c7 0b 75 83 4d 26 63 74 da 55 a1 53 8f a9 d3 73 50 df db 56 a3 96 41 a8 32 37 a8 4c db ac 4e d7 59 a6 e4 48 f8 de f0 fa a9 f6 7b ed 9c 83 ea 74 95 7e af b7 57 91 bc d7 e8 34 c4 34 6b 65 aa 98 8e 77 67 8e c8 7c f8 fa 23 7b 12 fe 2c 28 4d 7e 61 8a a6 95 a8 8b 94 9e d3 d3 da 43 f0 e3 69 74 9b e8 74 bb e8 d4 32 e5 03 a7 4d ae 8b 69 11 53 38 3a 37 77 74 d3 5c 3d 67 6d 60 a9 b3 f7 de dc 2b ce 92 3c 49 e7 91 2c 56 35 61 5a 2e
                                                                                                                                                                                                                        Data Ascii: .4)P?SQE1fP+ATC{b#!]BLY^{-*JL4;LK9l4O'UuM&ctUSsPVA27LNYH{t~W44kewg|#{,(M~aCitt2MiS8:7wt\=gm`+<I,V5aZ.
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC15713INData Raw: a1 a5 a0 90 44 a7 3b 41 8f 69 11 91 2a d3 80 a4 44 45 98 e2 7a b9 3b ec 45 41 a2 10 75 cd 8d a7 30 8d 6c 1f 23 f1 a5 86 19 6d c7 e2 f9 b8 24 be 04 52 b1 ba d8 e9 d3 f4 18 2c 52 9b 9c 00 35 8f 52 c5 80 e8 a4 24 12 32 b0 a5 bd 78 74 5a 28 00 2c 65 90 32 3d b6 20 97 da 43 a5 72 b1 d4 61 71 56 3c f8 57 45 39 90 81 ea f5 d5 e5 45 c6 1a b4 67 8f 69 0b 09 93 52 c6 fd 23 32 cd af c2 94 19 87 ff fe d6 ad 62 5c b5 5a a6 9f f8 c5 7d 3a 48 33 33 10 a2 65 7f 54 34 ea 52 f5 99 22 dd 6e a8 b6 a3 44 b0 5d 90 79 ad 72 55 9e b1 41 cb d4 bc 31 4c d3 3c 60 4a 58 8d f6 55 d7 16 4b ae 74 5d a9 56 2c d3 7d ea d3 e4 9b 3f 14 77 27 53 40 6a b6 ef d7 43 81 54 e8 19 4c 2b 79 98 42 92 2b 3e d4 78 a3 28 d1 69 11 b6 e4 2d ca d3 5a da cb 91 92 83 db 43 10 8d 09 d3 78 9c 97 62 dc a4 46
                                                                                                                                                                                                                        Data Ascii: D;Ai*DEz;EAu0l#m$R,R5R$2xtZ(,e2= CraqV<WE9EgiR#2b\Z}:H33eT4R"nD]yrUA1L<`JXUKt]V,}?w'S@jCTL+yB+>x(i-ZCxbF


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        198192.168.2.749933203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC387OUTGET /im.qq.com_new/de9c920b/img/role-jy.26b790ff.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC665INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:02 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 35833
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:02 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 53f032d988b7384bbb92912c8f54483a
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 24317a17-1f30-4003-8545-f18b3eda7111
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC15719INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 a4 93 a0 b7 a4 b1 84 74 76 ce b6 bb d8 c9 cc eb e8 eb dd d0 d7 e7 e2 e7 84 74 75 bd a1 af d0 b9 c5 89 76 78 e1 db e0 c9 bd ca e9 e6 e8 ea e8 ea 9f 8d 97 9c 85 8d b6 a4 b1 74 7b 74 8c 64 66 ec ba c3 e6 d8 94 f0 c3 68 cd 82 88 e5 bb a0 d4 a4 4f 64 93 80 d8 86 a4 71 9c 07 f0 ee f0 ed eb ee eb e7 eb f0 eb e6 e8 e3 e9 e2 dc e3 e5 e0 e6 c4 e8 dc de d7 df ae dd cd e9 b4 ac ed e5 e0 e9 a2 d0 bf e5 d8 b9 e3 d4 b4 e0 d1 e5 9b cc ec a8 d5 e3 a5 9d c1 ac a9 ea b8 b3 ea e0 da c6 b2 ae bd a7 a5 e8 a8 a1 e8 9c 90 e8 9f 96 e0 94 c6 e6 ae aa e5 90 84 ba a3 a1 d8 d2 dd e8 a4 9b 30 21 33 a9 da ca e6 da d2 28 1d 29 cb b7 b2 e1 9e 97 a7 94 90 e8
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTEtvtuvxt{tdfhOdq0!3()
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16384INData Raw: 62 07 05 7d e1 70 0b c3 b7 0c 0b fc b0 6d 83 c7 e1 75 38 5c 4c 6f b5 ea 56 c3 f0 e2 9e 05 77 81 87 bc 2f a9 f2 e8 35 99 9b 22 2f a4 19 f0 ca 39 81 de 5e c9 ee 59 72 c9 da 27 be 68 37 78 86 6b 4b 59 4e 7a 4f da bf c9 5f ce ee 12 f8 8a aa 9f ae c4 f8 11 e8 c8 7a b5 db e1 82 13 45 d4 1a 04 bc c8 97 50 e0 2f 5b f5 b0 dd ee ae ae ff 00 35 f5 c9 c8 39 b1 63 82 1b 56 1a 23 ca ad c3 28 b8 6f 00 bc c7 e3 f5 92 bc 4b 65 5e d3 eb c3 2c 7e 05 a1 4f b6 fc 49 97 6c 1e 19 bf e2 9a 9b 00 5f a9 e0 13 fd d1 84 7a 0b 7a 05 1e f4 3e 5f 36 6d 28 fa 9e 5b e0 f2 78 9d 05 ff 90 79 7e 4d 35 78 ea f0 8e be 09 74 e9 ae 6d f5 c8 ba 87 d9 51 70 ef 07 3c c9 5b 82 0d 4f f5 20 f0 ab fa 2a 2a ec 6e 5b 43 75 3d d9 4b a7 91 3a 65 f5 8a cc c0 70 17 e4 b7 77 0e 53 21 f0 36 b7 9b e5 41 6f 97
                                                                                                                                                                                                                        Data Ascii: b}pmu8\LoVw/5"/9^Yr'h7xkKYNzO_zEP/[59cV#(oKe^,~OIl_zz>_6m([xy~M5xtmQp<[O **n[Cu=K:epwS!6Ao
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC3730INData Raw: 4c f6 7b 6a 08 fd 55 10 f9 e7 22 f9 3d ac 41 f1 0c f3 15 93 cf 2d e3 25 a5 34 9d f1 78 2c ec 45 f2 49 62 d3 3a 57 ab 09 64 32 8b 87 84 c9 e5 13 9f 3f 4c c8 4f 21 7a c4 ac 9f de dc 86 e0 fd 50 76 8c 5a a7 8c ae a5 fb 71 58 3d b4 55 e3 2a 78 09 ac bb 7e 82 78 f1 f5 b3 19 5f 3f c2 c9 26 8d 06 c8 43 f2 dc 16 ef c5 cb 2a 1c 7e dc c1 43 3d de 8c ad 04 9e 17 43 da 2d 9d 51 3d 36 1a aa d9 24 bd 7c 05 aa 96 8d a3 08 bf 4d a1 26 d8 79 ae 20 4f 72 95 ac 87 2c 49 c0 b7 d1 a3 7a 7b a7 45 52 7a ae a0 bb c5 d3 83 6d fe 78 be fa fa b9 f4 94 bd c8 95 2b 3b 2f bb dd 9b 4a 8e c7 d6 fa 30 24 bd 73 18 8f 97 39 14 9e 89 e2 d1 02 cf d4 59 f1 52 a0 c9 4b 42 a9 9a 7f 8d 07 07 9d 20 87 2f 39 e9 93 d7 76 03 e1 8e f8 61 05 7e 7e 3f ae 3a da 3e ab e4 e9 70 b8 53 6b 70 3d 90 4d c4 1b
                                                                                                                                                                                                                        Data Ascii: L{jU"=A-%4x,EIb:Wd2?LO!zPvZqX=U*x~x_?&C*~C=C-Q=6$|M&y Or,Iz{ERzmx+;/J0$s9YRKB /9va~~?:>pSkp=M


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        199192.168.2.749934119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC664OUTGET /im.qq.com_new/de9c920b/img/room-8.c0d3424b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:03 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 58441
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:02 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 3ad3bce8-c805-4d21-858a-fb5ad13264da
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 07 07 07 d7 d7 d8 95 95 95 7a 7a 7a c5 c5 c6 b7 b8 b8 b3 b3 b3 ce ce cf c0 9b b6 c2 9d b7 7a 71 a5 bd 93 af 81 75 a9 82 71 a3 bb 97 ae bc 98 b5 93 7d aa e9 e8 e9 b8 91 af 99 81 ad c3 9a b6 88 77 a9 7f 6f aa bb 95 b1 8c 7a a9 c7 c7 c7 be 98 b0 bc 9d ba ae 8d af ce ce cf cd c3 e5 89 76 a3 8f 79 a6 e1 c4 fc a7 88 af b6 9e bb 7c 6c 9d 9e 88 b1 b1 92 b3 6e 66 99 b7 96 b5 a1 83 ad ae 4d ad ff 71 c5 89 70 a0 74 69 9c e8 cb fe 71 6d a1 5e 6a ce ad 99 e7 c0 bf bf b4 8d ae ad 9d d6 c3 bb e0 a4 8d b6 0a 72 95 93 3f 96 87 43 b0 85 73 b3 c1 93 e6 44 49 b2 69 75 d4 a0 46 a2 2d 91 b2 4b 52 ba ba 55 b7 aa 72 d6 8b 84 ac b7 34 9e e0 dd e2 0a
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEzzzzquq}wozvy|lnfMqptiqm^jr?CsDIiuF-KRUr4
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16384INData Raw: 13 e1 dc f0 c9 a7 86 32 4d cd 9b 9e 84 49 a3 e5 22 4e 4f 36 14 0a 05 30 8d c7 e3 60 7a 4d d7 76 20 9d 8b a7 af 4e 5f 70 fb 99 97 9c b5 75 83 e7 53 3c 65 fa 07 17 6e fb 7d fa fc cb cf 72 56 5c 90 fe 2c 5d a4 17 b5 ea 5d 62 53 03 4a 35 02 28 a4 54 fd 3e 0d f1 d4 28 77 c4 aa 50 dd f4 5b 48 46 aa 63 ed 0c be 8a 74 fc 4d f4 01 a5 a9 e4 b0 f2 4e e7 e1 84 29 1f b2 11 91 69 82 ab 26 44 34 36 a1 da b8 86 50 b9 8b 49 d1 58 32 a8 d5 cd aa 44 d5 a5 2b c6 5e 63 2a f6 e4 2f 01 59 4b a4 20 2a c1 f7 20 4d a4 66 d2 3d 24 aa 8d 40 97 47 33 4f e7 1a 26 e6 db 26 72 a3 81 13 42 ed 1b 9b eb c3 fd 3b a2 e5 28 90 f6 de 5c 28 0f 0e 1e 55 22 d3 60 7c 20 d2 04 a6 93 7f 0d f5 20 9f fe 7d fb d6 2d 2f 3c 2d 4c 1f 46 80 fd 63 ee 83 2a e3 d3 4f 5e e4 62 ed 9f 7e c6 d2 41 6d 38 b4 a1 52
                                                                                                                                                                                                                        Data Ascii: 2MI"NO60`zMv N_puS<en}rV\,]]bSJ5(T>(wP[HFctMN)i&D46PIX2D+^c*/YK * Mf=$@G3O&&rB;(\(U"`| }-/<-LFc*O^b~Am8R
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16384INData Raw: 33 7c 69 73 7e b7 e6 a1 d6 ba 0c 18 dd d4 55 51 a6 1a 5c 39 fa 45 a4 51 2d 83 44 e5 cd 8e 15 56 86 6a 9b 9a 96 5a ef dd 9f a6 95 cb b2 5a a7 9a c4 64 e1 07 7e 03 3f 87 46 a1 2a 6b 0b 35 35 8a 9a 4e 7f 86 a3 17 6d 9f 89 c4 94 8b bb db 31 1d 9d 60 b3 8b 8e 74 64 d7 a9 d1 51 31 4d 64 0f 2b f3 b6 97 9e cb a3 7a bf 8a 2e 0b 28 df 20 4a 1b a4 92 6e 2e 6a a6 2c 5b 08 44 b5 5d 0b 4f 92 b2 14 75 70 ec 96 b1 17 71 21 07 55 11 38 6f 7b f9 f2 a2 9c 4b 32 aa c1 98 39 25 2a 39 25 df 78 e7 22 03 0a a4 9f ce f4 35 36 d5 b5 e3 ff 1c 35 25 97 ab 9a a9 ab 72 f8 8b c5 87 1e 21 7d a3 05 25 41 e5 b6 9f a0 4a 79 64 f7 aa 2c 99 53 90 a2 f4 8b 70 b4 1c 14 a4 cb 0a cf 09 2f 0e 8d 9e f9 ea d4 74 ba 00 53 6e 85 af 2c b1 35 5e f8 45 d4 f4 67 9a fe 40 51 36 bb d3 ef bd 37 3a c5 c6 37
                                                                                                                                                                                                                        Data Ascii: 3|is~UQ\9EQ-DVjZZd~?F*k55Nm1`tdQ1Md+z.( Jn.j,[D]Oupq!U8o{K29%*9%x"565%r!}%AJyd,Sp/tSn,5^Eg@Q67:7
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC9759INData Raw: 06 8a ba 31 97 a4 be c6 40 8a 35 ed 9d 41 98 5e c5 ff 35 66 41 fd 0a 67 c0 c2 9a ff 3e fc ec b0 db ae a2 1c 1e 45 34 54 6a 0a d2 10 2a cf b0 68 68 1f 49 cb 93 e2 bf c7 a9 2a 22 77 7c ad a3 42 b4 1f a2 24 65 79 ca b2 5c d5 1e 14 6f d3 4a 80 53 bf b6 3b 81 ac 12 35 95 e2 f3 e5 d1 48 17 25 53 2b 53 0e 14 47 d5 de ee 16 fe 9f a1 fb a5 5d f2 7e 8d 6d fd 7e 3e 84 4a 4e 5e 10 d2 ef 3e 8f 56 fa 9b c3 5d eb b6 6d 6b 4f ab a8 3b 08 ea 44 03 b5 26 73 e3 06 3b 69 db 18 6a 72 6c 12 9e 6b d6 5b 4d 8c 75 99 28 c8 47 3b 50 37 c4 14 a2 61 53 2c 0d be e2 db 6a fe 9c fa 46 ba 8c 28 ba 63 a4 82 3f 94 93 47 6e 52 09 12 42 25 df 43 07 5e 8a 86 62 ca 61 fd 87 d6 56 b9 b5 2b 5d 95 21 fd e9 29 0c bb 24 95 a3 66 81 55 4e 68 4b 10 55 fc 02 fd f4 fd 78 2d b9 74 bc 8c 59 4d 24 4a 30
                                                                                                                                                                                                                        Data Ascii: 1@5A^5fAg>E4Tj*hhI*"w|B$ey\oJS;5H%S+SG]~m~>JN^>V]mkO;D&s;ijrlk[Mu(G;P7aS,jF(c?GnRB%C^baV+]!)$fUNhKUx-tYM$J0


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        200192.168.2.749935203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:02 UTC386OUTGET /im.qq.com_new/de9c920b/img/room-1.25daaddf.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:03 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 50879
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:02 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: c9fe5ce2aed2e18ec36b3d825fcba485
                                                                                                                                                                                                                        X-NWS-LOG-UUID: d71359c8-fe3b-4ecd-8292-b24f77d1e8df
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC15758INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 00 00 00 94 94 94 6e 6e 6e b3 b3 b3 e2 e2 e3 a7 a7 a7 c6 c6 c6 be be be b6 b7 b7 cd cd cd c4 c4 c4 d8 d8 d8 cd cd ce bf bf c0 c8 c8 c9 d9 d9 da bf bf bf d9 da db eb e0 e4 ec e1 e7 ee e3 e7 ee e3 e4 f0 e6 e7 e9 de e3 e5 cc e6 c7 ae cf a9 85 c7 e8 d0 ea c5 ac ce ac 88 c8 ad 85 c7 d7 c7 e6 e5 c7 e7 ca ae ce e8 cb ea c8 af d0 e9 d3 e9 af 89 c9 e7 c8 ea e9 c3 eb e3 c4 e6 e3 bd e7 e7 ca e6 ea ce ea d0 bf e6 e9 c5 eb e7 cf e6 e6 c2 eb af 86 c7 e3 c1 e7 e4 bf e8 d5 ca cf b5 a3 d7 e3 b4 e7 eb eb eb e5 c3 e6 e7 e7 e8 e8 ba eb e5 d4 e5 ea d8 e8 c8 c8 c8 e3 b8 e7 e8 be eb d9 c8 e7 cd bd e5 b0 8c c9 e6 b6 eb c4 b1 dd c1
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEnnn
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16384INData Raw: 61 f4 de ab 3a d7 bd 12 70 4d 4a 36 8a 61 d3 64 8e 1d 98 ea 02 32 03 8a 73 69 fa 9e b7 df 7e f1 ed af cf 3b ef c1 d9 c9 c9 25 03 aa 3e cd 56 0b 66 51 60 65 a6 0b 3e d3 86 8b bd 20 0a fd 48 4c d5 9b c3 03 3a 7e 51 a2 b8 5c 71 e5 f9 d7 25 40 d5 08 dc 3e af 86 68 fd 71 4d 8a 62 89 71 36 2d f3 56 68 39 4e ab c2 d2 3c 3b aa 74 23 d7 34 04 d3 19 6e 20 19 4c bb 8c 82 e9 ea 35 92 23 a9 86 35 bf d6 db 74 ff 7c a0 c6 34 02 d6 a4 4f 57 2e cd 61 4d e7 ec db d0 3d b3 60 b1 34 60 3d 06 f1 69 5c cf 32 cf e6 77 e1 9c 13 30 c5 58 06 52 a6 53 44 12 87 69 c5 a8 10 98 9e 7f 9d 50 4d 06 1b 74 96 3a 36 f7 ad 5e 4a a0 9a 8c d5 9e 20 b2 a9 44 5f 58 56 b0 46 0b e6 54 01 3a ca dd fd 8a 71 34 aa 12 9f 89 69 47 9f 26 7e 3f 38 92 e6 5f 67 a6 05 9f 69 a6 5a 67 a4 de 88 14 d0 26 27 e6
                                                                                                                                                                                                                        Data Ascii: a:pMJ6ad2si~;%>VfQ`e> HL:~Q\q%@>hqMbq6-Vh9N<;t#4n L5#5t|4OW.aM=`4`=i\2w0XRSDiPMt:6^J D_XVFT:q4iG&~?8_giZg&'
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16384INData Raw: 1f 39 ce 08 c4 52 2d 0d 8b 4f 95 69 91 4c 85 b4 d0 0f 84 2a 42 a5 84 ea 9e c4 3d 27 f5 79 bb f6 1a c5 82 61 23 af 3a a1 1e bd 65 a7 0b bb f9 05 88 4a f5 f0 4f df 91 e9 27 6f 24 d1 ca 58 a6 e2 4b 6e e6 c1 a7 d6 bd 0a 95 53 42 2f 3d c3 d1 7e 78 aa 10 aa 10 15 a4 97 5b 75 82 a6 5a b5 44 3e 95 d8 2b 44 15 68 11 51 ee 20 d4 a3 2d d4 f2 e3 4e e1 ca ec d7 f6 3c 7f de 79 ad 6b 57 af 7d 71 c8 68 ad ec fd bf fe fa eb 8b 81 6b 6e c1 c9 e4 3d 1f 76 2a 53 2d 91 e0 d3 30 56 9a a0 f7 7f b4 6f d4 90 6c e7 1a 23 bc 77 18 a6 78 8c f6 9c 54 80 c4 f8 6d d8 4c 8e 16 2d 68 fc ca ce 8f a4 9c 5d c4 67 7c 2c c6 69 c3 f4 c8 84 df a4 2a d9 01 7f 0a d1 66 21 2a 54 1d d3 ad 0f 1b a2 0a 52 89 92 f0 0f 3f 7c f2 c6 1b 64 3a ca 45 2d 96 a9 da 34 0f 55 eb de 3c 57 2c 10 a5 51 4f e7 0c 38
                                                                                                                                                                                                                        Data Ascii: 9R-OiL*B='ya#:eJO'o$XKnSB/=~x[uZD>+DhQ -N<ykW}qhkn=v*S-0Vol#wxTmL-h]g|,i*f!*TR?|d:E-4U<W,QO8
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC2353INData Raw: c7 0d 3d 4f 78 ff a2 23 14 9f 6d 0b f0 8e da 5f d3 aa 2e 5b 8d 87 a3 20 0a b2 fc 62 1a 45 23 e5 f9 b3 a9 bc 0d a8 32 c2 cc fc 78 5f a1 2e d8 40 9a 50 19 1a 38 7d 77 e1 5d 4b af 8b a9 4a 82 a0 b8 a8 92 64 80 79 83 c5 a9 f3 2c da bf 2c bd 91 b6 70 6d db d7 7c d2 cd 0a 17 f3 32 7f 98 97 93 f1 28 04 d3 59 b8 7e 7a 75 6b 6c a0 9e b5 22 90 2a 65 a4 52 e9 a5 c4 fb cc 0c 8e f4 35 55 cb 96 f4 43 aa 31 75 07 e7 68 87 9c e4 19 31 3d 00 a2 70 d2 f3 b4 7f f9 0f 7a 3c a1 39 25 60 a1 8a 04 1c 0f 55 54 5c 42 d3 6e c1 93 9e 67 d3 ad 4f 9e 85 4a 08 6d 6f 68 78 ff bb 30 a5 20 bd a7 e7 6a 31 4b e6 69 32 2f 3f db 94 d0 88 41 6e 30 2e 6e 2b 35 d1 01 8a 7b 49 4e d4 66 4d c0 52 2e 4c 07 41 54 d2 7f 53 19 85 1c a7 33 2b 63 a8 06 29 46 b0 a8 6b f8 0b bf 19 c5 48 9f c5 84 10 92 b4
                                                                                                                                                                                                                        Data Ascii: =Ox#m_.[ bE#2x_.@P8}w]KJdy,,pm|2(Y~zukl"*eR5UC1uh1=pz<9%`UT\BngOJmohx0 j1Ki2/?An0.n+5{INfMR.LATS3+c)FkH


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        201192.168.2.749931203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC387OUTGET /im.qq.com_new/de9c920b/img/role-sd.a5b9101b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:03 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 35683
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:02 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 530e33fe-de40-4e03-a3b7-80c73baa67c0
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 78 00 00 01 78 08 03 00 00 00 69 43 12 94 00 00 03 00 50 4c 54 45 00 00 00 e0 cd d0 e0 c3 cc cd 6a a9 e8 17 a4 fa 20 ab d3 27 99 fd 55 c3 e4 bf cd e6 c7 d0 3e 45 cf e6 c9 d2 2d 2e b4 f2 40 ad 92 46 81 e4 c7 d1 e1 bd c9 99 1f 67 fe 50 c5 76 21 53 fe 3d c1 bf 34 8b e4 1a a3 98 69 80 94 6b 7d 34 3a be 37 3e c4 88 5f 70 d6 1a 98 a5 04 6c fa 10 b2 35 39 bf c4 92 a5 d5 9f b1 fc 5d 72 f5 58 6d b5 00 76 7f 1d 52 5e 22 42 b8 01 78 2a 08 48 8d 0a 5e e8 d3 da e6 c8 d1 e8 cf d7 e6 cb d4 f2 d6 d3 e9 d7 dd e4 c4 cd ff 83 94 ea d5 dc e7 c0 cc e5 bc c9 f4 d7 d5 e9 c8 c4 ec cd c9 e7 c3 be f0 d1 ce ea d9 df ff 5a 76 e3 d2 d4 e5 b8 c6 ff 7e 8f 6c 46 56 ff 6e 85 f4 cc cc e3 bc b7 e8 c4 cf ff 88 99 f5 d0 d1 f1 c7 c7 92
                                                                                                                                                                                                                        Data Ascii: PNGIHDRxxiCPLTEj 'U>E-.@FgPv!S=4ik}4:7>_pl59]rXmvR^"Bx*H^Zv~lFVn
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16384INData Raw: b4 cd 14 f0 1e 94 aa ae 04 fd 3f a1 df 0f e8 3c 93 24 cb f7 4e d3 d8 20 47 70 87 d9 b3 1b c3 6f bc f1 c6 df de b8 79 73 b1 08 02 77 3a ca 57 4a 8f f7 e6 cb d4 aa 7a c1 5d 18 5e 26 4d cc e3 0e 25 19 78 e6 ce 5b a7 4a c5 14 33 78 a9 95 13 1b de 2e 6e 1b 5e 6c 6c 86 d8 57 da bd c8 55 7c 26 fa 1a 37 65 8d b1 78 5d 67 e6 71 f0 39 eb d5 6a 16 e0 4b f3 14 78 90 6f 19 22 cb 57 72 07 0f ee b9 fe bf bd f1 e3 af fc f8 2b 5f f9 f1 1f 1f bd 71 73 b1 12 dc ab 40 9d ce f7 e1 2f 0a c0 97 4e 4c 07 a5 e1 69 5e c0 fb 4f 18 da 25 15 f8 67 76 da 95 df 21 bd 58 95 6a 9b 15 d9 0f ee 06 78 39 36 b0 b4 79 71 9c cc 22 c9 d3 1e 14 b2 46 57 57 2d d0 4f 74 7d 29 6f 8a 60 09 4b e4 ab 28 e5 a7 3b 8a 98 7b 6e 53 f8 ad 47 8f 80 1d 62 f6 6f f9 8b 9a f6 f3 71 56 02 0f e5 55 f5 22 68 b4 e1
                                                                                                                                                                                                                        Data Ascii: ?<$N Gpoysw:WJz]^&M%x[J3x.n^llWU|&7ex]gq9jKxo"Wr+_qs@/NLi^O%gv!Xjx96yq"FWW-Ot})o`K(;{nSGboqVU"h
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC3448INData Raw: 4f 05 bc 91 2a 97 0b 66 ba a4 0d 5f 5a 98 78 71 ea 3c 37 21 00 5f 6c 6c b7 ed cc 4d 12 fa 89 f9 c2 6a 56 fa 5e c3 97 de fd 6b fa 9a ba 95 bb 04 bf fc 11 26 34 6d d5 1a 3c b8 3b 85 ea 1f a0 9c 51 dc 1f 5d 49 26 19 3c a6 07 b7 b6 0a c7 d3 d4 62 76 fe 71 64 7c c5 f1 6d fe 0e 51 c7 63 4a a9 0b 93 20 7b 9a 17 8b 1d 16 c3 17 03 5e 0a 74 64 bb 27 46 59 83 b0 01 f9 78 4c 80 0f 91 ed 73 46 ae 42 1e dc 67 67 0d 1c 52 d1 4f 1a cc 37 f2 04 9a 8d 39 b6 7d ea ec f6 a6 f0 bd d5 f8 8a fe df f0 f7 29 bf 7b 54 d4 18 fc 37 26 ee db dd 15 8e af 5d d2 68 ee 00 0f a8 92 fb f1 33 8f 9e 71 1e da 20 f0 47 e6 93 3d e0 2e 04 f6 12 3c 39 9e 05 f0 c5 fc 20 2c cf dd 93 ad 88 1a ab e7 61 f8 70 06 f1 12 88 c7 7d a6 19 8c 53 b8 7b 03 44 3e 1a 12 e0 f9 a6 35 67 06 41 5e 73 9f db e0 5d e0
                                                                                                                                                                                                                        Data Ascii: O*f_Zxq<7!_llMjV^k&4m<;Q]I&<bvqd|mQcJ {^td'FYxLsFBggRO79}){T7&]h3q G=.<9 ,ap}S{D>5gA^s]


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        202192.168.2.749932203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC386OUTGET /im.qq.com_new/de9c920b/img/room-2.47e8b6d6.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:03 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 57652
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:03 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 46d09b84-8b45-49e5-afdc-0832c52db12e
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 02 fd 50 4c 54 45 00 00 00 00 00 00 00 00 00 d4 d4 d4 bc bc bc 6e 6e 6e 9b 9b 9b c9 c9 c9 e2 e2 e2 b9 b9 b9 bf bf bf b4 b4 b4 be be bf a8 a8 a8 d8 d9 d9 c6 c6 c7 cf dc d7 d4 df dc cd db d6 d8 e0 dc df de dc e2 e2 df d2 dc d8 e2 de dc e6 e1 df dc e1 dd 01 85 72 e0 e0 dd e4 e3 e1 d7 dd d9 00 82 6f ea e2 dd ca de da e5 df d9 db dd da 02 89 75 c3 da d6 e8 e3 e0 be d6 d3 ea ea ea c6 dc d9 fc fc fc c9 c9 c9 ff f8 d8 c4 c4 c4 e6 e6 e6 a8 b8 a1 ce ce ce 99 d9 cf ed e3 df df de d8 4f 91 7b 42 8d 77 a5 b5 9f ff f3 a2 11 86 73 a2 ca c7 ef e5 e2 cf e2 de e6 df da 46 91 7b 9e da d0 ea df d9 a2 b4 9d 1e 88 74 3b 8b 76 ac b9 a4 27 8b 77 15 8b 78 57 90 7a 2e 8a 75 f9
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEnnnrouO{BwsF{t;v'wxWz.u
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16384INData Raw: 6a b7 6d 99 66 59 de 4a b3 c1 91 b0 41 16 15 59 01 a8 a2 0a a7 0e 2f a4 d4 61 cd 9b 45 36 3f 56 31 91 35 b6 32 c9 f4 e9 39 d7 bd 0c 94 67 a0 a6 cc fe cb 39 d2 b9 6a e2 15 d6 a9 4c 0a 7b 89 c0 c6 f4 39 52 71 42 a5 4a f1 5a a6 20 aa 91 26 57 7a 3b 2f a8 c7 ce 9d 3b 3b 3d 40 8d 97 e2 8d b8 36 93 29 d9 a2 85 ba 45 23 c7 60 ea f5 98 79 3a fd d4 65 8a 24 21 a8 aa 65 30 31 85 f5 49 a5 30 f3 69 d0 cf f2 32 cf c7 7f a4 55 7b 40 42 05 55 1a c5 70 d2 85 8b 86 a9 b6 2a 8b 95 99 ce 8e a7 7e 09 5a cc 91 c6 62 e6 d0 cd 39 c8 7b 8a 43 f1 b4 22 d9 c8 53 7e bd 7b 8a 1b 1a 12 33 f5 d7 48 6b 16 aa 4c 1a a9 00 7a 4c 02 bd 41 1a 7d e1 f0 85 c3 1d b2 c3 e3 64 9f b6 74 c4 54 db 4c 9d c2 62 52 42 ac 7b 41 95 4a c3 3a 9d ca 14 54 d3 8e 66 3a 4a f3 41 1f 24 1d a5 62 db da b6 4a 6d
                                                                                                                                                                                                                        Data Ascii: jmfYJAY/aE6?V1529g9jL{9RqBJZ &Wz;/;;=@6)E#`y:e$!e01I0i2U{@BUp*~Zb9{C"S~{3HkLzLA}dtTLbRB{AJ:Tf:JA$bJm
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC16384INData Raw: 90 85 8a c2 f6 9f 49 54 91 60 6b 7f 5b 3d 52 2b 44 81 94 22 53 a9 6f 03 d8 7b 91 44 d5 1f 7b fd 3e 25 e0 6c dc d2 ed 3f cd f4 3f d3 56 19 d3 65 2a bf 65 2b 8e 2e d5 ed a8 7e e5 6c 56 f6 fd cc 5e 6f b3 fd a5 08 db 5f 06 b1 0a 1b b9 f4 97 66 46 2d 10 9a 9e 05 d1 9b 30 29 a3 ae d1 6c 2a a6 54 0b 99 52 07 bf f0 85 83 be 62 a9 41 db 54 7d 92 a9 8e a7 a0 6a d2 a8 3d bb 01 5f 40 55 1a c0 88 ca 9e 49 fd 4c 09 b5 30 ec 87 1a 16 6d c6 49 ff cb d3 77 86 01 d5 b3 ea 7c 2d 2a a5 7f a1 73 c4 44 ca 2a 78 b2 f6 b7 8d ad f8 83 84 10 f5 98 5a 47 ca 91 c0 46 1a a3 bb f6 d4 3b 10 e6 09 af ee 55 3f d5 fd af f9 34 93 22 44 87 29 bf 07 f2 cd e8 d3 2a 63 2e 13 54 a3 51 b8 d2 24 52 ee 3a d4 4f 8f 19 94 19 b5 70 4e eb bf 46 d4 8c 5a 96 f4 18 a0 7b 92 47 d7 66 3a 10 d2 4c e3 1d 14
                                                                                                                                                                                                                        Data Ascii: IT`k[=R+D"So{D{>%l??Ve*e+.~lV^o_fF-0)l*TRbAT}j=_@UIL0mIw|-*sD*xZGF;U?4"D)*c.TQ$R:OpNFZ{Gf:L
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC9033INData Raw: 4c e3 b2 7b db 3b ea 43 af 4f a6 88 d0 6b 21 d5 e3 ca ed 2e e4 31 b5 2b 86 56 c5 a4 00 8d 89 54 ca 23 fa 37 a5 d5 e4 b8 46 bc 00 92 af 18 5b 5c c4 45 3e e5 86 9c 8a ec 1a 0f d7 b5 76 e7 f7 00 94 04 aa 54 9a 92 37 79 10 76 53 6d 5d 5d 5d 8c 37 e1 64 48 df 9a d2 6e c1 37 97 e9 6d c6 b4 fe da d6 56 23 4f c7 61 48 00 49 a8 9c 25 08 41 69 86 b3 26 2f 03 35 bc 08 db be 92 11 90 56 6a 41 e9 06 21 f2 46 71 fa ca a9 8e 69 ad 98 66 91 8a 68 48 a6 11 e9 6c a5 d3 38 6a f3 1c a3 c4 3a 87 29 8d c0 8e b5 a4 b5 5f 5a 7b ad 25 63 6b f7 ef 17 54 f3 d3 6a 95 ca dc 89 98 46 9f fa a2 cf 43 75 af 7a ee 1e 29 a1 99 54 6a 48 8b 0a d3 29 02 2e df a5 6b c9 a9 34 92 da ba 6e e8 32 aa 45 54 3f 36 9a 59 67 ce 39 16 7c 63 95 04 d3 81 29 53 8c 69 86 7a 4a 4e ed 1d 22 9f 42 11 a8 5e 1c
                                                                                                                                                                                                                        Data Ascii: L{;COk!.1+VT#7F[\E>vT7yvSm]]]7dHn7mV#OaHI%Ai&/5VjA!FqifhHl8j:)_Z{%ckTjFCuz)TjH).k4n2ET?6Yg9|c)SizJN"B^


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        203192.168.2.74993643.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC875OUTPOST /speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 699
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WebKitFormBoundary8xWtlQCSzmDWMJDM
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC699OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 38 78 57 74 6c 51 43 53 7a 6d 44 57 4d 4a 44 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 61 79 6c 6f 61 64 22 0d 0a 0d 0a 7b 22 64 75 72 61 74 69 6f 6e 22 3a 7b 22 66 65 74 63 68 22 3a 5b 5d 2c 22 73 74 61 74 69 63 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2d 72 65 73 2e 71 71 2e 63 6f 6d 2f 77 65 62 2f 69 6d 2e 71 71 2e 63 6f 6d 2f 71 71 39 5f 31 30 38 30 2e 6d 70 34 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 22 2c 22 64 75 72 61 74 69 6f 6e 22 3a 31 36 38 39 39 2e 35 2c 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 74 79 70 65 22 3a 22 73 74 61 74 69 63 22 2c 22 69 73 48
                                                                                                                                                                                                                        Data Ascii: ------WebKitFormBoundary8xWtlQCSzmDWMJDMContent-Disposition: form-data; name="payload"{"duration":{"fetch":[],"static":[{"url":"https://static-res.qq.com/web/im.qq.com/qq9_1080.mp4","method":"get","duration":16899.5,"status":200,"type":"static","isH
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC134INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:03 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        204192.168.2.749937129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC442OUTGET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:03 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        205192.168.2.749938203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC382OUTGET /im.qq.com_new/de9c920b/img/bg.252a624b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC534INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 793290
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:03 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b33dce26-0711-4650-b9b8-7aa219513ab3
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15850INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 0f 00 00 00 06 ba 08 03 00 00 00 47 2c 7d cf 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 35 35 37 eb ed f2 e5 e7 ec 54 55 57 e2 e5 eb d9 db e0 6b 6c 6f c5 d0 e9 7d 7e 81 d2 d4 d9 ad b1 b8 cc cd d1 8c 8d 90 b4 b6 ba c3 c5 ca a1 a2 a6 ab ac b0 c8 cc d5 bd bf c2 97 98 9b d5 d9 e2 e4 e9 f2 de e3 ec 0e 96 d4 6b 6c 6f ff ff ff ee f5 ff f4 f4 f6 ef ee f2 f0 f1 f8 f6 f8 fc ec ec ed da eb ff e9 f0 fe e0 ee ff 00 9d ff ef e5 f3 e7 ed f7 19 14 0a eb e7 fe d0 e8 ff ea df fd e3 e7 ff e4 cd fc 25 1d 0e e6 d6 fd 0a 0a 07 e1 df ff e1 e0 e1 e6 e6 e7 dc da da c6 e3 ff e1 e8 f0 4f 4e 50 2c 2e 31 44 43 45 a0 9e 9e db da ff e3 c4 fb ff ca 06 eb d8 f4 5f 54 4e 69 5e 57 ce d0 d5 1b 1f 22 d6
                                                                                                                                                                                                                        Data Ascii: PNGIHDRG,}PLTE557TUWklo}~klo%ONP,.1DCE_TNi^W"
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 42 f0 9c cf 8c cd 43 c6 82 e5 60 31 58 1e 02 1f b8 70 98 04 9e 4a e6 a3 f5 f8 2c 89 a1 10 b5 1a 42 a6 5e 17 01 b6 44 c2 ab 5c d3 2b da 1c 99 f5 8c d2 5f 40 29 05 ee c3 31 fc b7 94 fe f2 26 e6 6b 40 b4 f7 74 d0 11 6d 13 d1 32 1b 0d 45 1f c0 7c c0 18 2c dd 71 53 c4 e8 1b db d7 39 d0 64 81 f7 a2 41 77 42 7d 9f 4c 3f e8 d2 22 e0 9e b1 24 00 03 ff 65 fd 57 4b c0 86 fe c2 e9 91 7f 2c ca bf ec 4f 89 2f 51 df 77 14 30 1e 4c 01 8a 59 b8 99 fd 9a 98 ae a2 6b 7d 0a 70 c5 d4 c5 b7 f5 d4 94 8e 09 b4 fd 8a c9 6e 31 15 9a d9 32 f9 33 75 e0 6e 09 bc 71 3a f6 ba c1 61 17 07 87 e5 76 36 8f 95 9f c4 01 4e 00 ce fc e2 0f dd cd 60 1d 54 27 a5 29 e7 46 d0 1f 29 1d 5a b1 2d 19 e0 58 53 3f df 91 3e ea 02 81 40 50 92 fc 4c fe cc e9 bf ca 85 91 b2 e5 f0 a3 6a c9 2f df 43 5a e5 e6
                                                                                                                                                                                                                        Data Ascii: BC`1XpJ,B^D\+_@)1&k@tm2E|,qS9dAwB}L?"$eWK,O/Qw0LYk}pn123unq:av6N`T')F)Z-XS?>@PLj/CZ
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 66 13 1c 13 33 d9 74 03 33 69 59 60 d6 91 6c 86 4e 9e 9f cf 75 e0 1c 39 72 4c fe f6 df 59 26 fd 1b 8b a6 d6 54 60 ef d5 22 40 69 b3 b4 f4 f0 73 2d 9b 2f 98 3f 7f de 75 9b 05 6f 5e b0 70 e1 82 75 2d 81 ed d9 81 7f 8b e0 3f d5 a4 a0 ee 81 4f 58 4d c2 ff 75 cc 39 b3 8d 40 de 0b 9d 65 35 d3 9c 0a 1b 99 9b ae 12 62 b2 43 1a a0 b7 af 19 1c 84 fc fb cc 33 cf ef d9 ba 75 eb a0 68 b8 b8 05 c9 72 e1 82 54 78 28 5a 1a 6c 4d 52 b1 ab 5d d0 2f a7 20 95 1d 0d b6 ab a2 d1 0d 6d 95 e3 c5 5d 0d d5 bf 7d 0c c7 87 99 e2 16 68 7f fc 97 f2 2f 4c b9 6f b9 d6 67 df 04 08 3e fd 15 87 b9 40 f8 ed cf ea 16 5c fd 2c 49 39 b0 42 0b 8f 07 bf 6b 0f 04 df 77 c9 7f bd bd 57 12 13 b1 da 9a 16 08 1b 91 27 32 60 25 bd 70 04 d8 8b 13 35 60 8c 02 73 06 18 1a b0 73 27 ff d2 dc 32 68 72 5f 9b
                                                                                                                                                                                                                        Data Ascii: f3t3iY`lNu9rLY&T`"@is-/?uo^pu-?OXMu9@e5bC3uhrTx(ZlMR]/ m]}h/Log>@\,I9BkwW'2`%p5`ss'2hr_
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 08 61 6a 8f 55 d9 19 c2 1f 65 49 85 42 38 ef 79 6a 7b 8f 45 3d ab 6a d6 07 7d 27 ea d6 7d ab 5e 73 dd 71 cb f2 17 d3 79 33 08 5a 8b c2 4e da 4d fe 4a 1d 38 47 73 3b b2 19 d0 87 9d 02 1c 78 1d 16 9c 0e 73 32 35 d5 4f 07 38 c7 b3 cb f5 9a 57 b6 5a 75 c7 5c 7d 81 80 b1 b6 b8 bf 3e 47 d6 75 60 18 67 12 f8 e9 7f eb 7e e0 5d c9 f6 da ef 4f f9 1f d3 e9 0c bd 0b 09 44 83 ad 32 c1 ba 22 f8 a9 28 fa e6 f9 cc 09 77 fc 52 fa 3d e4 37 09 78 ae a1 da 7f 1b aa c9 ec f8 5b cb 24 04 fb f4 d1 c6 d8 ff f1 e7 62 83 25 d0 fb 08 fb 4d b6 01 27 c7 5f 21 ea 3b 90 64 03 30 1c 43 da 7f 6f 61 da 0b 53 2e 66 be 68 00 56 4e c5 a5 d5 cf 30 9d fe ea e4 57 26 40 0b f3 7d 06 7e 99 06 cc 9a ef cf f5 cf ca 90 22 08 84 f3 22 91 83 ee 5f f5 b9 49 8c bd 02 c7 4a b6 48 24 9f 52 47 70 18 1d b2
                                                                                                                                                                                                                        Data Ascii: ajUeIB8yj{E=j}'}^sqy3ZNMJ8Gs;xs25O8WZu\}>Gu`g~]OD2"(wR=7x[$b%M'_!;d0CoaS.fhVN0W&@}~""_IJH$RGp
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 24 d3 5a b4 a6 e2 0f 4e 07 ee 33 6d 3c d0 5b ee 5d 41 0c 22 ad bd b5 62 e9 fb e3 73 66 04 f0 7d ab d7 d6 0a 42 7f 4d e0 36 93 9e 5f 1a b7 9f 1d 70 18 92 20 32 a9 0f c0 ce 8d 3e f8 26 73 9c 18 32 28 8c 28 01 56 a8 da 3b 4a 01 18 1d a0 b7 ad fe 1b 1f dd f2 58 e8 fb ef 15 10 42 82 11 61 21 f7 e5 1e 16 02 db ec d7 4c 00 96 56 50 32 04 18 0b 20 f3 3d 67 6c 92 2a 30 c3 8d 90 80 29 fd 62 d9 5d a0 e1 5c 5a 03 ac e2 af d4 ff 8a f0 6b 0e 96 89 0a 2c 95 c0 aa ff c2 61 54 7d 79 5b b3 9f 95 02 f3 8e 70 fe 6f 74 0d b0 aa bf f8 29 a4 c0 99 34 98 c4 5f 84 70 69 82 b5 4e b7 ec 31 c0 58 84 cf e5 4c 0b 8d 86 3d 3f 25 54 80 11 6c 09 f8 64 1a d4 df 13 4e 3f f9 24 65 c0 32 00 49 f9 af 92 60 55 80 25 0f da 18 c4 5f 2c 72 60 1a 05 60 96 00 9f 41 e7 46 fe 2b 81 b0 e7 20 31 d8 29
                                                                                                                                                                                                                        Data Ascii: $ZN3m<[]A"bsf}BM6_p 2>&s2((V;JXBa!LVP2 =gl*0)b]\Zk,aT}y[pot)4_piN1XL=?%TldN?$e2I`U%_,r``AF+ 1)
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: c6 74 8b a0 dd 5f db 77 dc 66 b9 f7 f2 bc 97 be fe e8 79 f0 ef cd 1d ff 77 c3 e3 5b c7 cf 09 ff 82 80 c9 c0 44 e0 03 21 83 c0 b9 6c c7 04 f6 d9 aa f9 f6 67 9e bc a2 f0 ec cb cf 1e 3a 3a 8b 7e d0 e9 7c 9f 0b 77 97 cc b5 48 b7 23 3f b5 b8 d8 69 03 3d 0f 23 fa ad db 5e 9b f7 41 c4 06 8f 09 ca d1 f2 92 d9 6c c6 68 18 f7 5e 24 a8 64 23 cb b5 32 54 1f c1 c7 71 2b 5d 6d a8 50 af ef 5f cd f6 f5 25 c0 f7 b2 45 69 86 91 2c 82 84 e5 4d 85 91 ac ef 65 d0 17 8b 3f 47 1a c5 ff 76 12 16 58 65 c8 74 1c 60 bb 12 5a 3d 63 e7 93 f5 d3 fe c2 79 60 f7 5c 1d db 5f 29 fd 86 c3 ec 23 10 d8 f6 80 d7 d4 a1 fc cb b1 fc ef 19 03 16 1e 68 a0 5e c0 2f 25 ed af ba 56 3c 77 b6 c6 1f 49 63 99 2d 4c 2f 2c e4 e5 b9 d9 a1 69 d3 2e 7a 76 7c ba 74 64 fb f8 7c 20 5e 4d dc a1 5a 55 a0 bb 6e 6f
                                                                                                                                                                                                                        Data Ascii: t_wfyw[D!lg::~|wH#?i=#^Alh^$d#2Tq+]mP_%Ei,Me?GvXet`Z=cy`\_)#h^/%V<wIc-L/,i.zv|td| ^MZUno
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: e0 13 10 58 b0 d5 62 68 26 ea 78 04 87 d7 09 1e 23 04 13 81 a1 31 0c ca e6 60 0f 06 e3 03 62 03 c7 a4 b2 59 42 16 8b 8a 21 fd 10 ab 7b a3 bc 51 69 a5 d0 ef 4a f5 7e 6d 8d 02 79 11 40 47 f2 2f 12 41 7d 0c c1 a4 ec cb 5b 8f 18 2e fd 4a 96 ab 8f 44 4f 31 d9 37 fe 72 ca 23 e5 03 7f 39 98 84 7a 91 21 ad 62 37 6b 0c 5b fa bf 6e 29 34 84 d4 23 0b 46 3d 0e 63 92 f2 67 83 bf 98 a4 5f 8f f6 6c ff f1 df ad f7 5d 32 fc 1b 2e 57 67 f9 d7 89 c7 b1 6d ae 81 f1 d4 64 9c e6 6b 16 17 23 95 e5 27 65 26 87 26 43 58 8b d5 45 2b 48 4e 14 4b b5 9a 85 ef 4e b2 14 0f 74 b4 89 e5 b8 0a 34 d4 b6 e8 18 d2 62 03 18 d3 83 c0 2a e5 5f 4f 09 f4 66 0c 9b 80 3b 1e 70 47 1d cd cb 07 3e 60 99 bf 23 b5 aa 53 2d 00 e6 d8 88 41 00 be e8 8e 17 9e bc 65 7a fa 8e 17 3e 9c 79 eb ad b7 ce 5a 73 26
                                                                                                                                                                                                                        Data Ascii: Xbh&x#1`bYB!{QiJ~my@G/A}[.JDO17r#9z!b7k[n)4#F=cg_l]2.Wgmdk#'e&&CXE+HNKNt4b*_Of;pG>`#S-Aez>yZs&
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 82 55 c7 a6 6a 53 fd 54 73 30 3d 55 99 2a 4d 16 8a bc 17 29 d5 1a cc 95 a6 5b c9 d4 a0 56 e8 27 77 dc 72 39 29 8f 23 a3 63 58 47 af 4b 6e fd 4c ea 9e 23 30 f0 b5 3b ad c0 4e 72 46 47 5f 7d 18 e1 aa a6 ed 2c 39 f8 6e b8 11 d8 f2 3e b6 37 c0 22 ca c0 0f 6c ac 6e 7c 0a 61 b7 ba 83 2f 6c 58 e2 8d d2 6d 67 a9 b1 e4 0c ba ed 76 a3 ff 57 7c e0 08 ce 7c 12 e5 cf c3 b5 4c 68 04 f3 c6 10 0f 0e 29 f1 da 24 60 89 fd cd c0 38 e6 bb 62 2a 0f be 32 73 7e 7e 65 73 65 9e 5b 33 be d2 eb 8f f6 5c 99 04 92 5d af 16 ea b6 55 c7 75 c0 8b dd 42 a1 91 6d cf 54 8b f9 98 4f 04 60 ca b2 cb d5 c9 9a b6 81 fe eb 0c 9c 54 fc 35 c4 0b b1 fa d9 1d 42 bf e6 63 b4 be 48 c1 d8 19 f4 45 d6 50 06 56 ff 97 09 c1 55 02 e2 2a fd a0 a5 1b 34 83 08 ac 06 30 79 58 9b 60 61 32 4b 00 80 51 04 fd 3d
                                                                                                                                                                                                                        Data Ascii: UjSTs0=U*M)[V'wr9)#cXGKnL#0;NrFG_},9n>7"ln|a/lXmgvW||Lh)$`8b*2s~~ese[3\]UuBmTO`T5BcHEPVU*40yX`a2KQ=
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 92 5f d5 f0 6f cd f4 f8 23 ba a6 a9 86 99 2d 52 15 b4 ea 09 e8 ca 6a d2 d4 48 d9 4a c7 ad d2 bf 64 c7 ad 2a c9 dd 2c 98 1a 25 fe 42 72 6b fd 72 3d 40 79 cc b9 6c d2 14 2d b0 44 55 93 1a 30 54 4d f3 64 4b 9e 7e de f3 fb 0c 74 fb 2f 26 0d 99 b0 d8 fe ed 50 ff 6c 37 80 3b 9c ff 8b 49 a1 55 fc 3c a2 df 91 fe c7 3a e8 b0 01 21 5b b0 96 f7 22 fa 7c c1 60 2d 1d 8e e5 bd d8 93 0a 17 23 86 13 92 6a e9 e9 94 d9 db 01 be fd 17 e5 fa 1a 75 54 69 37 a2 56 2d 55 a9 e6 7c 30 84 57 ff cd f8 3b 5a 96 a6 8d 93 0f 2c 09 18 17 f4 31 9d 30 ea 7a 3c 93 b7 13 af 7b d7 90 96 9d c0 8c 8f 42 c5 8a 87 0a be 5c 22 9d c8 89 7b 1f 7e 1e 91 b2 62 f3 d5 66 3c 94 0e c7 6b b9 dc 7c ac 4a 6f eb c6 db bd b2 27 c4 fc cb f8 fb f9 6b 8b 9a 6b 1b 21 95 2d 60 f6 80 d7 44 3b ed 33 84 f2 e7 fd 56
                                                                                                                                                                                                                        Data Ascii: _o#-RjHJd*,%Brkr=@yl-DU0TMdK~t/&Pl7;IU<:!["|`-#juTi7V-U|0W;Z,10z<{B\"{~bf<k|Jo'kk!-`D;3V
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 48 ff 6d 91 fd cb ce 4d 56 2f f6 e8 60 5e d1 c6 bf 45 21 2b 99 a9 ed 5e 71 1b 99 cd 07 fe b9 13 f4 2d db e6 34 7c ca f3 1e 7b 40 d4 3e ea 78 0b bd 7c af bc a5 c7 dd e2 37 ad 01 fe cd af 1d f9 3a f0 ef ab 67 9c f1 e2 25 b7 22 00 73 89 37 df 2c dc 2c 42 7c fa 81 3b de 78 f1 8d 37 7e fe f9 89 27 de 79 e7 9d 0f 1e 79 84 01 b0 f3 eb dd 4c 1c 80 ef 43 1b be ff b2 ec c2 3f 3d 36 86 9a bc 7f 6a ff 99 aa 6d 4c 4e 4e ed ef b9 d5 fb 27 f0 91 3e 78 bb 9f 45 dc 85 61 94 0c e6 ef 98 29 aa b1 eb fb 6e aa 8a c2 c2 49 4f f9 7b 2a 29 48 02 09 26 27 60 14 ac 3a 41 18 3a 66 47 7c 1d f7 0d c3 b7 dd 7a ac 89 80 bb d5 5a 79 3a a8 5a 65 a3 e1 08 60 0b 87 75 ab 56 da af a1 8b 62 60 d9 15 a1 6f 71 1f 18 70 57 26 03 98 7b c2 4b 9f 81 ff 0c c0 e2 b4 67 ca 6c 56 15 71 ba 56 17 f1 a6
                                                                                                                                                                                                                        Data Ascii: HmMV/`^E!+^q-4|{@>x|7:g%"s7,,B|;x7~'yyLC?=6jmLNN'>xEa)nIO{*)H&'`:A:fG|zZy:Ze`uVb`oqpW&{KglVqV


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        206192.168.2.749941119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC664OUTGET /im.qq.com_new/de9c920b/img/room-9.348ed857.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 71635
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b93f2336-2eba-4f07-9cd9-045573b724f1
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 de de df 94 94 94 6e 6e 6e b9 b9 b9 c2 c2 c2 b8 b8 b9 d7 d8 d8 c2 c2 c2 a7 a7 a7 cd cd ce ff 5a 3a ff 64 41 ff 6b 45 6d 17 14 71 18 15 ff 5e 3d ee ea e9 ff 8d 7c f0 cc c5 ff 92 80 d9 b8 af ff 65 46 c4 ab 99 78 1c 18 7b 20 1a c0 a9 96 ff 52 35 e6 e6 e6 76 17 15 c9 c9 c9 ff 6b 4c ff 79 4c ff 97 87 80 21 1a 72 1f 17 ff 73 4b e8 c0 b8 ff 72 46 ef e4 e3 ff 89 75 ff 9c 8b ed c5 bd ff f7 ef c4 c3 c3 ed c8 c0 d4 b4 ac ff 7a 53 b3 1d 29 94 36 25 ff a2 90 b8 24 2b 67 17 15 ff 6f 53 23 62 4a c7 ae 9c bd a6 94 9a 22 19 cf cf cf 92 19 16 9c 3e 2a ff 83 4f 8b 32 21 ff c1 55 ff 8d 56 ff 82 6f 82 28 1c 86 2e 1e b0 26 2c aa 1c 29 7c
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEnnnZ:dAkEmq^=|eFx{ R5vkLyL!rsKrFuzS)6%$+goS#bJ">*O2!UVo(.&,)|
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 94 ba 8d 42 2e 4f 2e 5d 2b 3f fb 2c 58 b2 98 a8 a0 8a c6 44 3e 44 ca 4e a0 5b 58 dd ca ed 28 a8 9d 35 1b 54 5c ff 90 8e a5 39 fc 32 55 e4 d2 51 af 17 97 ea 07 5d 7c fa f9 7f 0b a4 ce 73 67 81 18 fa ca 8e 36 b1 ed 7b da 27 54 98 2e 66 fa 71 56 4d db 54 74 92 6e c1 ed 4a 38 bd 7a 3c 55 18 d5 33 f5 a0 dd a5 10 01 85 0e eb f5 6d ec 77 29 aa 93 57 b8 07 d1 04 53 69 54 e6 b5 77 2c d2 70 9a 12 ea 13 ca a8 83 54 24 01 67 58 65 53 3d 9b dd 0b 9b 1e 5c fb ea 97 a7 f2 d6 e5 cb 76 a1 b0 c5 48 41 74 84 71 12 50 ad 07 46 1a 05 c1 34 3f 3d d4 d5 55 dd 4c ed 68 a7 4e 02 aa a2 7a 6e 26 80 1b bc 47 e5 8a 06 5a f0 8d 7a e7 e6 82 be 6e 37 9f ba ef 9d 81 cf 8d cf 9d 99 a3 be 74 f0 1f 56 7d 4b 7b db bd 53 01 5c 81 be d1 34 ce aa c1 a6 3a a1 42 b8 ef 33 92 0e 38 db 0d f4 32 08
                                                                                                                                                                                                                        Data Ascii: B.O.]+?,XD>DN[X(5T\92UQ]|sg6{'T.fqVMTtnJ8z<U3mw)WSiTw,pT$gXeS=\vHAtqPF4?=ULhNzn&GZzn7tV}K{S\4:B382
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: da d3 df a9 53 25 54 a5 d3 33 6f 3e 3d a0 3a 3d 69 c3 74 38 6d 3a 65 a2 34 23 45 2b 90 63 e9 65 96 a0 d1 66 4a b5 0c 7e 80 9f 60 5a 77 19 46 18 55 0d 13 45 23 90 32 43 c5 d4 25 74 aa 99 fa fc 50 e2 d4 7f 19 3b d7 d8 36 af 32 8e 4b 7c 6e 2b 5a db 09 97 01 ae 21 89 2f 25 8e 66 14 95 5b 21 af 40 64 96 a6 68 18 39 56 23 a1 64 09 4d ea db ec 98 06 25 a6 2d c8 0e 28 91 d7 17 d9 c4 24 a6 38 65 72 64 83 62 90 56 61 22 2e 29 2a e5 4b 08 6b 91 ac 7e a1 aa 04 6a b9 ad a4 eb 0a 83 49 08 f1 7f 9e 73 5e 1f 3b 4e 93 3e 76 9d d4 cd da ae bf fc cf 73 39 cf 79 0e 9d 13 19 d8 a0 82 f7 f4 f4 32 b5 c1 6e e0 80 41 be bc 53 7b e8 43 27 19 15 10 ac 9a 1e 67 a6 cc b2 89 a9 53 4f f2 a7 76 d7 ca 2a d9 ca c8 42 d6 fd 4b f7 82 3d 9b 8d 47 4d 9e 70 2c 05 a4 49 dd 41 4c d1 32 81 1d 55
                                                                                                                                                                                                                        Data Ascii: S%T3o>=:=it8m:e4#E+cefJ~`ZwFUE#2C%tP;62K|n+Z!/%f[!@dh9V#dM%-($8erdbVa".)*Kk~jIs^;N>vs9y2nAS{C'gSOv*BK=GMp,IAL2U
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 97 66 4f 5a e9 0e 0d e6 27 ca ed 7b 5d d6 76 ab bd ad e0 b7 38 82 36 29 91 f0 f7 3b 53 ba 24 4a 1f e2 f1 6c 36 ee cc e6 b3 19 e4 bb 06 cb 65 5c 64 ed 47 69 d2 c0 37 97 95 28 49 ac a7 f8 7b 82 29 4a 22 3e bd b7 59 26 01 3a 37 d3 29 e3 14 4c 01 95 bd 2f 33 bd ad 08 71 2a 48 95 60 49 ec 6b 94 d6 eb 0d 2d 8a 48 51 fa 4d 4c ff 5e a7 78 78 7d d4 b5 5e e7 4a 26 6d fe 60 d1 16 f2 1b 62 cd 91 fa 1a df 1b 71 d1 24 02 f3 b6 2a 89 29 7b 6c c4 48 44 b4 86 69 a3 bc 93 31 41 a6 79 47 09 fc 86 65 a1 0e 0e 56 a6 bf 85 09 aa c9 ac c3 91 5d b7 48 2b 6b 23 23 23 c7 58 a7 20 2a 98 4e 9d 4b 0f 84 7d ea 46 8d 99 c2 5a 64 1f 28 45 4b 63 a2 7c fb a3 77 8e 6b c1 14 ad eb 26 07 33 5a 5b 76 3f f6 c1 a5 4c 9c 98 b6 79 5a d0 cb e1 ce f1 e8 7e 62 9a 4f 51 9f 2b 2a 44 43 8c 24 cc 67 7d
                                                                                                                                                                                                                        Data Ascii: fOZ'{]v86);S$Jl6e\dGi7(I{)J">Y&:7)L/3q*H`Ik-HQML^xx}^J&m`bq$*){lHDi1AyGeV]H+k###X *NK}FZd(EKc|wk&3Z[v?LyZ~bOQ+*DC$g}
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC6570INData Raw: 54 65 d5 2f 41 94 d6 4e 99 dd d1 a6 4d cb 92 f8 33 02 4d dc 52 a8 fa 64 84 f5 b4 67 81 14 48 fd d6 fa db 6b c2 5a 58 85 bb bb e7 15 2a 7c de 3c 50 23 fc c8 3e a4 8a d3 23 dd 86 eb 65 5f b4 d3 cc f2 a3 80 06 2a 93 1d ab f4 4d a6 73 7c af 5c 9d 77 c3 8c ac 20 0a 9e 96 e6 06 52 2a a5 2a c3 c3 b7 25 d3 e9 3c d5 bc 0b be 56 24 2a 9d b6 86 ca ac 21 55 f9 13 91 14 4a e2 55 de 5b dd 23 d0 8d 8d 8d f2 06 a0 3a a5 66 21 15 2a ed a0 3f 56 17 f9 7d c7 93 60 99 ed 9a 48 73 5b eb ef 08 55 42 f5 61 55 d5 ea 58 c8 74 c2 8a fe d7 06 9c df 3d 71 c6 f3 6e e3 e3 01 d3 29 98 92 5c 73 1a 1a 0b a4 bc 56 de 78 a4 9e 2b f3 26 66 c3 33 a4 cc 75 d1 46 94 d3 15 5a 91 95 db cd 7a 8c 3c 0f e7 89 fa b8 4a 99 16 45 6a 4c ad 46 2e 23 aa aa 2d 68 3c 69 9a aa fc 37 21 4f 59 b9 d6 8b b5 49
                                                                                                                                                                                                                        Data Ascii: Te/ANM3MRdgHkZX*|<P#>#e_*Ms|\w R**%<V$*!UJU[#:f!*?V}`Hs[UBaUXt=qn)\sVx+&f3uFZz<JEjLF.#-h<i7!OYI


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        207192.168.2.749943203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC386OUTGET /im.qq.com_new/de9c920b/img/room-4.4a2b7aa6.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 64325
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8638c45b-a285-41ae-a558-76d1ec3d8d5c
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 02 fd 50 4c 54 45 00 00 00 00 00 00 de de de bc bc bc d4 d4 d4 6f 6f 6f b2 b3 b3 9c 9c 9c c2 c2 c2 b6 b6 b7 d5 d6 d6 b6 b6 b6 d9 d9 da bc bd bd 86 d4 bf 7c d0 b9 81 d2 be 77 d0 b9 4d 4a 56 8c d4 bf 1f 62 57 e8 e8 e8 71 d0 b9 18 5d 52 7c d4 bf 88 d5 c1 5a 54 60 81 d6 c1 82 cf b8 6e a4 6b 13 61 4b 21 66 5a 51 4c 57 4a 49 55 5f 56 60 c9 c9 c9 15 64 55 cc d1 b5 c3 cd ac 57 52 5d 03 68 4e 1e 63 4c c8 d0 b0 07 5e 4c 04 63 4e 56 50 5a b0 79 40 c3 c3 c3 ce cf ce ab 5d 2b f4 dc c3 52 4f 59 b7 8d 62 c6 8a 50 c5 cf b5 d8 7c 37 f2 98 1f f3 cd 8b ba cd aa d1 d1 ad 18 69 58 bc 95 69 2b 64 4e 14 68 4e da 83 3c 10 61 52 e3 96 4c d2 70 30 df 90 47 f8 ab 32 b4 7c 42 bc
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEooo|wMJVbWq]R|ZT`nkaK!fZQLWJIU_V`dUWR]hNcL^LcNVPZy@]+ROYbP|7iXi+dNhN<aRLp0G2|B
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 85 20 ab 20 0d 26 4c 3d b5 11 dd 9d aa 2f 87 33 a0 ca c5 01 97 eb 34 36 ef 7d e9 ac c8 df 72 40 57 a7 93 02 d4 c4 92 16 cf bc 49 48 bf 9b ff 10 48 d7 e7 8e e0 0d 50 d5 e3 26 95 42 a6 f0 bc 1b ef cc cc 80 69 73 b8 fd c4 e6 91 bf 7f fa 72 41 57 d4 50 91 8a 8d df 32 32 02 99 82 e9 1d 98 01 1d 16 b7 3b 86 d3 ef 71 62 ef 78 ad d1 68 ce 58 34 ad d5 0e 7c 44 a6 39 a8 30 52 25 5b fb 8e 50 b3 83 59 c8 0d e4 bb 8e 5e 67 86 5c 28 56 c8 94 8a e5 e8 ca 09 02 93 52 2d 51 6a 52 69 e8 ea 93 69 2f 9d 46 a9 c5 64 96 b8 fd 33 dd ae 3d f3 b7 ec 62 d9 ea 3b 5c 02 52 f8 dd 0f 86 d7 d7 16 36 6f 7c fa a5 0f 00 75 13 2a 85 3e 37 47 f5 0d 09 d2 da 2d 58 08 bd 65 6d 7b b3 3d dc 68 3c b1 f9 85 ae a8 79 6a 54 ab 4d 3c 3a 32 04 99 c2 f5 22 63 ea 9f 80 df 5d 39 7c e7 9b 63 2b eb 4b 07
                                                                                                                                                                                                                        Data Ascii: &L=/346}r@WIHHP&BisrAWP22;qbxhX4|D90R%[PY^g\(VR-QjRii/Fd3=b;\R6o|u*>7G-Xem{=h<yjTM<:2"c]9|c+K
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 3e 9e 91 ee 54 44 65 50 9d 6a 42 8d 34 41 eb 9a 6a c8 42 6d 7a 58 8d 84 2f 33 ca a2 40 51 ff e2 53 7a 3e 7d 58 ec b5 58 8f 45 e8 41 4e 45 28 95 88 29 a6 41 20 1f 98 02 29 31 1d ec 18 e4 74 4a 19 35 d8 ef f4 e9 1b 05 39 e3 71 de c8 87 b0 51 38 db 33 7e e6 2d 08 54 d9 aa 17 8c ce 79 7f 50 3e 36 ed 92 54 ba f9 07 06 e9 25 41 fa 7c 59 57 1e 35 8e 1a 61 d3 08 12 69 b3 35 e9 c6 92 92 70 f6 e5 cb 43 d1 fc fc 60 fb 9e 3d 3f 57 a6 db ef 57 55 60 04 c2 8f 21 51 61 aa 48 2b ea 3a 7c 43 44 54 03 b0 0a 5d e0 33 36 ad 16 eb 5a 55 0f 1d 97 1b a8 64 54 de 44 83 ad 42 02 75 bd 89 be 0a 55 53 ea ea 42 40 25 25 cd ba c0 a9 08 c0 53 6f 12 d3 09 54 c0 d5 a4 37 03 0f ad 7b 2d 55 4e a5 c4 54 13 ea e2 75 6f ba 4f f5 ac 29 41 f5 eb ad cb 61 60 84 ba d6 e4 6d 64 9f 16 f5 17 c0 a8
                                                                                                                                                                                                                        Data Ascii: >TDePjB4AjBmzX/3@QSz>}XXEANE()A )1tJ59qQ83~-TyP>6T%A|YW5ai5pC`=?WWU`!QaH+:|CDT]36ZUdTDBuUSB@%%SoT7{-UNTuoO)Aa`md
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15706INData Raw: 23 bf 58 2d da 08 44 73 82 fe 84 4a 54 d5 ad 4c 07 07 dd 84 bb 0b 5b cc 77 b6 2f 45 d8 aa 75 23 1c 7f bd 34 cd 22 93 67 eb 4a 08 ea e3 92 15 79 75 f6 32 eb 16 e8 de ba 25 48 c1 f4 f1 71 29 64 94 e8 2b 10 a8 5e 58 c8 a4 d5 cd a7 29 ad 9e 62 aa 1b 08 2a 3f 51 15 aa ca b5 b2 d9 84 df fc 73 0e 74 a4 b6 23 99 56 e2 94 57 47 ec ad 22 d5 61 e3 1a 25 d2 76 2e c8 d5 a7 60 0a d3 2e 77 e7 a1 aa 01 18 a1 17 85 ae dc b9 75 aa 63 ea 2a 5f a3 96 1b 76 1f 69 bf 48 75 fe fb 58 ef 62 a6 01 3c 19 28 42 ae 63 34 c5 e5 47 d8 45 ee b4 ad 23 c9 a5 86 27 de 54 2b 2a d2 44 c1 0a 85 42 40 9a f0 a1 d4 de 83 3f fe 49 ec 70 7c e7 1d 6c 85 83 55 a1 30 a8 ba 58 65 a5 b0 2a 54 3e 0b a6 c7 95 a9 2e 83 ef 1d 39 72 83 e1 ce de 9a ad 7d 0c dd 78 cc 3a 3e e3 f0 e9 2b 9a 56 7f cf 01 98 37 bd
                                                                                                                                                                                                                        Data Ascii: #X-DsJTL[w/Eu#4"gJyu2%Hq)d+^X)b*?Qst#VWG"a%v.`.wuc*_viHuXb<(Bc4GE#'T+*DB@?Ip|lU0Xe*T>.9r}x:>+V7


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        208192.168.2.749944119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC665OUTGET /im.qq.com_new/de9c920b/img/room-10.de84dd3b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 55588
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b7a6faca-9023-4654-9280-7a2bc1947afe
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 94 94 94 6e 6e 6e b9 b9 b9 cd cd ce c0 c0 c1 c2 c2 c3 e1 e1 e2 a8 a8 a8 8f 8f 90 f2 e2 e2 ee df dd e1 c1 ba e9 e9 e9 e9 c9 c3 c4 a5 9d c8 ad a9 e1 bf b5 e8 c6 bf eb cd c7 90 59 4d c6 a8 a1 6e 4d 3b 73 4f 3e 92 67 74 c8 c8 c8 8a 54 47 8c 56 4b 95 5b 4d 97 5f 52 8d 64 71 cd b5 b5 99 62 55 c1 a2 9b c9 ab a3 c6 a9 a6 ce cd ce e6 c4 ba 86 52 44 ca b2 b1 c9 b0 ac cf b9 b9 ec d0 ca e3 e2 e3 92 5d 53 e7 dd dd 96 6b 77 c3 c2 c3 9c 65 58 bc 9c 9a df ba b0 90 56 49 89 61 6d dd aa 5d 9b 70 7b 78 51 40 84 5e 69 a7 65 56 7e 5a 65 a2 6c 60 e0 ad 5e ec d8 d7 78 56 60 db b5 ab cf bb be cc ae a8 d4 d3 d4 a6 70 65 c0 a1 9f 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEnnnYMnM;sO>gtTGVK[M_RdqbURD]SkweXVIam]p{xQ@^ieV~Zel`^xV`pe
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: ee 2a 46 36 93 97 94 94 68 42 3f 25 ce 6e 0a 25 4a 52 cf 69 56 e2 5e 55 a7 eb 33 2d 8c af d3 22 62 7a 04 9b 25 b4 53 53 ca ef 71 64 23 2e ca 99 da 87 d8 68 71 e4 e8 15 0a 8e be 46 64 84 75 14 4c 57 96 ae 2d ad dc b8 71 65 62 71 14 4c 11 11 a1 c1 d2 03 8d ba 67 74 46 54 05 1b 27 83 a7 08 68 1e 41 05 53 9f 1f a9 0c 33 b5 9a ac 95 83 93 43 b3 c7 ec ed 69 18 06 05 d6 7e 20 6d ed c5 b9 a0 b2 19 fe 08 1f d6 01 a6 06 62 0a 8e b5 81 27 2c 8f 1b 05 52 a9 d3 d4 78 4c a5 4e 45 18 9c cc 5d b8 e8 86 79 84 6a 37 55 1d ba 49 a9 b4 7a 9a 81 84 99 a2 93 7a 48 49 66 52 b6 7e 1b 94 ea 8a a5 50 a3 6e 87 52 98 c6 d7 69 39 98 6a 57 57 2a 4c 8f 08 a6 d0 ea 39 be 2b 04 c3 46 a8 31 08 cb a1 82 fd 95 c5 ab c8 48 97 ae 82 26 5e 40 0a b5 ae 2c dd 58 5a 5c bc 3e b2 e8 74 21 91 f1 7b
                                                                                                                                                                                                                        Data Ascii: *F6hB?%n%JRiV^U3-"bz%SSqd#.hqFduLW-qebqLgtFT'hAS3Ci~ mb',RxLNE]yj7UIzzHIfR~PnRi9jWW*L9+F1H&^@,XZ\>t!{
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: b5 9c 2d 0a bd 6a 48 2f f4 6d dc d4 d9 45 a1 cb db 84 07 8f a8 dc 07 fd 89 64 dd e7 aa ab 67 99 14 90 45 d5 aa 9c 07 02 2f 86 a7 89 7e b3 da 6d ab 76 c1 b2 7b 35 8b ea 12 47 56 78 a3 3e 75 49 e0 b4 a8 46 b9 8a aa 4a 49 50 3d aa 6b 8c 55 ab 62 fb 37 87 99 b2 84 e6 f2 a9 63 ba 54 4c 79 e0 76 4c da 21 82 46 8d 32 95 02 4c 31 bf 13 6c 84 b4 fb 8c 65 7a 2c ef a9 df ff e4 e1 4d 7f 23 4d a9 66 62 02 58 6f 76 77 6f ba 49 a4 5b 74 5d e6 c3 df fd e1 91 30 d2 43 21 a4 90 f1 ec a5 0e 26 88 ad 4b 11 76 77 6d dc b0 29 d1 0e a5 21 6c fc 09 e1 1c 15 3e a3 da 71 a4 12 c9 64 32 9e 88 c7 13 89 78 92 a5 ab f0 48 c6 f1 29 5f e1 05 84 3f 99 4a 7a 5f 39 e3 a9 c3 a8 b3 b3 6b b3 98 06 ae d3 cc 23 2d b0 51 6f 69 16 d4 28 5c 17 7c 65 54 03 b5 aa ae eb 2c 99 02 a3 f3 e9 17 1c d3 81
                                                                                                                                                                                                                        Data Ascii: -jH/mEdgE/~mv{5GVx>uIFJIP=kUb7cTLyvL!F2L1lez,M#MfbXovwoI[t]0C!&Kvwm)!l>qd2xH)_?Jz_9k#-Qoi(\|eT,
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC6906INData Raw: a9 bc 34 39 0c ca 5b 87 a4 e3 25 91 d6 14 b1 b7 15 3e 3d b8 5d dd 23 12 a9 3d 7a cf 33 6a f7 3f ad 22 a7 d5 4e 11 05 2b ea 9b 1e 4a 65 b5 cd a3 6a 08 be c1 b5 f9 30 1f 33 35 55 3f a7 d8 44 93 ce 7b c6 54 b0 b2 51 77 88 91 23 2f 4e 84 e0 21 c1 73 d2 05 bc be e4 6b 4c 0a 5c 63 0e 6d 4d 69 55 44 4f 29 5a 4b 60 1d 81 a8 bb 47 0d a5 7a af 39 1a 69 03 2a bf ab d5 8d bd b9 8e 84 4f 8d 13 c9 a2 85 27 2d f3 e0 0d af d6 fa 48 7f d8 65 93 42 f4 bd 0f c4 a3 77 4f ab bc 95 56 3d a2 01 ed da 60 0a 52 86 a8 89 6a 7e 48 5e 46 19 50 73 49 69 62 61 10 15 a6 8b 97 58 4e 06 52 70 d2 0b 82 28 66 a5 01 2a b8 0e a5 a2 21 3f f7 37 8e c8 b8 74 c7 0e 5f eb 10 d2 e5 3f 9c 53 00 3e 7a 55 dc c5 54 5e 57 b7 eb dc a5 f3 d5 2e a2 28 9f 42 66 9a b9 02 36 79 d4 48 43 be ab 34 88 16 a6 11
                                                                                                                                                                                                                        Data Ascii: 49[%>=]#=z3j?"N+Jej035U?D{TQw#/N!skL\cmMiUDO)ZK`Gz9i*O'-HeBwOV=`Rj~H^FPsIibaXNRp(f*!?7t_?S>zUT^W.(Bf6yHC4


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        209192.168.2.749940119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC665OUTGET /im.qq.com_new/de9c920b/img/room-11.1e3d5127.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 50531
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: dd1bdb21-b74e-43f2-960a-1c9820bcffa1
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 02 fd 50 4c 54 45 00 00 00 00 00 00 00 00 00 d4 d4 d4 ba ba ba 7a 7a 7a c0 c0 c1 b3 b3 b3 9e 9e 9e 52 52 52 b6 b6 b6 e2 e2 e2 b9 b9 b9 c9 c9 c9 c6 c6 c6 bd bd bd d7 d7 d7 d7 d7 d7 a0 d2 e0 ca df e3 c6 dc df a3 d3 e0 b2 da e3 ab d8 e4 ae d8 e4 a6 af bc 86 a2 b8 bb db e3 c8 bc be a9 af bc c6 de e3 a8 d4 e1 c1 dc e3 a8 d6 e4 ab d4 e1 c9 bd bf b6 da e3 b3 d6 e0 c2 db e0 bf d9 e0 cb a6 b1 bb d7 e0 b8 b9 be 8a a3 b8 af d4 e1 b9 d8 e3 b4 d8 e3 f2 da cf bc d7 e3 b7 d6 e0 dc ca c6 da c8 c5 ea ea ea e6 e6 e6 cc bc bd b5 b7 be d5 ca c9 8e a4 b8 60 5c 56 c9 c9 ca 5c 59 56 ce ce d0 aa b1 be 64 5f 58 cc cb cc ce c3 c3 c9 dd de d6 c6 c4 c6 c6 c7 d3 d0 dc d2 d0 d1 d2
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEzzzRRR`\V\YVd_X
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 28 29 17 eb 3f 05 e2 d1 f3 53 53 f6 5b df 81 5e c6 34 25 3a 14 29 d6 48 59 da cd 3d ca e2 90 3b f3 99 8b b5 91 e8 54 51 63 58 5a be 73 59 88 fe fa c0 53 4f 05 a6 a9 4f 2f b0 a0 2b 40 41 54 84 4f f4 aa b7 ea d3 ce aa d9 54 d5 7b 55 11 93 2a b8 ea b5 6f 83 8b 63 64 0a ab aa ce 5b 5b 33 b3 ae 82 a8 69 cb 90 be 9b cf 46 15 26 54 40 4d 7e 20 65 e7 3e e5 86 4f 28 b2 cc 6d ca 5b 12 ae 8a bb 9a 48 6d 46 8a 7d 61 65 55 05 0e 6d 4b 43 2e a2 2e c2 ed c9 96 48 39 23 5d 5e 16 a2 8b bf 3e f0 e2 9b 6f 3e 25 47 94 31 15 97 5a cc 05 51 20 05 53 42 4d a9 aa 08 35 a7 1a c1 1a 42 e9 9d b2 1d de 38 f4 56 71 86 d6 c4 b7 eb 5c d5 56 aa 98 c1 04 a8 f6 56 5f 20 65 05 90 50 a3 fc 2e 45 68 64 3e 35 93 12 29 f7 78 56 22 b5 ae 3c 91 a6 0f 7b 37 0d a8 b5 06 33 10 8d 54 07 89 9a 41 71
                                                                                                                                                                                                                        Data Ascii: ()?SS[^4%:)HY=;TQcXZsYSOO/+@ATOT{U*ocd[[3iF&T@M~ e>O(m[HmF}aeUmKC..H9#]^>o>%G1ZQ SBM5B8Vq\VV_ eP.Ehd>5)xV"<{73TAq
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 2e 8c fd 7d 0a ed 65 6a 16 cd 33 65 ec 35 8b ea 65 0e 95 d7 d4 2b 8f 5c 3b 36 71 f3 c4 c4 d8 d8 f4 23 ea 52 da 14 f3 a3 7d 63 3c 4f 1e 26 35 77 32 da e2 99 af c6 c6 46 da fa db 94 a9 96 4a c2 14 c5 91 d6 46 32 85 3e 49 a2 bf 3f b4 3b 91 12 69 5e 5c 36 06 5e 6e ef c8 3c 6a af 68 52 4d a7 5d 91 8a c8 c9 ff db a7 10 7f cb 98 36 c3 aa d2 83 c8 02 6b 4f 30 0d 98 10 8c 79 14 5a c0 e3 7d f7 dc 77 1f 5d 8a 41 0a b9 22 c8 46 6d 5b 6b 5a ac ca 0d 1b a2 a7 40 f4 82 f6 b5 95 ec 88 42 d5 b4 aa 12 ab 82 a9 5f dd eb 41 ea f1 a9 50 54 7e f6 0b dc 5c cd 67 ae 9d 02 51 5c a0 34 58 5f e3 cc 85 a2 d9 77 91 30 ed 6b ea 6b 73 7c ca 21 8b 43 57 ef 6d bc 5a 07 09 1a 48 19 7b 65 80 3a 33 b3 38 c3 91 4d 98 79 94 89 d4 41 7a 3e 47 a4 40 6a 42 e8 8d 29 52 2b 7b 2d 0a 1b 58 da f4 f4
                                                                                                                                                                                                                        Data Ascii: .}ej3e5e+\;6q#R}c<O&5w2FJF2>I?;i^\6^n<jhRM]6kO0yZ}w]A"Fm[kZ@B_APT~\gQ\4X_w0kks|!CWmZH{e:38MyAz>G@jB)R+{-X
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC1850INData Raw: 46 62 66 d5 b9 d7 08 cf 69 c6 c1 56 d5 48 3d 2b a4 c7 d3 11 08 ed b3 69 ff 45 d7 f1 64 af ad c8 ec 56 c7 73 ad c7 90 a5 9b a6 d4 8b 44 a2 29 07 34 0d 3d 4f 5f 9b 2b bb c5 a9 2f 29 a5 53 dc 9a a9 4e 39 08 51 4a bb 23 7a a1 90 9e ac f5 66 ef bf ab dd ab 70 dc bb c2 47 4c fd a0 70 ae ea 87 b5 d1 69 1c 4b 3b 92 35 23 bd ed 02 aa cd 39 d8 4c 6f d3 cb bd fa 05 53 83 4b 4b bb a3 42 21 0d cf 46 3f b5 0a 37 a6 40 45 2f 70 ff 47 99 b6 da eb d3 bd 25 a0 e5 99 fd f7 1c a8 66 e2 6f ab 6a 53 7f 2a bf 9f e6 ae f5 83 11 84 28 1d 9c 0e 44 7f 20 56 fd 55 38 5b 96 d9 ad 79 c6 e7 9c ec 96 06 aa 93 a3 95 8d aa 97 88 f5 6b b2 0a d4 9e 11 3d 17 c6 2f bf b6 17 2e 5b f2 d9 aa eb 12 33 7c 16 db cb 6f 75 ad 7f cd f3 f7 22 b6 db 5f 85 2b 4f 3b 40 4a 92 7f 31 fd 66 e9 f2 4f 12 b8 ed
                                                                                                                                                                                                                        Data Ascii: FbfiVH=+iEdVsD)4=O_+/)SN9QJ#zfpGLpiK;5#9LoSKKB!F?7@E/pG%fojS*(D VU8[yk=/.[3|ou"_+O;@J1fO


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        210192.168.2.749946119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC665OUTGET /im.qq.com_new/de9c920b/img/room-12.a1354ef0.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 53795
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 649f2dbc-48cf-4ceb-b422-2851f3313a34
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 bc bc bc d4 d4 d4 79 79 79 52 52 52 9e 9e 9e e2 e2 e2 b9 b9 b9 b6 b6 b6 c6 c7 c7 bd bd bd c4 c4 c4 d7 d7 d7 d3 d4 d4 af af af a2 a2 a2 ab ab ac a6 a6 a7 89 89 8a c9 9c 9c c3 94 94 c7 9a 9a cb 9e 9e c6 95 93 c5 96 95 c2 93 93 ba 9d 92 b7 9d 94 6c 51 46 68 4e 43 44 2e 2a 6e 53 49 ea ea ea 72 54 49 bc a4 9c b4 9b 93 6b 4f 43 5b 46 3b 65 4c 41 ca ca ca 58 43 38 64 4a 3e b6 9b 90 b3 99 91 bb a6 9f b8 9f 96 ba a2 9a e5 e5 e5 69 50 46 b9 a4 9c 75 58 4e c6 c5 c6 70 52 46 71 56 4e ea d3 cd 47 30 2c 5d 49 3f 6d 54 4e 68 4c 40 3e 2f 2d bd a7 9f b8 a1 98 38 2b 28 42 32 30 61 48 3c eb d7 d3 b2 98 8e ce ce ce 46 35 33 4e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEyyyRRRlQFhNCD.*nSIrTIkOC[F;eLAXC8dJ>iPFuXNpRFqVNG0,]I?mTNhL@>/-8+(B20aH<F53N
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 37 7d fc f1 39 30 3d 0c 9c 39 8a cd a6 09 1a 54 53 33 ad b8 84 69 cb 81 8a bb 68 75 a7 c5 e8 75 9a 65 a6 97 d3 1e d4 cd 1a 69 8f 8c d4 eb db 09 a6 2b 09 30 7d 7f 29 73 5b d5 9e 3d 7b aa 64 aa 99 b4 be 3e 3d 27 c7 d3 4d 9f 2f 60 db 58 5b bf e3 5a 30 b5 48 b6 56 99 29 f3 bd 4c aa 54 a3 7e 28 67 49 4f 73 a1 6a 1f fd 7a 91 95 b4 df ab 7d 57 db 55 5a 4c 01 06 4c c7 1b e2 c9 e9 50 74 c0 06 a4 d0 29 99 cb 72 d4 c2 86 04 6d c3 b8 81 fa 83 d3 b8 e1 7f f5 ab 09 c3 0c e3 f9 ac cc b4 f2 e3 73 1f ef ad 24 85 9a 52 d8 7a 9d 0b cf 38 30 12 0a 96 45 99 a2 e7 d0 48 bd a4 16 94 16 4e 85 a9 80 2a 74 5a 9c ea b0 a5 15 e6 e8 f5 19 c0 74 89 74 3a d1 54 db f4 50 75 15 d9 6e 4e 75 0e 2f 20 c5 ca ea 0b 9b 9b be 60 c0 7c 6c fd 98 b7 86 b2 24 3f eb e6 43 9f 32 57 79 0f cd 37 aa 72
                                                                                                                                                                                                                        Data Ascii: 7}90=9TS3ihuuei+0})s[={d>='M/`X[Z0HV)LT~(gIOsjz}WUZLLPt)rms$Rz80EHN*tZtt:TPunNu/ `|l$?C2Wy7r
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 94 21 0a 5a 30 e5 f3 fb 0d 1f 48 61 d9 74 bb 5c e9 52 2d d6 c3 54 a3 8a f5 99 42 a1 0c fb c5 c4 72 93 23 d9 d5 42 22 48 82 f1 a4 38 de 9a 91 2f e3 30 53 28 1c 5f cf c4 69 ad 21 a4 d2 67 df a6 29 a3 8e 98 7d ef a9 f1 54 23 a9 86 50 dd 4e 36 4f b7 84 a9 62 65 a6 6a ed fa 36 6c 53 0d b1 34 26 9c b9 08 8c c0 9a d8 de 6e 4f 56 fa d9 1c 64 41 42 30 12 c1 26 06 a6 52 5b 02 53 82 12 07 52 b7 b4 d7 8c c5 cc d8 3d 84 ea 58 2c 8a 63 22 26 ce 80 06 e0 e3 45 1a 0c 26 a1 bb de 29 d5 9c 21 63 94 2b 8d ae e2 ee 61 d6 f7 0e 18 df 7b 35 c8 94 c2 e9 b2 98 5f 6c 57 bb 54 b3 39 fa ad 36 b1 61 cc 36 04 4a 6f d5 6c 6e b7 6a d2 2e 65 45 82 29 aa 8b f4 68 8d 54 fd 2c 99 69 aa 1e ff b0 98 76 71 33 8d d5 d5 02 66 ae be 69 5b 46 75 2a 39 d2 2b c5 d3 de 32 83 d2 3d 11 4f b7 ca 5d a6
                                                                                                                                                                                                                        Data Ascii: !Z0Hat\R-TBr#B"H8/0S(_i!g)}T#PN6Obej6lS4&nOVdAB0&R[SR=X,c"&E&)!c+a{5_lWT96a6Jolnj.eE)hT,ivq3fi[Fu*9+2=O]
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC5113INData Raw: 23 e2 c9 95 6b 3a 4a ac a7 ba 98 fd 77 a2 a9 ba 02 d5 e2 b5 0b a6 ed 1d 48 ff 53 b9 50 62 b9 d0 7e da fc d9 5a 5e 23 ae 9a 5a d3 52 b6 1b b9 83 5d 02 a6 24 e9 a8 68 6a 67 21 12 c5 fe 42 a0 4a c9 8e ed 9a 8d f1 d4 dd 6f 0b 1d 7c 43 bc c6 02 56 e3 69 be 17 04 a5 2c ba 0c bb ad b8 c5 1d a5 a9 56 ac af c9 30 13 e6 c7 58 fb 6b 05 53 e3 68 21 15 f7 ea fb b5 b5 07 52 07 ce 4f 06 63 f3 cd 91 69 d6 8d 33 41 94 81 f4 65 0f a4 db a2 10 f8 d6 32 60 9f 85 93 9e df b0 9f b7 7c 6e 8f 04 14 ba 42 64 2a 68 86 0c 08 cd 3e b5 03 4d 06 37 34 d3 98 fe 0a 3d 98 12 95 43 a4 fc 83 db aa 2e 62 9a 0d 8b 31 32 5f 24 53 db 4b 3e 17 7a 68 c6 c7 8f 1d f1 46 72 d4 a6 f8 0c 4c b5 34 93 2e 58 5c 19 47 99 f1 c2 36 01 98 13 3b ca 92 88 75 05 4c 75 d2 64 24 ea 49 b0 82 ea 90 dc ae c9 66 d4
                                                                                                                                                                                                                        Data Ascii: #k:JwHSPb~Z^#ZR]$hjg!BJo|CVi,V0XkSh!ROci3Ae2`|nBd*h>M74=C.b12_$SK>zhFrL4.X\G6;uLud$If


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        211192.168.2.749945119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC665OUTGET /im.qq.com_new/de9c920b/img/room-13.5bb4e455.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 52214
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 421d1500-ea19-4197-be26-49fd8bf8d78b
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 d4 d4 d4 ba ba ba 7a 7a 7a c0 c0 c1 9d 9d 9d b4 b4 b4 51 51 51 c1 c1 c1 e2 e2 e2 cb cb cb b7 b7 b7 d8 d8 d8 d7 d7 d8 b1 b1 b1 c3 c3 c3 b9 b9 b9 b2 b2 b2 ba ba ba c6 c6 c7 cc cc cd a9 a9 a9 af 8e 8c b2 90 8e a8 88 86 ac 89 85 a8 87 85 b5 91 8e a6 86 84 ac 8a 88 af 8c 88 5a 46 3f 56 43 3c b1 8e 8c eb ea ea 89 51 2a bb c1 d3 e6 e6 e6 5e 49 41 c8 c8 c8 8c 52 2a 8c 54 2d cd a8 a4 db 9d 56 8e 57 2f 98 5c 30 c7 b5 b3 f2 ad 61 c5 9e 99 8a 58 32 fa b8 6c c7 a1 9c c4 c3 c4 f4 b0 65 9d 64 37 7c 53 6b 8f 54 2b 9f 68 3a cc cc cc 95 5a 2f dd a0 58 98 5f 33 9b 61 35 8e 5a 32 98 56 29 95 5d 36 91 5b 34 f4 b3 6a 88 55 2e 91
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEzzzQQQZF?VC<Q*^IAR*T-VW/\0aX2led7|SkT+h:Z/X_3a5Z2V)]6[4jU.
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 64 1b fc 59 de 9b 6a b7 77 bf bd b7 60 99 a4 72 a5 59 59 d8 dc ac 2e ad 34 80 e8 ea d9 d1 d1 9d f8 e1 71 b7 db 4a 8e a7 7b c7 de 90 34 a8 b2 f5 87 86 1b 89 22 43 37 55 c4 18 27 70 62 50 3c 89 30 43 25 e4 42 95 59 f5 f1 4e 6a 5f 5f 70 1b 54 7c aa 40 2b 49 8b 1a 55 5c aa fc e1 d2 f9 74 cc c3 34 f2 5f 8f 65 74 af 4f c7 69 67 1c 2b 6f 19 f7 36 4f 1e 87 8c 5a ad 74 21 b1 be fa ed bd 9a 39 9f 02 ad 54 1a cd 6a 75 b3 da da 5b 69 ac 7c 51 7c 0a 99 02 d1 ba 35 9e 5e 7c ed d9 1f 62 12 79 55 39 44 99 69 b1 f0 29 25 d1 19 84 1a 17 a8 44 8f b2 aa 90 e5 2b 8b d1 c3 df 31 ad f6 a1 fe bf 48 ad 12 55 a1 22 51 52 c4 03 91 47 99 75 10 9f f6 5f f7 26 26 dc 4a 44 7c 97 f5 22 56 95 69 7a 2e 9f cd 5b 9b 27 c0 f2 01 3c 99 e9 b4 1f 3c 78 e2 f7 56 39 b5 9d 2a a7 1a 8d 46 13 6a dc
                                                                                                                                                                                                                        Data Ascii: dYjw`rYY.4qJ{4"C7U'pbP<0C%BYNj__pT|@+IU\t4_etOig+o6OZt!9Tju[i|Q|5^|byU9Di)%D+1HU"QRGu_&&JD|"Viz.['<<xV9*Fj
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: b4 84 28 92 22 54 ae 80 aa 43 45 43 a5 89 b6 8d 61 30 d3 3b d2 c2 df c2 b6 9e fa 06 54 7f ed 26 e6 5e 7c 89 33 75 a4 d4 bb 77 8a 68 84 1a d3 6a 75 9d 0a 2c bb ba 48 a7 ea d3 0f 8e 95 b9 71 73 20 aa af 89 32 0d df 07 d1 e7 96 ca cc cd f8 7c db fa 75 af 39 f5 d3 40 f4 59 4c fa 77 22 91 c2 8e e0 da 00 37 a8 16 32 99 04 9b 42 50 50 75 c5 65 ae 2e a1 0a 16 53 a0 66 a0 da 3c 32 1d c6 aa 88 1a 18 8e fc 40 e1 eb 88 9d 6f 6d 00 a6 46 82 69 7f 0d 55 a0 ee f7 5b 02 4f ed 87 a6 2f 47 a9 41 ba 37 ec 9a 50 3d e4 0b bf 10 07 48 ea ec 41 b3 e5 a9 29 ee c6 b1 3c 30 0a 4f 24 a8 28 fa 33 20 8d 4c 77 b5 e9 e3 6e 62 6f 41 31 dd ed 2f aa e1 62 77 d2 28 93 1a d3 e6 e6 0f 0d 29 43 98 3b f9 c2 0a a8 ba d6 42 3d 64 01 78 ec cd b1 87 7b 8c 69 8f 98 16 cb f4 18 22 d1 a0 d3 44 74 fb
                                                                                                                                                                                                                        Data Ascii: ("TCECa0;T&^|3uwhju,Hqs 2|u9@YLw"72BPPue.Sf<2@omFiU[O/GA7P=HA)<0O$(3 LwnboA1/bw()C;B=dx{i"Dt
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC3533INData Raw: 89 af d5 c7 c5 44 21 fa ec 43 37 7d 6d f4 cf 9a f6 8f 56 34 fa f0 6f ee b0 ac b6 3e a1 7a 40 ed 8f 7f ca 44 cf 91 b9 43 dd 26 5b 96 44 a8 02 ae 60 cb 27 9f 25 ac 16 96 fc 15 05 aa be f7 4e 94 fc c3 07 13 1d d7 79 9a cd 12 71 98 f5 cb 42 75 bf 13 6a b9 99 d3 11 b3 42 d5 50 5b a8 06 47 79 66 4b 95 f1 7b 50 45 bf bc 91 89 f2 7e fc be 5b 46 f4 8f 61 75 23 af e9 53 6b e5 d6 c3 dc b9 72 d0 7a f3 b8 59 02 39 03 54 57 a9 b1 76 db 66 a8 83 a9 aa e1 57 9e 5b 6d 4c 70 29 30 14 a8 8a 1f 7c a3 59 50 5d 7a 21 ca 94 d1 1c d9 30 27 fb 06 d4 30 55 6d 15 01 d5 6c 35 d7 f4 25 ba e2 19 50 07 aa b8 e4 2f a0 6a 20 2d ba 11 3b 6a ff 61 58 fd 82 a6 e8 45 78 e0 05 a2 8f b0 f2 8c 8c 0d bc 35 69 c2 6e cf 23 25 2d b7 69 36 4a 49 9b 54 ad 02 bf de d7 16 e6 17 51 d7 17 6a a4 37 e1 83
                                                                                                                                                                                                                        Data Ascii: D!C7}mV4o>z@DC&[D`'%NyqBujBP[GyfK{PE~[Fau#SkrzY9TWvfW[mLp)0|YP]z!0'0Uml5%P/j -;jaXEx5in#%-i6JITQj7


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        212192.168.2.749939129.226.102.2344437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:03 UTC785OUTGET /kv?attaid=05700050920&token=3619167286&topUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&pageUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&domain=im.qq.com&channel=0&from=2&version=1.15.2&platform=&kernel=origin&_dc=0.5179496214337087 HTTP/1.1
                                                                                                                                                                                                                        Host: h.trace.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC139INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/gif
                                                                                                                                                                                                                        Content-Length: 2
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: Trpc httpd
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        213192.168.2.749948119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC670OUTGET /im.qq.com_new/de9c920b/img/user-profile.a6a93e4d.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC472INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 500143
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: a21673e9-52d0-4a27-9861-3e27f0a8bbe9
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15912INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 84 00 00 05 72 08 06 00 00 00 98 db ef c5 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRrpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: a3 55 ed ba 01 d6 b1 da 23 d2 c6 d4 91 04 56 80 d4 89 56 8e 01 9b 37 3e e6 9a ab e5 27 1a 68 88 74 e7 6d 0a 88 b5 ce 8e dc b4 f6 b4 94 9b 99 63 63 62 e7 19 82 d6 a5 59 4e ed 1e e8 4d 46 8f 6d 47 bc 68 9c 64 16 0e 20 37 77 54 19 6a 5e c3 34 e7 f3 40 47 e6 21 c3 94 4c 0b 53 60 46 e1 87 e6 7e 35 4a 38 16 19 cd fa 10 47 46 1d 8e 20 a2 d1 ed ed 1d 8f 51 c2 be 32 b2 0a bf 98 dc cd f7 83 dd 04 3e c9 7a d7 31 fa 31 2d 86 c0 a8 cf 32 78 40 c5 44 24 e3 66 76 3e 79 bc 82 28 a0 18 65 f6 78 93 39 31 81 da 63 24 bf 95 6b 3b b5 cd af 39 e2 96 04 06 2f 54 f4 68 9c 78 02 1d c6 b0 7e 8c 53 f1 c3 d6 e4 f7 86 99 c0 20 03 05 f6 42 5d b5 8d a1 6d 68 1f b6 82 c2 a1 c1 69 fd f5 dd f1 6a 69 79 04 1e f8 24 72 cb 36 c7 02 e3 97 15 a6 24 f0 31 03 c3 f8 9c 23 8f 19 54 d0 89 9d ae ba
                                                                                                                                                                                                                        Data Ascii: U#VV7>'htmccbYNMFmGhd 7wTj^4@G!LS`F~5J8GF Q2>z11-2x@D$fv>y(ex91c$k;9/Thx~S B]mhijiy$r6$1#T
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: f2 18 02 8f 26 40 66 d1 92 8a 63 f2 d1 b1 ad d6 7d 4e 62 b7 d2 c9 5f d9 ed 38 4e 5c 8e 20 c5 7d 59 45 b0 24 d1 14 61 fc 97 ec 80 d1 67 db 0d e0 cf a1 3b 3d 41 c5 9e 0e 12 c0 66 03 b3 a1 67 e6 ed b8 3e 70 ef 92 ef 2f 88 d9 34 e9 60 2b b9 17 49 89 bf 6c a3 cc 21 ec 28 2f 56 73 81 d7 01 a5 46 71 c1 17 3e cb eb a2 05 4d 88 67 6f df 06 8c 78 41 41 58 8b 11 42 c7 19 db 38 45 28 20 2f ed 7f 44 4d 3f e9 70 cb 44 fc 8b 82 c8 5c 30 75 0e f1 2c 7a e5 21 2a f8 09 54 45 9c c8 bf b0 cc 18 98 42 8e 15 f1 ac b5 33 e3 94 50 a3 8b 1e f5 95 e2 06 1f 40 93 a5 ca 33 3e 9e 2c 25 f9 bb 0b 94 42 33 38 6c 40 16 f0 2d fd 01 61 c4 8e a6 4c 78 96 ed 48 d2 33 4f b4 c5 aa 41 66 e4 76 8b f6 c0 11 60 44 72 c8 1c 02 a6 7c 30 e5 f6 38 0c 22 2d 78 65 b8 90 04 43 c8 d7 5b 2b d4 9d 65 d3 88
                                                                                                                                                                                                                        Data Ascii: &@fc}Nb_8N\ }YE$ag;=Afg>p/4`+Il!(/VsFq>MgoxAAXB8E( /DM?pD\0u,z!*TEB3P@3>,%B38l@-aLxH3OAfv`Dr|08"-xeC[+e
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 3c 92 72 10 61 6b 2a 39 e8 86 0d f0 71 5a 95 37 6a 9f 4f 89 e3 3a 51 db 6b 34 e9 f3 54 2c 3d d6 69 97 23 0a 8a c7 29 bf 88 1d b9 0e d0 eb 5c e1 0c 09 82 8e 43 4d cc 0f f8 c3 4b 88 18 e7 6a e6 76 38 f3 1b 18 3a 9e a3 39 80 e6 f4 82 27 59 99 a6 4e 28 0f 17 08 97 e7 b2 63 3a 24 17 92 cd 3e 1e 06 7d f8 8c a3 28 06 1e cd 03 47 ec d4 4c 1f ee 0e f5 10 96 75 5d 81 67 7f ce 64 83 61 60 dc 7e fb 86 0f 34 30 1b fd 1b 06 20 78 9d 70 b4 24 c9 18 27 d9 35 d2 67 38 b3 fc 93 d7 98 65 7c 91 7e b7 f2 64 26 92 44 5b 8e fa 59 65 a0 e9 04 b2 a0 46 db 98 37 1b 90 91 e5 2a 9b 5f 2e 9e 3d 6f 4f ca 4c e0 e7 3f 6b 3b 86 7b df 0f 28 73 2c 5f d2 e5 6f 3f a7 d7 7f f3 97 76 ff e4 c7 7f 32 b6 21 5c 26 1d 9f 22 75 b9 ad d3 67 08 90 3b c7 ec fb c6 da 35 dd 5d 5d d2 17 7f fe 2f e8 ea ab
                                                                                                                                                                                                                        Data Ascii: <rak*9qZ7jO:Qk4T,=i#)\CMKjv8:9'YN(c:$>}(GLu]gda`~40 xp$'5g8e|~d&D[YeF7*_.=oOL?k;{(s,_o?v2!\&"ug;5]]/
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 0d 94 4c 6b 80 c3 8d 6c 56 d2 82 15 43 79 95 27 db f8 45 82 4a b4 cb 36 9c 7a a1 58 f5 6c e3 58 d0 ad 94 f9 02 12 99 dd 36 aa 98 ed 25 ff 8d b5 34 1c 81 9e aa 77 9b 9c 06 26 23 a5 af f1 1c 41 50 28 51 52 c2 23 89 f4 c0 68 a6 e2 49 d4 23 84 a9 a9 8c 4a 8c a2 7c 1f ea 51 34 87 95 48 ed e3 c4 bc 5b bb 61 57 ca f4 af 22 30 1c 26 1c 22 1a ad c1 7a 88 66 d8 cd 24 71 c7 93 10 28 41 e5 8c 10 35 54 47 d0 a3 83 87 7a 7f b7 4e 0d 1f 0c c7 72 7d 53 9c c1 35 32 58 3e 41 77 bb 4e 7f 1f 20 9a 69 d1 c1 72 f8 f4 67 9f ad 53 c5 bf 57 3f 4a 3d 63 73 8a 7d 49 03 37 76 e1 64 63 d4 56 87 40 a8 9d 98 6c e4 cf 29 da c2 a9 46 5d 93 c9 20 f4 de a5 fe 7d 67 57 9c ed 9f 83 01 71 45 80 bb d5 50 e9 a9 f1 c9 91 32 c9 9a a8 77 a3 4c f8 01 b3 cc c8 62 cf 59 28 e8 4a 65 69 1c e9 88 d2 02
                                                                                                                                                                                                                        Data Ascii: LklVCy'EJ6zXlX6%4w&#AP(QR#hI#J|Q4H[aW"0&"zf$q(A5TGzNr}S52X>AwN irgSW?J=cs}I7vdcV@l)F] }gWqEP2wLbY(Jei
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 97 4d 2e 1e 3f a5 73 f9 36 2d ef be 58 6d cc 1a 79 78 f9 ba 7e dd 65 77 f2 ed f5 ef ac ba f7 87 9b 2b 5a 0e 77 5e c7 03 92 20 4a 11 bd fb 0b 4d df 25 f9 40 c7 5b 3c 4b 2e 42 33 3c b2 30 dc 8b 98 96 53 fd f1 f0 64 fa a4 77 75 b0 09 64 0f 3d 73 2e 68 f9 be c1 64 42 04 88 4d 13 c3 0f 4f 60 d0 fd a8 61 d9 8d 0e 7a 20 f9 49 33 a3 6e fa 60 d2 20 6f 10 53 5e 17 9c 2a b5 42 77 87 d5 41 ab f2 5c 0e d2 df 35 a7 70 bd de df be a3 eb bb 0b da cb d7 eb b3 c7 ed 73 aa bb d5 79 bb fd 9a ae e5 82 ea 5c ef 56 93 8a 23 b9 6b 08 b0 5c 91 94 41 74 8d ca af 72 7a 7a 55 a3 f6 75 c0 db 1d d3 72 2a 88 2c ab 2e 38 9c 24 fc fe 6b 26 79 8f 4e 1b 8b d6 d4 79 23 45 08 bb 60 83 93 25 1b 4a 27 3f 1d 3a f0 d8 1a 80 07 e0 c6 08 86 b1 38 8f c2 99 bd 05 ce 15 fb 01 9b fc 40 25 ca f1 1f 7c
                                                                                                                                                                                                                        Data Ascii: M.?s6-Xmyx~ew+Zw^ JM%@[<K.B3<0Sdwud=s.hdBMO`az I3n` oS^*BwA\5psy\V#k\AtrzzUur*,.8$k&yNy#E`%J'?:8@%|
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 23 5c 61 ed 86 e1 5f eb f3 53 b9 24 61 66 54 b9 6c 03 18 a5 f1 ae 6c 07 8c 03 28 44 b7 b6 c8 69 d4 8c 14 ef ec ec 1e dc bb 7b c7 1e 16 e9 4c de 64 d6 34 1e b8 86 a3 9c 4c 86 ee 00 96 b7 df 2f 77 1a 37 73 c3 1f f9 66 92 d6 08 4e 1a 23 3d dc cc cc 9f 59 6b cd c6 56 79 69 b0 c8 4b 5c af 2e f8 27 2d f2 cd 42 73 5d 91 13 bb 6b fa b8 12 45 7a 5c 9a f7 fd 3c 7b 9c d0 f6 1d c6 37 b3 3e c1 cc 0a 85 8c 11 f8 22 3c c1 af 00 b1 b8 d3 27 95 bf 9e 66 19 53 70 ef 17 78 02 8b d9 5d ab de f2 60 30 74 40 e7 08 9f 63 e5 46 df bf d9 98 f8 b0 0f 63 21 48 fb 28 70 20 3b 42 49 1f 51 29 61 aa 0a 56 14 46 b2 e2 1d 8d 51 c5 e2 c1 51 6c 4e 6f 45 45 86 18 5d 60 b8 3c 80 20 ee 6e 28 32 a5 ad 05 84 5d d7 a9 1e 23 d8 6b ec 42 d8 ba 29 b0 71 a7 12 3b 97 97 23 19 f2 6f 63 fa 6b 66 16 d4
                                                                                                                                                                                                                        Data Ascii: #\a_S$afTll(Di{Ld4L/w7sfN#=YkVyiK\.'-Bs]kEz\<{7>"<'fSpx]`0t@cFc!H(p ;BIQ)aVFQQlNoEE]`< n(2]#kB)q;#ockf
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 93 b7 d3 a3 d0 bc a0 3a 06 4f 5f 7c 57 c5 6b a7 e2 a1 10 9b a9 75 53 d6 05 e0 d4 5f 2f 0d 78 53 94 78 7b 8a e6 52 a1 72 b6 4e 6e 51 d9 68 5b b0 12 53 77 70 44 83 44 07 8e 03 08 66 55 f2 d6 de 29 cd 57 6a f2 6d 23 6c 1f b5 59 6d e1 99 67 9e 83 db 46 a5 7f 78 f5 18 de f6 71 6f 83 4f ff 8c 4f 87 ab d7 af c2 76 65 24 86 06 bc b3 7d d3 e9 e9 09 e0 ba 83 19 d3 d2 50 23 07 85 d1 f1 27 28 d1 a7 ac 29 53 a6 55 89 6e 15 23 8e 05 9c 10 f7 3e 10 98 29 c1 63 77 fd e3 c2 21 ed c8 bc cb f4 7e 27 94 a6 69 0d 95 72 19 2a 8e c2 29 d9 8c c3 5c 3e f4 24 f0 23 15 0b 73 7c 07 3a 3e b5 1e 44 29 c8 33 45 b4 c7 57 61 ff da 4d d9 c8 26 f4 c1 73 48 2f 25 04 0a 3c 3d 56 55 0d 80 07 f4 72 43 50 e4 8d f6 71 bc d2 d2 e7 19 f1 04 a9 b6 46 34 4e a8 07 91 a5 8e 0b e8 f8 c4 f1 39 5f 27 e9
                                                                                                                                                                                                                        Data Ascii: :O_|WkuS_/xSx{RrNnQh[SwpDDfU)Wjm#lYmgFxqoOOve$}P#'()SUn#>)cw!~'ir*)\>$#s|:>D)3EWaM&sH/%<=VUrCPqF4N9_'
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 67 f4 e2 7e f3 37 7f b3 80 c7 cb 02 42 0e 6c e3 c7 a7 a2 f9 34 f4 db df fe f6 a0 aa 65 75 2a 83 64 56 19 4f 0d 0c 82 59 fd cd 6a 58 06 9b 9c 96 db ce aa 74 b6 53 f4 92 39 06 7d ec ea c5 ab 36 bd 8b 19 76 61 c3 6a e5 4f f8 84 4f 10 90 ca 36 87 3e f0 69 60 b6 79 f4 81 0f f2 30 80 d3 e0 9b cb 60 30 37 14 bc 54 91 eb c5 9b 02 06 80 fc 9b a5 a3 6c 5f c8 27 c5 59 b2 e9 6d 18 87 54 f8 ac 5e 7e e2 89 27 e4 73 97 7e da 25 34 2c 65 41 ec 9f 78 24 7f 02 33 c6 25 a5 de 4c f6 73 68 0f 57 34 5e a2 8f 3d 36 aa 02 f5 be 97 f9 24 f5 3e ed 37 a7 59 00 0f 11 95 c4 04 06 f9 6e b5 04 4b db 62 ca 54 93 94 79 86 c8 da 93 42 dd 08 20 29 7b e6 d9 3a 16 d3 c4 7a d0 40 ed 93 b8 49 03 4a cf aa 0c 0c 72 98 a3 35 c3 41 02 4a 39 10 86 e1 8e 25 0d de ab 95 4a 9f f5 6c f6 28 ad 63 93 82
                                                                                                                                                                                                                        Data Ascii: g~7Bl4eu*dVOYjXtS9}6vajOO6>i`y0`07Tl_'YmT^~'s~%4,eAx$3%LshW4^=6$>7YnKbTyB ){:z@IJr5AJ9%Jl(c
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: a0 a3 95 f4 7e 27 e2 0e 38 27 d9 3b 41 86 b2 54 1f e0 c3 91 47 83 86 12 ed eb 8e ec 45 db e9 79 cb 85 83 28 49 c7 79 d3 12 55 a2 11 77 1c c8 fc 24 a5 c1 62 f8 94 7c c9 86 07 73 2f 9b 4a 59 a4 e4 2a 80 d1 c8 1c dc 2a 96 42 1a bb 09 c5 7a 51 02 e6 ea d3 60 88 f6 b3 0b 33 d3 48 4d 39 a0 d5 23 c8 a1 8c f9 28 49 8a 97 ab 61 df a4 2d b4 69 de cb 66 ac 1b 15 84 ba 60 d6 4a 97 98 df 52 1b 70 6a de 16 ce 8d 79 6b 29 e2 a4 92 89 8e d7 47 e2 99 33 a2 49 09 a5 4a b6 d6 6d 7e d7 13 b4 7d 75 39 71 f5 17 aa 45 92 3e 43 aa 84 27 be cd 06 fa 75 07 00 67 a9 0b 65 e9 fb f3 57 a1 46 55 c6 5a d5 c9 fd f6 f7 46 c1 88 45 5b cc 76 0e 4f bc 72 d9 95 e1 55 1d da 25 c0 f4 f7 c5 c5 e0 fc ed 5c a2 5b b0 60 6d aa 2e 3f 15 b0 9d 53 bb b0 46 6d 93 1a 18 1b 69 eb bc a7 8f 8d 38 98 61 f2
                                                                                                                                                                                                                        Data Ascii: ~'8';ATGEy(IyUw$b|s/JY**BzQ`3HM9#(Ia-if`JRpjyk)G3IJm~}u9qE>C'ugeWFUZFE[vOrU%\[`m.?SFmi8a


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        214192.168.2.749951129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC442OUTGET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        215192.168.2.749942203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC386OUTGET /im.qq.com_new/de9c920b/img/room-3.13d69f7b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:05 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 51873
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 31fba7cb-3bca-4450-a4de-6578a6569ca7
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 02 fd 50 4c 54 45 00 00 00 00 00 00 00 00 00 d4 d4 d4 bc bb bc 7a 7a 7a 9c 9d 9d 51 51 51 e2 e2 e2 a8 a8 a8 be be be b5 b5 b5 c5 c5 c6 c8 c8 c9 d8 d8 d8 c3 c3 c3 ae ae ae d8 d9 d9 b4 b4 b4 bc bc bc c2 c2 c2 b6 b6 b6 c5 c5 c6 bf bf bf ec db da e9 d8 d5 eb d8 d4 eb d9 d6 b0 99 94 52 78 8d af 9b 97 b2 9a 95 45 59 b1 3f 57 b1 4e 77 8c 54 79 8f 48 65 60 4d 69 64 ef dc d8 57 79 8d 4c 66 61 44 62 5e f8 f7 f7 e0 be b6 ec eb eb 40 5f 5b e4 d4 d3 df ba b0 e3 c4 bc db b8 b0 5b 7a 8f e3 c0 b7 52 6d 68 ea e8 e8 51 6a 65 df bc b4 c5 c5 c5 e5 e5 e5 3e 5c 58 5b 28 33 ff a6 4c dc b7 ac ff a5 44 e1 c1 b9 c9 c9 c9 ff a1 3e 49 62 5e d8 b6 ac e2 bd b3 da b5 a9 d7 b3 a8 ec
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEzzzQQQRxEY?WNwTyHe`MidWyLfaDb^@_[[zRmhQje>\X[(3LD>Ib^
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 30 4d 47 99 d2 89 98 92 a3 60 07 4c d9 af 98 de 8a 11 fd ca 17 3b ef d5 4c 95 50 a1 d5 1b d4 a7 30 bb 96 89 7e 35 b5 0b a0 ea 43 71 5c 7d 1a 1d 82 1b 68 ad 7d 6e c8 9e b0 b3 78 24 53 ff 74 5e a6 a7 90 69 e3 96 47 a7 05 9f 74 ac 03 29 5b 98 ed 26 df db fc 6e 31 a3 8c 7d 6f 52 99 8a a7 73 c2 74 1a 3a b5 81 ca 4b 31 4d 13 44 c5 94 db 47 f1 06 35 94 ce 0a 34 0f f7 ea 2d 61 9a 6f fe 6e 30 4d a6 23 3a 55 6f cc 54 e2 6a 7a 73 81 16 b7 6c 3c 4a a7 4a 62 08 ab 68 40 44 fb bd 16 53 93 2a 33 75 28 05 26 1b 9d 23 8d da 56 e1 d0 31 32 9e 8e 58 bb 22 cc 0c a6 fa 1d 13 9a 28 ca 91 4c a7 82 d3 d9 e8 48 a6 d9 ef 5d 4e 35 9d 58 3e ea 76 85 a8 b8 dd 8f de db 99 09 99 2a a2 0a e5 f2 5c c8 14 32 15 90 fa 07 49 d2 60 6f 85 62 4a 00 4b 99 4a 8e ca 18 42 ea 30 4f be 53 6e e4 f3
                                                                                                                                                                                                                        Data Ascii: 0MG`L;LP0~5Cq\}h}nx$St^iGt)[&n1}oRst:K1MDG54-aon0M#:UoTjzsl<JJbh@DS*3u(&#V12X"(LH]N5X>v*\2I`obJKJB0OSn
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: 93 53 04 75 15 e1 e4 0b 6f b6 a1 1a d4 14 50 a5 1c 52 88 32 a4 2a 5a c0 02 b5 50 3b a5 de 53 6d 8f d2 56 d1 48 a9 03 76 a6 d4 71 55 41 7b 82 12 58 dd 17 84 2a 44 9b bb da ba e4 01 1f 64 35 6c ef ff 9c fe d6 9d 55 8d 1a b9 6a 07 75 e4 d4 53 2f 42 4e ad a5 cd a6 c6 dc f2 f2 ac d6 64 09 31 1d 35 6d 35 71 a4 c3 74 3a 31 f5 71 57 80 81 a5 29 6f 33 41 d1 14 b4 ac 03 e7 34 c4 98 0e fb 69 ca a2 69 87 04 15 27 ac 10 4c 5f fe 74 55 82 4a 51 d2 a2 a1 ca 36 f0 d1 89 0a aa ac 5f 9c 90 3e 62 45 b1 85 b4 bc dc 60 56 44 00 77 3f 95 62 5b 35 0f 0b 3b 6e fc 12 2e 65 e4 a9 35 26 bc 73 ca 98 12 35 db d6 d6 dc d6 da 76 f8 ca 2b af 7c 1e ff 09 9b 80 3c d5 67 55 4f 77 67 55 4f dc b2 14 d4 a0 be fe fa ea 53 3c d1 41 d7 08 ca 99 94 f1 14 58 57 3d a5 ab 55 92 ca 6a b5 83 a6 5c d4
                                                                                                                                                                                                                        Data Ascii: SuoPR2*ZP;SmVHvqUA{X*Dd5lUjuS/BNd15m5qt:1qW)o3A4ii'L_tUJQ6_>bE`VDw?b[5;n.e5&s5v+|<gUOwgUOS<AXW=Uj\
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC3254INData Raw: bf a6 31 fc f6 5a 75 e1 5c 0f bd 76 1c aa 7b 2b 58 6b df 9b 2d 76 05 74 39 ea bf 72 c0 53 d3 6b 82 1d 46 08 1d 53 d8 b6 09 88 06 95 a3 10 c1 79 51 13 62 8f cc 71 4e b8 32 eb 35 8f 25 86 9a e4 ea 8a 6b 98 c6 67 c0 5b a6 1d a8 68 14 a1 31 21 36 d4 62 ef 83 b9 51 f1 d2 a7 8f 3c 02 4e af 97 fd 4f 02 e9 da 56 97 61 95 a3 b3 0e 23 4d b7 59 04 3e 14 55 97 2b 13 3d 48 95 63 c7 0a ab 52 66 f7 75 b8 9b 5a 95 27 4e a9 f0 74 55 79 26 fb 8e af 22 ec dc 3d 25 45 4f ef 75 ec bb 12 a8 87 6f 1b 61 0d ba ba e1 51 17 1c 14 31 30 6b 67 f5 e3 e1 c1 04 e0 71 fa fa 11 97 5e f7 fe d4 51 93 e8 7f 3b 92 ae a1 ce 5d b8 08 74 0e ab bf b1 f2 ac 6f 82 ba a6 ba 36 d2 e3 47 cc fa c7 c2 8b a2 ab 69 a5 71 e7 de 44 4c b2 50 c6 05 16 d6 05 8e a1 73 8e 21 ec 4a de e0 de ef e0 df c0 50 b7 88
                                                                                                                                                                                                                        Data Ascii: 1Zu\v{+Xk-vt9rSkFSyQbqN25%kg[h1!6bQ<NOVa#MY>U+=HcRfuZ'NtUy&"=%EOuoaQ10kgq^Q;]to6GiqDLPs!JP


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        216192.168.2.749947203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC386OUTGET /im.qq.com_new/de9c920b/img/room-6.7bfb07b7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:04 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 81200
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:03 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 7213271f-67fd-464b-b4bc-50c6d7e39e85
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 19 08 03 00 00 00 ca bb 25 d0 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 14 14 15 d9 d9 d9 94 94 94 7a 7b 7b c2 c2 c2 be be be d8 d8 d8 b4 b4 b4 a8 a8 a8 c2 c2 c3 ce ce ce b6 b6 b6 bd bd be 88 aa 6e e1 67 38 91 ad 72 68 97 00 f6 73 37 6f 9b 01 e4 68 39 df 64 37 e2 6a 3e e9 e9 e9 e9 6f 3e e6 6d 3f e9 72 44 f8 70 33 ec 72 40 f1 e2 e1 4a 7f 00 fc 79 3a ea 6a 3b 50 83 00 e9 b4 9d fb 87 4c ec 6d 3d 62 93 00 96 af 77 eb b8 a2 e7 b1 98 f9 78 36 f4 6d 32 c7 c6 c6 e5 64 36 e6 6c 39 fd 7c 3c ec 78 49 f5 ea e8 cc cc cc ed 75 43 f7 77 3e fb 7c 41 e7 aa 8e 57 84 01 ea af 93 e3 70 44 50 7e 01 f2 e6 e4 e1 60 35 fd 8e 51 49 7b 00 fe 80 3e e5 9a 7a e6 a0 81 e7 75 4b ec a6 86 db 5d 35 ce bc b5 ea 96 73 e8
                                                                                                                                                                                                                        Data Ascii: PNGIHDR%PLTEz{{ng8rhs7oh9d7j>o>m?rDp3r@Jy:j;PLm=bwx6m2d6l9|<xIuCw>|AWpDP~`5QI{>zuK]5s
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC16384INData Raw: 23 55 d5 c0 c1 31 a7 dd 12 aa 62 19 31 95 23 e5 c9 22 cd 94 76 a1 95 14 db 7b 8d 54 c3 8f b4 59 a2 b0 7e 88 de 58 4c a1 1a 65 39 e7 ee 35 d7 6b 04 53 3d 60 0a 4e 3e cd 91 36 a9 3e 31 a2 62 aa 1b d8 cf c2 b4 fb 4a 36 f9 cf e7 e3 ee 6a ae f2 16 47 ca 03 9e c8 89 52 4a 2a 44 d2 ef e9 e7 97 52 99 07 f1 66 7b 5a 0c c3 15 a9 e8 00 95 aa 34 a6 c4 ae b7 d3 a9 46 c0 1e 6a 47 fc c6 fb c8 23 d5 cf 7b b4 2a b7 12 52 7e d5 92 a9 84 69 48 5c 36 82 13 29 99 02 d1 5a 53 33 56 5b 98 e8 bb e9 29 57 b2 d3 c5 c3 f5 a8 39 e8 ce 86 07 39 16 2e 0a 50 d1 d5 7e 12 82 9e 9b 4c df 14 d3 96 4e 27 a7 eb 98 2e 7c fb 73 1f c2 a7 de 24 ea 4c 3f f5 6d e9 aa 9a 25 5a 1c 76 42 6c f2 49 31 ad 93 e8 55 91 ac 35 9a 4d 18 2c e2 f2 7b 47 6a 4c 2d e6 cc 87 8f 26 49 60 0a 54 ba d8 20 aa 0a d0 64
                                                                                                                                                                                                                        Data Ascii: #U1b1#"v{TY~XLe95kS=`N>6>1bJ6jGRJ*DRf{Z4FjG#{*R~iH\6)ZS3V[)W99.P~LN'.|s$L?m%ZvBlI1U5M,{GjL-&I`T d
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: aa 7a 1c c4 c5 0e 07 3a bb 34 fb 60 6d 6f 6f eb 2a 04 32 15 3d dd f9 cb bf fc 73 1c ec 2c d4 f3 8f 3e fe 2f c8 e3 8f 5e ba 44 a2 40 6a 99 1e 78 5a 98 7e 5f f4 f4 37 37 9f 07 d3 c7 78 36 11 c5 e0 b6 82 b8 71 ab a2 a7 d1 ae 36 6d 60 53 b7 9a 03 72 26 09 48 56 95 95 4c 65 bf 71 d4 93 0c 79 c0 34 72 e5 df 15 a6 72 f8 bd 74 ea c2 e2 14 34 94 fe 14 4c a7 ca 4b e2 57 cb a5 72 69 7b 71 24 df 89 82 52 8c fd 95 f5 55 f2 cf 00 53 37 98 b6 30 b9 14 c9 c8 12 ab 1e 81 6a 8a be 6b eb 69 95 e5 95 a1 ae de 30 88 36 48 19 a7 65 8a 27 26 0f 36 32 c8 16 dc ba f7 db 94 1f 0b d3 4f 68 cc 19 f6 5a 35 ed b2 9b 25 28 83 78 8f f5 19 4c 19 63 9e 41 b3 a6 36 b4 3e df c5 4a 24 6f 00 f5 19 9f 25 52 32 cd 27 23 15 a6 2e 66 02 51 f8 41 f7 4d 31 aa bd cb 83 ca a6 86 45 31 bd 96 e9 3f 7f
                                                                                                                                                                                                                        Data Ascii: z:4`moo*2=s,>/^D@jxZ~_77x6q6m`Sr&HVLeqy4rrt4LKWri{q$RUS70jki06He'&62OhZ5%(xLcA6>J$o%R2'#.fQAM1E1?
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 1e ba 80 24 a1 72 d4 9a 22 b5 3a 5d 8f 2b 52 0d 7c a7 ef 3b a6 3c 6f 33 40 ff a6 4a 15 df ab 9e 77 bd 19 35 67 57 d6 0c 51 7d 88 59 9d 8e d8 10 49 5c 00 99 ba 2c 25 3d 06 77 ca a8 a3 31 11 f8 f9 47 58 01 17 6a 72 be ea 1c 22 81 18 f7 32 e4 59 30 a9 d8 30 c5 8e a6 91 b7 15 b9 72 09 52 c7 b4 79 69 ea d9 94 14 71 4f ed ee d6 99 74 52 33 4a 97 94 70 3c 01 f7 fb f8 41 ba b7 37 03 3b 22 50 79 dd ae 2a c0 be a9 e8 9d 5e ea 9e b8 1f 7f f1 e8 96 25 4c ad 46 35 4e fa 5a 9e 2a 3f 39 35 e1 3b 59 4c f4 a4 12 3d f0 1c 99 7e 86 b1 11 98 12 e0 87 39 eb 74 1c 1b d6 24 34 49 c0 84 8a 4c 21 9b b7 d6 63 ed 45 24 cc cb fd 50 31 52 bf 41 14 23 77 c4 1d d3 2c 98 12 2a 22 13 b7 9c 9a cd 0c 81 aa 4e 17 e6 b7 2e 17 33 3d a9 96 14 99 aa 4e d7 a8 d3 b5 0d a4 f3 af e0 73 27 53 83 14
                                                                                                                                                                                                                        Data Ascii: $r":]+R|;<o3@Jw5gWQ}YI\,%=w1GXjr"2Y00rRyiqOtR3Jp<A7;"Py*^%LF5NZ*?95;YL=~9t$4IL!cE$P1RA#w,*"N.3=Ns'S
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16237INData Raw: 32 38 79 a1 c7 de 6a d4 4e b5 f5 d6 99 80 49 a2 da b4 af 94 b2 cf 76 b5 6a 1d e7 c2 d1 bf 6f 91 5b 95 66 3d b0 4d 96 b8 7d 0d 7c 2f 89 7e 8c 54 61 3c 6c 2a 54 3d e2 a3 d3 d2 c2 75 85 07 0e bd 2e be 93 48 07 82 5c 9f 28 77 38 c9 a1 8d 42 bd 28 4c f9 54 9e 5a 3c 90 3a 8d 06 9c 53 76 c3 1b fb 11 ef f9 34 21 3a 98 a4 6b df 08 55 40 e5 e0 14 c1 54 05 a9 b5 60 44 51 38 60 a4 3d 74 c0 5d 5d 70 bb 0c b9 a2 68 be 34 64 99 0e 8a 46 bb ae 1a 83 47 be d7 69 35 4a 37 2c 09 14 89 0a 56 4b 75 7d 3e 5a 6b a3 33 fc ff bf 61 43 3f c2 a8 5a bc 22 87 28 4d 90 e6 ac c2 10 ae 93 06 91 dc 02 75 d2 7c ce a7 45 54 ea fe 02 d6 77 8c a8 03 be 08 9d e2 18 f2 8f 1d aa 3c f4 33 91 ea 7b e1 80 0b 7c f7 d9 2e f8 0a 4f 96 88 53 a6 4d 98 8b 11 03 d4 d6 a6 6c 35 7f 67 e6 fd ca b4 d2 11 cd
                                                                                                                                                                                                                        Data Ascii: 28yjNIvjo[f=M}|/~Ta<l*T=u.H\(w8B(LTZ<:Sv4!:kU@T`DQ8`=t]]ph4dFGi5J7,VKu}>Zk3aC?Z"(Mu|ETw<3{|.OSMl5g


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        217192.168.2.749949203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC386OUTGET /im.qq.com_new/de9c920b/img/room-7.814d1434.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC666INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:05 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 64395
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 2201ccc2c3e9898faee175aa2e7e0ade
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 69fcb7b2-6698-4ba9-9942-f66a6acb53c1
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC15718INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 19 08 03 00 00 00 ca bb 25 d0 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 94 94 94 b9 b9 b9 70 70 70 52 52 52 85 85 85 e2 e2 e2 b9 b9 b9 d7 d8 d8 bf bf bf a7 a7 a7 c2 c2 c2 c5 c6 c6 ce ce ce cd cd cd de de df e5 c5 ba e6 c7 bc e4 c1 b5 e3 c2 b7 e6 93 9b e1 c1 b5 e6 92 87 e2 be b3 eb 9a 90 ea 98 8e e4 c5 bc e4 bf b3 e4 94 9c e6 c3 b9 e9 9b 90 e8 93 88 e2 c3 bb eb 9d 91 e5 c2 b6 e0 bf b3 e5 90 86 e7 c5 bb ed 9b 91 e5 c0 b6 e7 c8 c0 e7 98 8e e9 cb c5 eb cd c7 e4 91 9a e8 c9 c2 e3 91 87 e6 95 8c e6 94 89 df bd b1 e4 c6 c0 e7 c5 bd e2 bd b0 e5 94 89 e2 8e 84 e7 ca c4 e9 96 8c e6 95 9d e5 98 9e ea d3 c7 e6 c3 bb ec cf c9 f1 d7 d2 e9 c5 bd ee d3 ce c9 c9 c9 e5 c8 c3 eb eb eb f0 d4 d0 e0
                                                                                                                                                                                                                        Data Ascii: PNGIHDR%PLTEpppRRR
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: da cb fd 34 f9 5e 78 a4 e8 7b 31 9f 2e 38 c4 8f 4c 45 a6 3a 9f de 3f da 4f ef 38 4c a7 44 cc ea 94 65 96 74 ca 96 a9 d0 a9 ab 4b a6 65 36 e8 a3 47 aa 4d 3f ad eb 5a 75 5a 9e 89 63 57 30 75 2e e5 48 2c e3 9a 74 8a 7d ae d3 f1 77 15 57 37 cc a7 ab 4e e6 53 a9 bd ac 53 c3 f4 de 8c 29 e9 94 5f ae 68 e5 ba 2f 9f cb 60 69 ed 85 4e 09 2a d7 5e 93 39 d4 40 0a 8f e4 62 36 c8 df ef aa 2a f6 53 b9 ee 2b b5 17 ce 37 cc 32 87 f7 d3 30 cb 08 53 46 aa 3a 6d f8 49 e6 7b 99 90 c9 f0 79 65 b3 0c 56 9e 0d d6 39 d3 74 77 25 ce a7 7a 7e fa a2 8f 4c b1 cf 3d 12 78 89 47 92 7f 62 6d ce 4f 71 cf 41 cf c4 3d 20 1b a6 a5 4e c7 3d 52 55 78 24 65 ba 1a d1 e9 03 55 62 0a a8 98 4f 69 3f 96 e1 b7 7a 26 ce ce 57 75 da 73 e6 10 3c 52 87 cc 01 c8 85 a9 ce 32 ea 7b 0d d3 43 fa a9 33 3a 65
                                                                                                                                                                                                                        Data Ascii: 4^x{1.8LE:?O8LDetKe6GM?ZuZcW0u.H,t}wW7NSS)_h/`iN*^9@b6*S+720SF:mI{yeV9tw%z~L=xGbmOqA= N=RUx$eUbOi?z&Wus<R2{C3:e
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: d6 32 ee 1e 28 9e 0e 53 b2 9e 21 d7 f1 4a 30 7d 55 71 62 9b 7b 7f 70 80 35 71 41 da fa 95 38 ff 03 74 50 bc 5c 74 90 52 c7 5c fd ce 28 4d fd 2d 29 9b f7 36 bb 4c 9f 17 9d f6 c3 34 55 80 a8 64 45 f2 55 a4 5f 70 f2 de f2 a6 54 a6 83 ad 4c ef cd f5 49 39 23 ce 57 63 6a c5 40 52 30 2f d8 5e ca f4 8d 1f 34 22 f5 b0 02 f5 ba e4 49 ff 7c 6f 6b 3e 9f e7 8f 1e 84 69 51 bd f0 78 8b d5 29 c6 44 da f8 18 23 4b 93 05 8f aa ce 77 5f 1e a2 5a cd d8 bc d7 ae cb 1c 0a e7 48 08 75 25 df ab f5 29 79 af cf b4 b1 9a a9 7b d6 6b c4 8d a7 58 45 de bb 5a bf d7 ea 34 6d 75 5a e9 7b eb 5e b0 44 4d e6 73 f9 c9 2e b5 cd bb 8f 00 34 1d 83 29 50 d7 3f 03 53 51 e9 45 97 a9 d6 31 ba f8 d6 66 eb d3 50 de 2b d6 1b 89 41 54 05 ca 43 02 e9 f8 bd d1 7b bb 0a 1d f9 62 be 23 fe de d7 9f eb 21
                                                                                                                                                                                                                        Data Ascii: 2(S!J0}Uqb{p5qA8tP\tR\(M-)6L4UdEU_pTLI9#Wcj@R0/^4"I|ok>iQx)D#Kw_ZHu%)y{kXEZ4muZ{^DMs.4)P?SQE1fP+ATC{b#!
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC15909INData Raw: 13 a7 5b 32 36 f7 5a 4f a7 03 db c7 42 ca 74 74 0d ef 95 08 f6 c7 aa 35 a7 2f a2 44 eb 75 88 9e b6 44 95 a9 07 f5 7c 65 4a 0a 52 9d d6 65 f1 94 1a 84 32 40 89 8e 65 f8 20 cb 1d 3a dc 99 53 ae 4d fe 45 e1 77 57 e4 df d4 ad 52 81 ed 2f ec e0 2d 70 0d f2 02 bf 7a 6d 79 91 2d e1 ec 50 c3 0c d3 8a 4e 8e 91 23 21 53 31 66 1c 3c 99 ea df 00 eb 91 2a 4c bf 74 ff 17 1f 25 89 25 43 92 fa 14 91 1e 95 01 24 95 aa 10 a6 b5 db c3 54 91 1a d3 6e 92 cb 94 4e 21 26 4c d3 6a 8b ca 14 89 76 9a 5a d3 c0 d4 99 2b 04 4d 13 b8 47 ab d9 70 5c 2e 15 bc 6f 7d 6a 6a 19 46 53 e2 3a 98 02 d0 29 f7 64 d6 d3 a1 a1 a5 a0 90 44 a7 3b 41 8f 69 11 91 2a d3 80 a4 44 45 98 e2 7a b9 3b ec 45 41 a2 10 75 cd 8d a7 30 8d 6c 1f 23 f1 a5 86 19 6d c7 e2 f9 b8 24 be 04 52 b1 ba d8 e9 d3 f4 18 2c 52
                                                                                                                                                                                                                        Data Ascii: [26ZOBtt5/DuD|eJRe2@e :SMEwWR/-pzmy-PN#!S1f<*Lt%%C$TnN!&LjvZ+MGp\.o}jjFS:)dD;Ai*DEz;EAu0l#m$R,R


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        218192.168.2.749953129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:04 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069923625&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:05 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        219192.168.2.749950203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC386OUTGET /im.qq.com_new/de9c920b/img/room-5.497658cf.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:05 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 53918
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:04 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 5e379951-09e9-43d1-b44e-201a1282248a
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 19 08 03 00 00 00 ca bb 25 d0 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 00 00 00 94 94 94 6e 6e 6f bd bd be c1 c1 c1 e2 e2 e2 bb bb bb d8 d8 d8 ca ca ca bc bc bc c3 c3 c3 a7 a7 a7 f2 da d8 ef d6 d3 f4 cf cc f6 d3 d1 f0 d7 d4 f4 d2 d1 f6 df ca d2 ac b2 f3 db d9 ae 7f 8b ad 7d 8a f4 dd c5 f2 d6 d2 ef cf cc f0 d3 d0 a9 7b 88 b1 7d 88 d4 af b4 ea ea ea ed d4 d0 df cd cd d5 ab b1 b1 82 8d cf a9 af f4 db c3 f4 bf bd e5 e6 e6 d1 b9 b7 f7 c5 c3 f4 c3 c0 ca ca ca c6 c6 c6 df c6 c4 b1 7f 8b f3 d6 c4 ff ae b6 d2 aa b0 ed d9 d6 f7 e1 de f5 a8 a4 f5 bd b9 f9 e4 e1 f2 d2 c5 fa a8 a4 c2 c2 c2 cd b8 b5 f1 e0 df ce ce ce d3 c2 c1 e1 c8 c6 f5 a0 9a b4 86 90 e6 9d a1 dd 92 a3 f6 de db f6 a3 9d f3
                                                                                                                                                                                                                        Data Ascii: PNGIHDR%PLTEnno}{}
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: e0 64 52 7c bf 0c 9e 3b 6f 2d fc d4 3e 52 ae dd 41 6c 1b d8 ad 65 4e 87 98 0a 99 3b 27 5f cb 73 f7 3f f8 e0 40 85 d8 b3 ef 6e dd fa f7 df 0e 53 b1 07 59 6b 63 20 05 52 30 b5 d5 53 30 a5 19 47 94 34 b8 14 9c 7a a0 96 d9 3a f2 8d 24 65 4a 81 c6 17 dc 38 65 d3 bd 15 37 af 40 a7 86 92 93 a0 71 3c 75 cc 91 f4 18 8d a7 b6 7f 99 cf 91 5c ca dc e0 4b ff d3 76 46 af 6d d5 51 1c ff 13 da 99 87 82 69 5e 52 61 a2 4d 82 10 57 b7 d4 34 7b a8 c4 36 83 12 ac 69 92 29 18 ec d3 f5 21 99 da 92 52 4d 67 71 64 14 09 08 55 42 84 aa 88 b2 42 4d 75 d5 4a 1a db cd 65 50 bb e1 5c 3a c1 b6 41 1c db 0a c5 da 32 41 86 0c c4 ef 39 f7 77 f3 eb cf ac f6 66 b3 27 dd ed 5d da 54 9b cf be e7 9c df b9 e7 77 ee 7b ef 7d 3a 93 9c 7a 9d 90 8e b4 02 9a bc d3 8c b0 c5 6f ae 5c be bd 76 b9 64 53
                                                                                                                                                                                                                        Data Ascii: dR|;o->RAleN;'_s?@nSYkc R0S0G4z:$eJ8e7@q<u\KvFmQi^RaMW4{6i)!RMgqdUBBMuJeP\:A2A9wf']Tw{}:zo\vdS
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: d5 d8 3b 53 2d 29 c8 09 fb 86 c1 e1 d6 56 82 fa 3b b6 df e9 60 72 72 f2 f7 e3 27 8f bd 6a 56 03 a7 9d 5e f8 68 5d 3f 5b 55 a8 6a ec d5 bd a6 55 e8 0d 99 85 7b 3e 5f 99 4a 2e b5 c4 5e b2 28 3f a2 f9 54 98 6a 89 24 4c 23 f8 94 b2 a9 8f c1 41 c1 12 69 c1 dd cc 94 a5 b4 61 53 92 78 9a 7d c9 3f 71 93 df 2c 92 10 7c f7 82 e9 58 b8 45 f9 69 f1 a9 42 55 59 7d 7a 8e 6c d8 c9 91 45 05 c2 f4 56 d1 d8 f0 e4 37 ad a4 e1 ce fa d6 e1 56 81 3a b8 25 2a 53 19 b1 6e b5 13 ca 64 bb 8d ad 4a aa 10 aa c1 b4 aa 44 55 6e 4e ab a7 2d ba f0 a5 7c 4e ab f9 27 f1 a9 0a 3e 25 b0 33 62 da 73 a1 95 69 bc 85 29 c6 31 48 9e 04 4d 99 b6 ac 25 bb ad 05 23 93 29 fe f1 c1 4e 1f 81 03 b4 ab 98 a9 50 c4 07 d6 0e ac 35 7f e2 1f 95 a9 8a 98 18 35 92 3e 66 c8 34 14 ac 52 15 de ca 94 81 0a d2 c9
                                                                                                                                                                                                                        Data Ascii: ;S-)V;`rr'jV^h]?[UjU{>_J.^(?Tj$L#AiaSx}?q,|XEiBUY}zlEV7V:%*SndJDUnN-|N'>%3bsi)1HM%#)NP55>f4R
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC5299INData Raw: 20 f6 ae 9d 64 82 2e f4 77 15 02 8f 78 75 a1 06 e0 d2 65 a0 8a 6d 08 4d d8 bf 7f ff 81 60 30 2f 6a 47 31 a7 b9 10 94 8a 34 2f 5d 99 6a f0 55 5d a8 88 09 29 33 d5 6e 2f d7 62 c3 48 a0 ec d0 be d9 9d 78 94 84 cd 01 d5 46 e0 d3 6a 77 46 86 8b 6f ce e7 c5 06 e4 57 18 16 9d 26 64 51 21 4a 5d 5e 4f 73 41 f9 48 61 9a 2e a1 57 a4 33 a6 ac c3 66 3a e7 41 0d bb 71 85 c0 7f 51 ba 68 ff 14 13 80 35 ad 8e c4 16 0f 13 3b 36 6e b1 c6 4e d2 a6 20 94 8d c4 64 55 e8 f7 0a 53 95 e1 27 40 e5 5a 98 96 a3 86 2f 34 71 a0 ed ab 9c 58 59 07 8b f6 75 fa 41 d3 c6 44 71 6e 8a 6c f6 71 f9 0f d3 95 10 61 15 aa 39 0e 59 7e 3b 66 0c 23 6d 80 79 99 69 31 f9 34 4f 6d 2a cb c9 54 e2 d4 94 fb bd 37 7d 6f 70 be 48 61 77 b8 10 8d 5f b4 af 54 29 00 1b ae 51 b0 37 c5 b2 ad 07 53 41 66 05 5c 6b
                                                                                                                                                                                                                        Data Ascii: d.wxuemM`0/jG14/]jU])3n/bHxFjwFoW&dQ!J]^OsAHa.W3f:AqQh5;6nN dUS'@Z/4qXYuADqnlqa9Y~;f#myi14Om*T7}opHaw_T)Q7SAf\k


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        220192.168.2.749954129.226.102.2344437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC557OUTGET /kv?attaid=05700050920&token=3619167286&topUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&pageUrl=https%3A%2F%2Fim.qq.com%2Findex%2F&domain=im.qq.com&channel=0&from=2&version=1.15.2&platform=&kernel=origin&_dc=0.5179496214337087 HTTP/1.1
                                                                                                                                                                                                                        Host: h.trace.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC139INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:05 GMT
                                                                                                                                                                                                                        Content-Type: image/gif
                                                                                                                                                                                                                        Content-Length: 2
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: Trpc httpd
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC2INData Raw: 0d 0a
                                                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        221192.168.2.749955119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC661OUTGET /im.qq.com_new/de9c920b/img/boy.c5ae9f89.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:05 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 78538
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:05 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 157af333-4694-431b-ac82-03662b76b016
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 97 00 00 03 a6 08 03 00 00 00 10 01 28 1e 00 00 03 00 50 4c 54 45 00 00 00 a2 94 93 cd c7 c9 5b 58 5a 63 96 89 86 72 71 dd bd aa b8 9e 9b c1 9b 88 ed c5 cc a7 cd d5 eb e7 e9 e2 da db cc b5 b2 ea e5 e7 3c 64 77 d3 c6 cc e2 df e2 dc ca cc d4 af a0 70 67 64 e1 b9 a9 a2 8a 8f aa 8f 91 ba ac b7 60 88 0d 92 6a 65 88 be c9 a6 d6 dc ae 65 58 8a bd c7 5b 53 58 35 2f 2c 88 ab 40 e7 df 6a 45 7f 7f 2d 2b 23 ee eb ee f1 ee f0 ea e6 eb f0 eb e8 ee e7 e3 ec e2 de e6 e2 e8 eb de d8 e2 dd e5 f3 b4 db d9 d4 de ea aa 9f de d9 e2 e8 b5 ab e5 c3 9b e7 de de e7 9e 95 9a d5 dc e9 a5 9b d4 ce db cf c9 d7 e8 b0 a6 ca c3 d3 e6 98 8d c4 be cf 32 2b 2c c2 e6 db e6 c7 a4 e2 be 91 5e cd d8 2b 1f 2d e2 d8 d9 e4 8f 86 da 8a 84 ec
                                                                                                                                                                                                                        Data Ascii: PNGIHDR(PLTE[XZcrq<dwpgd`jeeX[SX5/,@jE-+#2+,^+-
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 2f 86 5d 64 e0 9f 96 9c b2 5c b9 72 bf e6 22 68 34 95 99 cf 33 f7 9f 5c 5a 7a e3 83 e9 cf 97 96 96 3e a8 a6 82 e6 36 07 33 98 34 2f c1 56 a3 e5 58 4a 88 c9 36 a1 42 2a 12 2e 6c 17 81 a2 53 59 88 29 c7 14 88 78 a4 b9 b4 24 60 96 2c cb b9 64 d9 98 cb 16 ce 99 3d 2d 95 42 66 8c c1 40 4c 06 be a6 e2 fb b7 fc 8f 2b 63 fc 29 69 2b d9 da d3 03 09 5c b4 59 16 5f 3f 1d f9 73 7f 24 f3 cf 8c 3f ff cc cc dc bc 79 e9 f3 8f 8e 1c 39 47 58 84 0b 78 ac 06 04 85 45 72 46 cc c2 a3 49 c1 c2 99 4f 58 12 fc 02 61 9a 52 19 86 e7 16 8d 8c d1 e3 9a 37 00 06 68 fe 14 30 9a 8b 13 5c b2 f3 ec 56 e2 42 b2 05 06 bd 5c c9 e2 2c 23 be 81 08 8c 22 a3 b0 98 eb fd 24 fd 93 b6 4f 66 d9 14 05 97 a6 bf 73 f9 fc 74 24 b2 50 5c bc a7 01 3b b6 32 32 97 96 7e ff 7d 73 f4 ad 23 6f bd 75 e4 47 e6
                                                                                                                                                                                                                        Data Ascii: /]d\r"h43\Zz>634/VXJ6B*.lSY)x$`,d=-Bf@L+c)i+\Y_?s$?y9GXxErFIOXaR7h0\VB\,#"$Ofst$P\;22~}s#ouG
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC16384INData Raw: 80 b0 60 ac 6f 8a fc 9a 8f 25 41 1f 5f 00 45 4d c7 96 a6 8b 22 2f 54 0a b0 6e dc 1c bc 8f 8a 70 0c 2c cb 54 2f f5 02 d3 4a d4 52 ea 45 7f 92 13 7b 7c f4 27 42 03 cf 75 2e 29 ac 4d 9e 1c 23 b9 9c f2 f1 c5 8d 87 ca 2d da de de 35 47 e2 c6 60 4b c2 a2 7a 31 5c 56 86 2f ba a1 92 21 0c bd e5 d2 ef b3 5e 60 66 c1 65 c8 0b fb 2a 65 90 41 3f d7 79 b0 20 33 7e ac 8b aa d9 67 69 db 79 18 c5 1d 4a 08 68 59 c0 11 a5 5e 3a 8e 59 15 4f 61 1f f6 cc de e0 1d 17 ef 4c 6e 99 0b 3a ad 56 9a 95 dc fd e8 ae 0d 37 f6 b5 c8 c5 27 b5 08 16 b1 94 4a 1a 5f b4 60 59 0b 97 b2 0e 23 8a 19 93 ce bb 90 c5 74 50 db 3c 20 46 41 e0 b3 23 f3 43 54 75 a0 37 76 71 82 a0 47 3a 5a b8 e0 05 a1 bd 9d d5 d3 ae 54 24 16 4e 55 72 f6 a4 d8 8a 4c 79 43 05 b3 3b 72 ca 18 eb e3 a0 7d e2 d2 6c 8e c6 77
                                                                                                                                                                                                                        Data Ascii: `o%A_EM"/Tnp,T/JRE{|'Bu.)M#-5G`Kz1\V/!^`fe*eA?y 3~giyJhY^:YOaLn:V7'J_`Y#tP< FA#CTu7vqG:ZT$NUrLyC;r}lw
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: f9 9e 8e 61 fe d5 4c 4c ca 65 68 e0 10 05 c3 50 26 60 38 ea 67 28 73 c3 a4 3b 63 84 cf 09 bb 8c 62 c0 a2 ba c4 a9 d0 2f 14 e9 ec d1 32 bd c3 23 f2 c4 31 9c 0b 5b 59 de ba e6 1a 80 11 2e 2b 24 33 25 66 b9 e5 a3 6b e6 89 a5 9e 91 8a c6 32 0d 64 f4 8b cf 57 fa b3 7b a5 1c 9b d0 22 d9 8f ee e3 87 aa e4 fd 2a 7c 42 87 a0 85 3f 35 57 8d 7b 24 a3 18 c9 fe f1 b9 31 e4 42 c3 48 42 66 59 46 cf 84 b9 32 82 e1 fe 18 f7 8b 73 d9 65 20 43 14 83 be 01 16 96 c7 df 9c 7f fe 37 e7 5f 22 7e 49 d3 3f 2d 73 e8 2e ed 22 61 4c 34 85 93 61 92 66 22 18 a0 01 97 2b 6f 7d 4c 9e 13 a3 5e c9 70 c5 fd e3 ee 17 c3 72 a7 e7 17 e5 22 7e c9 90 4c 74 dc a2 16 61 08 93 e8 26 85 9a 99 86 3d 2f 70 21 9b 8e bb fc 86 3a 0d 2c 19 d2 28 79 b1 c0 49 9a fc 21 46 32 28 2c 91 b1 4e 8e 5c 08 06 b7 5d
                                                                                                                                                                                                                        Data Ascii: aLLehP&`8g(s;cb/2#1[Y.+$3%fk2dW{"*|B?5W{$1BHBfYF2se C7_"~I?-s."aL4af"+o}L^pr"~Lta&=/p!:,(yI!F2(,N\]
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC13472INData Raw: 74 3e 86 48 46 6d 32 70 29 61 fc 94 90 05 30 fa de 0b c1 82 ad b1 d6 46 42 76 3f 0e d0 0b b8 7c a9 97 df ab 22 c6 1f 5b fd 3c 0c eb 54 20 bb a8 c5 ce 10 d9 8d 5e 1c e9 05 82 51 5c be 17 b9 ea 3c b4 94 75 27 26 d1 8b 4e 94 8d 6c c1 10 97 21 cc 8a d3 38 cc 9c f3 97 8a 63 ab fa 69 c7 5c 74 c5 af 13 32 23 b3 17 cc 05 9e fb 59 05 e3 c9 74 e0 b2 f0 b4 c5 09 1d b2 03 25 ca fb b9 40 66 e6 3c df 35 4f 7e 0f 8f c4 51 9f 1f 64 54 c5 df c1 79 17 19 cc 01 b3 17 99 ca 12 81 6c 14 c1 d8 98 bd 88 5c d8 f7 55 3a c6 7b 63 9d 17 55 91 07 b3 89 c7 f9 f2 7b fc 3a 90 85 65 60 cb 32 70 f9 48 f2 e4 ab f1 37 9f 56 fc 65 b8 54 4f a8 2c 53 2e 7d be 15 63 e5 d8 98 70 b9 d4 fb 0e 7a 99 29 f8 9b ab bf 38 70 29 71 8e ff 74 02 97 38 2d 85 21 32 de 1c 0b 3f 5b 48 94 b9 3f 36 3d 10 04 b2
                                                                                                                                                                                                                        Data Ascii: t>HFm2p)a0FBv?|"[<T ^Q\<u'&Nl!8ci\t2#Yt%@f<5O~QdTyl\U:{cU{:e`2pH7VeTO,S.}cpz)8p)qt8-!2?[H?6=


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        222192.168.2.749957119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC662OUTGET /im.qq.com_new/de9c920b/img/girl.031060e3.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:06 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 94725
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:05 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b9a2ac54-4d42-4b89-80ea-b5921a7b573d
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 b0 00 00 03 a6 08 03 00 00 00 24 62 56 b6 00 00 03 00 50 4c 54 45 00 00 00 c0 c2 d6 5e 60 81 bc bf d5 56 5c 7d 86 8e b3 46 4a 6c a5 af ce de e0 ec f1 f4 fa f0 f0 f5 b3 c0 dc f2 f0 f4 ea ec f2 f0 f0 f5 81 8b b1 50 38 44 61 67 8b a1 a8 c9 43 42 61 f2 f4 f8 b3 bf dc 56 55 77 65 6a 91 9c a1 c1 8f 93 ba b2 c2 e0 b1 c0 de c0 d0 e8 e2 e7 f2 81 84 9a 3c 3e 63 4e 8e bf e9 a2 a6 34 32 50 cf 83 82 e0 e4 ee e3 e8 f1 dd e1 e9 e8 ec f4 d9 de ec da dd e5 c0 ca e4 b1 c5 e6 c3 cd e7 d6 db eb d7 d9 e1 d3 d5 df b6 c1 e0 bc c6 df b1 bb de bd c9 e7 b9 c5 e4 b6 c1 da d1 d3 db b6 ca e9 ce cf da cb cb d7 c9 d3 e9 d6 da e6 a3 a8 cc ab b6 dc ab c1 e4 b1 bb d6 a8 ac cf aa b2 d2 d1 d6 e7 f0 f0 f5 ad b7 d3 e3 e4 e9 7e 89 b5 c6
                                                                                                                                                                                                                        Data Ascii: PNGIHDR$bVPLTE^`V\}FJlP8DagCBaVUwej<>cN42P~
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: af cd 8a d8 04 2f 0f b6 83 7a d5 b1 e0 b7 8e 0d f7 88 5b cc 05 8c 92 55 b3 78 0b 57 f1 aa 60 a7 07 ba 04 4b b1 be 60 f3 09 4f fe e0 f5 1d 0b b6 b3 00 6b 3b b8 2d ab c0 4e dc 50 e0 e6 d8 04 29 ab 41 87 60 1b 5d 9f 03 cf 28 d6 91 3d 0e b1 c7 d8 b1 22 36 7a 08 a2 cc b3 e4 aa 1d 2b a1 d7 cb ce ab 8c 03 5d 06 56 83 d7 a2 e6 b5 a2 57 01 3b b2 47 72 58 02 58 48 1d 0e 87 72 de 95 b8 dd 04 e9 c3 24 c1 6b 84 65 25 82 95 8a 75 d3 e6 b7 b9 94 ac 27 ab 62 95 ac 3b f8 8a 1b 56 b8 22 97 e1 35 8c 03 02 96 71 5e ab bc 9c 70 80 1d 23 1c 08 6a 60 77 18 58 4b 0c 36 73 ef b7 09 87 82 b5 d6 b5 a7 14 5b a0 62 69 a9 e7 2b 96 b0 2e 7c 9b 2f 4a 16 64 79 03 58 88 55 b2 0c cd fa cf 7a 45 5c 43 bd 32 df f6 eb d7 e4 97 bd 00 9a 55 8e 82 9d 8c d2 5c bc ca 40 a0 60 6d 07 b7 45 c1 b6 a4
                                                                                                                                                                                                                        Data Ascii: /z[UxW`K`Ok;-NP)A`](="6z+]VW;GrXXHr$ke%u'b;V"5q^p#j`wXK6s[bi+.|/JdyXUzE\C2U\@`mE
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: 74 a5 98 28 28 7b 0d e7 58 a0 78 ea a9 29 24 bb 08 d9 cd e5 de 16 58 35 b1 0a d8 bb 3b 05 7e 90 68 32 aa fa d0 61 ce a2 72 e8 2a 3e 17 85 59 af 7a 53 b8 f5 6a 4b ba 41 d6 5c 9f 19 11 d6 4a 94 31 d5 a5 13 fe 4a 60 ed 46 a8 90 5d 32 16 7b 8f c7 83 fd 6b 0f 78 05 b0 d1 4c 09 16 5b b6 cb 81 60 a1 66 fe 4e 30 b4 30 18 3c be a5 7d ed ae c7 46 76 3d 4a 62 11 03 b2 b6 e0 ba 0c 54 33 54 8c b2 f2 04 16 c4 a2 f1 e3 f8 23 da 3a e2 c8 91 c5 de f1 dc c0 d0 d0 83 0f 8e ec 19 98 9d 64 8b 86 50 4b 31 ba 52 31 de 09 b2 00 cb ae 17 f0 4a 11 58 87 58 03 6c b6 ea b8 ac e3 b4 70 48 4e 95 28 07 f1 3b 24 17 23 51 16 e7 25 13 04 ca 68 75 41 a7 8b d0 43 54 61 2f d2 7c 2b 8d da a8 61 69 55 b3 29 71 57 f2 3a 36 b8 0d bc 8e e1 4d 0b af f7 2a 60 e7 17 0e 3c 2e 86 4d 62 5b d5 c1 81 2d
                                                                                                                                                                                                                        Data Ascii: t(({Xx)$X5;~h2ar*>YzSjKA\J1J`F]2{kxL[`fN00<}Fv=JbT3T#:dPK1R1JXXlpHN(;$#Q%huACTa/|+aiU)qW:6M*`<.Mb[-
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: 32 41 7c a5 0d 36 7d 16 0a b4 95 9a f9 5a 00 16 47 ca 0c 19 40 ad 06 3b 00 5a 55 fb c4 df 4d c0 76 03 58 42 96 79 e5 3a ac 1a 39 70 c7 c9 61 e9 9d b0 66 95 7a ec 50 94 7a ad a9 da 96 01 16 99 e0 14 99 c0 15 96 ff 32 d5 09 7c 5b 62 ec e0 97 e4 dd ae 98 8a 12 ec 3d 29 25 63 ae fa 30 d2 2d 40 d6 6c ce a5 70 85 b4 bd a2 55 3b ac 01 b6 25 12 f4 45 0e 6b b3 c3 f6 b5 38 6c 0f 7a 5d 4e a9 c7 7a 7e bd b6 3e c2 c4 32 b0 b3 47 cb 98 00 e3 72 26 d8 a0 3a c1 8d 17 ef ee 25 a5 d8 98 ea 06 00 1b 55 61 b5 a1 1a 54 5b 70 4d eb d6 c8 5f f9 86 d3 88 9b 07 0c b0 83 1f 23 12 b0 5a 80 c5 50 d7 57 15 d7 a2 7d 11 5b 7a 5d 20 d6 72 5d bc 98 93 5b 47 99 80 35 bb f0 16 32 c1 d2 2a 8d 1d 58 94 09 a6 79 ec a0 ed b8 f6 67 d2 ed 8a a5 2e 78 12 c0 de dd 94 06 d4 1f 34 9a 86 57 3e 8d c1
                                                                                                                                                                                                                        Data Ascii: 2A|6}ZG@;ZUMvXBy:9pafzPz2|[b=)%c0-@lpU;%Ek8lz]Nz~>2Gr&:%UaT[pM_#ZPW}[z] r][G52*Xyg.x4W>
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: 29 60 e1 09 a4 b0 4f 5c 61 b1 92 83 9a a4 47 1b f9 ca d6 0d ab b7 33 8e e0 bf 2c ac 8e 1f 06 62 57 cd c2 42 07 21 af 00 76 9a 38 b0 a6 af 77 78 ac d6 89 b5 54 4b c0 36 da 04 96 c8 d6 e3 6c 16 83 59 a6 5a e6 61 cb 9c 1b 50 61 c7 1b 38 21 93 8e aa 8d cd a6 f7 5c 71 bd 70 1e 6c 0d 70 6c f6 2c b9 3c 3e 3e 26 b0 df 86 ae 0b 25 60 cf 3e a3 5f 49 93 6e 29 f7 04 37 aa 28 b0 ba f4 b0 78 75 81 8d 8e 20 3a d8 c0 a0 04 b6 0d 0b 9b 02 d7 cf a6 fd fe 91 87 5a e6 09 ec 1c b8 a7 b0 44 56 cb 85 0d df 24 20 b4 24 36 58 02 73 04 36 1d 5b 95 25 68 f6 c7 6b 00 76 32 ea c2 12 b4 b2 c4 fa a0 cb 15 16 1b dc 7d 02 cb 05 43 2a ec fd 4c d3 75 c2 cb c9 6a 76 90 8f 67 6f 54 bd e5 02 4b 79 e4 22 41 14 d8 d8 71 39 b1 e5 db d6 72 71 43 a5 95 52 5f 01 2c 79 d5 9c 8b bc ba 85 2d 9b 2e 5b
                                                                                                                                                                                                                        Data Ascii: )`O\aG3,bWB!v8wxTK6lYZaPa8!\qplpl,<>>&%`>_In)7(xu :ZDV$ $6Xs6[%hkv2}C*LujvgoTKy"Aq9rqCR_,y-.[
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC13275INData Raw: f1 2a 3d b1 d9 e8 c6 40 81 d0 d2 d6 f6 7a 8b c1 2c bb 96 5c 73 05 36 cf 08 1f 2b 65 bb 33 6e c1 d6 b8 1b ee bc ea 96 93 b7 80 5e a4 07 1e 39 a9 b3 3e 8e 69 30 04 ae 67 9d 2f 9c 97 cd aa 06 f4 05 af a2 7f 5b 16 56 03 5d 79 92 c0 b2 b0 56 96 c8 e2 29 1a 79 4f 60 17 1c 2c 01 b8 61 73 21 e5 05 ea 88 b5 08 9b b9 01 be c3 c2 ae 4b 5b 11 b2 1f 06 ac 59 02 f3 04 83 32 4f 90 4f 79 5b 8e c0 1c 2c 90 65 ce 2d 46 a2 e0 85 76 59 21 76 34 3d 7b 30 9a 5a 5e b8 97 e5 ae 7c 33 8f 62 ac 99 83 fc 05 b1 66 73 b9 d6 e5 3c 1f 22 2b 38 15 3c 8b 14 b6 67 58 90 b5 31 03 2a eb a0 c5 4a d8 1b ae 06 b1 37 d0 c6 e2 ac a5 00 b9 a4 69 03 2f 08 c3 b4 1b 45 af 9a 83 05 09 14 67 0e 30 e2 8d f8 9a b7 6a f5 1d 41 d6 9f 53 b2 32 ac 0b 60 6f 52 7b a1 4b 73 6d 8e 20 54 ed c0 3c 81 8a b3 39 b4
                                                                                                                                                                                                                        Data Ascii: *=@z,\s6+e3n^9>i0g/[V]yV)yO`,as!K[Y2OOy[,e-FvY!v4={0Z^|3bfs<"+8<gX1*J7i/Eg0jAS2`oR{Ksm T<9


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        223192.168.2.749958119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC669OUTGET /im.qq.com_new/de9c920b/img/preview-all.ad0b1649.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:06 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 458472
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:05 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: bc77a8c3-bd14-419a-a58c-6e36b2bb1833
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 19 0a 00 00 04 10 08 03 00 00 00 39 55 c0 2f 00 00 03 00 50 4c 54 45 00 00 00 e7 e2 e2 68 66 5b 0e 08 09 0e 0e 0e ce c7 c7 12 12 12 a8 a7 aa 9c 95 98 bb b5 b4 3f 38 3f 9b 76 9c 14 11 12 90 8f 91 0e 0c 0d 85 7d 80 7f 34 1b 70 68 6f 99 8f 92 7c 6c a4 69 72 58 8d 61 51 71 d1 31 c4 b7 b7 59 4d 3f 4c 47 48 9d 8d 98 cb c4 c7 aa a4 ae 5e 56 5f d1 7c 3c 92 90 9a 95 89 92 62 59 5a 98 37 1f cb c0 c1 ca b2 9e df d8 de 16 78 06 aa 97 b0 87 76 7f 72 3e 30 4d 36 2b db d0 d9 8b 7c 78 a1 55 35 bc 6f 39 73 9e c6 93 8c 8c 41 83 16 b2 55 48 a7 98 a7 4e b1 23 bd b7 ba 99 dd db 6e 3d 33 8b de 45 bb 72 43 a5 87 78 f8 f7 f6 e5 e0 e0 95 42 1d d3 bb 95 7c d2 b7 2e 85 1a e2 dc de 2d 87 17 b1 91 6c ff fd fd 6f c4 40 5c c0 a0 54
                                                                                                                                                                                                                        Data Ascii: PNGIHDR9U/PLTEhf[?8?v}4pho|lirXaQq1YM?LGH^V_|<bYZ7xvr>0M6+|xU5o9sAUHN#n=3ErCxB|.-lo@\T
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: 8e d4 df 9a a0 4d 08 4a 60 8e b1 36 d6 5d 5d d3 41 1a 45 81 ad eb 39 b0 97 af c4 f8 79 4c f0 47 a7 86 af d6 12 75 55 7a 03 d4 da d9 1f ea 8b 33 5c 01 69 75 2c e9 41 a4 b2 d8 21 0a 19 42 8b 64 69 17 d2 78 e4 ee 42 bc 2d b2 1e 72 23 e8 aa 64 41 90 0a 91 06 44 a2 7b a9 9f 98 2e 44 db 10 c9 05 a5 42 ce 9e 2e f0 98 8d a9 1c e1 4c fd 46 bb 90 22 14 42 88 31 40 3c 23 15 00 b6 e2 b2 26 d1 39 8c d0 fe eb c0 18 35 71 30 65 d9 12 16 a6 c3 97 17 b6 f5 0a 81 27 b1 a9 90 a8 ed 27 f2 13 67 15 e2 5e 15 ef 43 59 9c 0c 9e 57 ec 0f 1e 78 9e f7 70 75 79 79 73 73 79 b5 ba 42 47 17 26 11 d2 6c 2e 35 cf 5e 28 a8 92 ea 17 7a b0 0b 61 18 86 61 98 ff d8 3b bf d7 97 c2 38 8e 33 84 69 89 d4 84 fa 12 42 2e 15 e5 2f 78 74 22 24 67 6c 73 b3 31 6c ad 56 92 2b 65 29 e5 42 2e 70 25 e5 e6
                                                                                                                                                                                                                        Data Ascii: MJ`6]]AE9yLGuUz3\iu,A!BdixB-r#dAD{.DB.LF"B1@<#&95q0e''g^CYWxpuyyssyBG&l.5^(zaa;83iB./xt"$gls1lV+e)B.p%
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: a1 4b 85 d0 be 3c 29 2a 3b 74 ea 25 5c 22 ab 16 c6 69 33 e6 a3 26 4a ac 44 96 8b 85 f8 26 e4 85 a6 42 5a a5 2e c5 42 b4 40 96 35 0b b1 06 ea ce 85 ec a9 94 37 2c 95 28 17 72 a7 b4 36 00 00 8c 19 47 47 ed be b0 d2 48 39 09 42 0a 42 45 88 2d a3 3a ac 4b 88 6c b2 58 df 13 13 92 34 e9 58 d2 ee de 60 f7 61 3a 44 1e 97 1e 51 4d ac 45 21 f6 49 89 44 60 f1 12 fb ee ba 27 43 54 85 9c 10 17 22 93 5d c8 dc a9 39 71 21 6b 16 ce b0 08 31 15 d2 26 15 b2 3a 00 00 00 00 00 f8 b7 4c cc cc 44 aa 41 a6 27 82 ff 14 b6 21 33 53 67 4f 0d e4 ac 87 b6 08 d9 b3 87 12 21 43 20 1b 0a 95 43 6f 36 6d ba fe 58 3a 86 ec 96 c1 90 0c 41 30 04 80 e5 51 9c 3d 22 1d d4 eb 47 66 8b 01 00 00 fc 57 4c cc 1e 95 5f fe ea 47 67 ff c5 2d e0 f6 c9 24 4d 9c 0a e9 a3 6a 56 e4 c4 a0 54 08 1f d5 ab 78
                                                                                                                                                                                                                        Data Ascii: K<)*;t%\"i3&JD&BZ.B@57,(r6GGH9BBE-:KlX4X`a:DQME!ID`'CT"]9q!k1&:LDA'!3SgO!C Co6mX:A0Q="GfWL_Gg-$MjVTx
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: 4e 8f e9 a5 b5 08 1f c9 71 b6 29 84 ae f8 4d 55 9f 37 b6 c4 c0 e7 2d 09 a3 5d 48 45 b8 4f 22 c4 e7 11 59 9e cb 78 74 5f 5f 2a 84 b8 ae c8 e3 f7 78 00 00 00 00 18 6e 46 f6 b2 0a c9 56 a6 ab 2b ed 42 14 2a 14 02 15 f2 c7 38 e2 42 b2 32 e4 89 09 86 b0 0a 19 c5 7f 26 00 00 00 00 06 c7 ee 46 43 ab 90 ad 76 2a 64 ac 4f 85 44 51 44 96 63 ea 1e a1 e2 20 d7 ae 3d 3a 7c b8 d5 3a dc cb f5 68 9b 6e 36 c2 68 3c 1a 2f 29 2e 94 6c 17 62 ab 90 7b 73 c9 34 ab 90 f9 16 4f c8 a2 4c 48 6e a6 db 6d 77 93 46 e0 b9 54 2e 22 2e 44 e7 42 6c 15 12 54 88 45 55 48 60 54 88 4e 85 f0 84 ac 98 62 21 ab f7 24 79 54 ff 02 00 06 cc aa 6d 61 d8 98 fe 9a 84 4a 85 b8 f6 fb 68 7f 2a 84 16 c1 1a c4 7f 49 f8 e6 61 72 b7 95 10 71 fb ba 42 5c a3 42 6c 47 92 95 21 bc 5b ee 84 83 1f 3a 35 77 df bf
                                                                                                                                                                                                                        Data Ascii: Nq)MU7-]HEO"Yxt__*xnFV+B*8B2&FCv*dODQDc =:|:hn6h</).lb{s4OLHnmwFT.".DBlTEUH`TNb!$yTmaJh*IarqB\BlG![:5w
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: 11 0a 21 ba fc 3d 79 17 8e 45 6a 69 c5 59 4e 2a 64 53 25 46 73 2d cf af d1 58 93 be 20 96 bb 7b 47 16 e1 b4 0e 6c cd a6 e4 49 ae b3 48 c1 b1 82 43 ce e2 81 ad 01 4c 08 97 c7 6a a1 f5 9e a2 47 27 1f f6 5f 09 1d c7 71 1c c7 99 51 8e 3d ad 1e 04 db fc 0f 12 08 51 13 32 39 12 32 41 7f 2c d0 98 6c 43 2c 1a 12 78 10 e9 98 4e df c7 8d 42 18 9c 99 9f d6 36 3d ec 4d 01 11 02 2e 62 23 54 86 84 89 10 dd 11 78 d2 3f ad 5f 3a 90 3f 17 4c 75 24 8f ae 98 e9 30 1d 62 36 04 26 e4 e8 9f fb d7 16 5f 1b 9a 90 0f 03 19 c2 a9 10 55 21 e4 42 fe ba fb e3 ef 9f df 01 af 88 0c 79 25 d4 21 41 e3 10 63 4c 86 90 f4 99 f6 8f ba 44 df 79 c1 9b 85 38 b3 c8 e2 33 2f 5a d1 81 28 2b d1 db 31 6e 44 5d 98 10 bc 00 6c 25 8d 03 0a 77 21 8e e3 38 ff 89 97 d3 d8 52 21 34 0c dc 81 59 85 64 dd 06
                                                                                                                                                                                                                        Data Ascii: !=yEjiYN*dS%Fs-X {GlIHCLjG'_qQ=Q292A,lC,xNB6=M.b#Tx?_:?Lu$0b6&_U!By%!AcLDy83/Z(+1nD]l%w!8R!4Yd
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: 71 28 8c 81 49 14 c9 6a 80 03 49 73 9e 12 04 13 bb 2b f5 94 1f 80 bb c9 b1 b1 01 53 28 ab 74 65 71 11 2a a4 12 47 78 85 21 6e 63 a5 4a 59 6a 63 25 bc 4e 3a 10 0c b1 8f 46 98 0a a9 68 df 74 45 51 14 45 51 1e 41 bc e6 97 5f 87 3b f8 1a 6d c6 5f 48 d3 dd fd d3 72 77 37 ef f5 a7 cb 66 79 77 39 9a da b6 6f 6f 6d ed 10 0e db 0e 21 cc 83 fc 03 a7 e4 b0 0b 2a e4 e0 f3 35 9d 42 a0 42 7e a4 09 39 93 e6 5a d5 85 70 48 95 2c 76 4d 07 a2 42 4a 97 b3 59 df 50 cc c9 b0 22 24 a2 09 89 8f 87 f4 20 d4 20 66 57 3b ac 0d 19 45 2c a4 dc 58 a6 02 69 3c f0 fd 01 4c c1 ca 90 bb 37 21 b6 41 88 8b 85 6c 48 28 44 da 85 9c 5a 3f 16 f2 bc c6 42 94 fb c6 db d6 de c9 5b 65 c0 59 0f 0c 21 dd 68 b7 e6 ab 7e 40 15 d2 5f 2f e6 e3 c2 a1 a7 9e 7c 32 d3 d2 32 77 88 8f 7f b6 03 50 84 20 11 92
                                                                                                                                                                                                                        Data Ascii: q(IjIs+S(teq*Gx!ncJYjc%N:FhtEQEQA_;m_Hrw7fyw9oom!*5BB~9ZpH,vMBJYP"$ fW;E,Xi<L7!AlH(DZ?B[eY!h~@_/|22wP
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: af 15 87 e0 94 b8 d0 9b 10 a6 42 fc 17 f2 a8 03 26 2f 9a de 42 84 70 bc 83 44 08 71 ef e1 4c 88 54 c8 ec 5b 9f c2 56 c1 84 f8 da 58 45 28 a4 2d 4c 08 9b 85 1c 2c 15 72 8e a9 10 e3 df aa 10 3e bc f1 08 8f 42 67 8a a2 c7 6a e2 c1 54 08 b7 ae 00 fc ab b3 50 21 41 2c e4 c7 cf 50 01 3e 92 05 b9 49 ad 45 38 f5 5e 22 02 10 18 bc 2c 7f d9 0f 4e f7 b5 b8 ca 05 43 d2 34 0d 2a 64 55 b8 26 ef 55 ab 72 21 65 89 10 a9 10 be 3c 42 ce 35 17 b2 91 e3 0f df a9 a6 e9 a7 79 eb f1 dd 51 2f 62 91 fb f0 d5 b1 38 e1 46 d0 29 04 f4 79 fb e1 65 08 b4 08 96 3e d2 6c 9f 1e 04 43 24 43 8e b7 9b 99 61 fc 6b 3a 4e c6 ad 59 8c f2 76 1d 51 2b 37 71 76 82 a9 90 02 57 70 0a 17 46 8e 38 52 a5 97 a1 a1 24 ab c3 59 38 15 d2 45 17 d2 95 8c ea cd 38 7b 71 d5 7c ba c8 f2 58 30 21 18 ae 0d 30 18
                                                                                                                                                                                                                        Data Ascii: B&/BpDqLT[VXE(-L,r>BgjTP!A,P>IE8^",NC4*dU&Ur!e<B5yQ/b8F)ye>lC$Cak:NYvQ+7qvWpF8R$Y8E8{q|X0!0
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: b2 6c 36 e2 26 e0 69 0f 0d 6f 4b 74 d6 92 6a 0d a9 90 c3 ac 02 71 ac 73 21 54 21 0d 46 dd d7 d9 68 2a 64 45 15 b2 bc 54 08 5d 08 db c0 3f f4 cf 63 21 2d 99 10 9d 5c 2c c4 0f 85 bc 77 fb 3a 17 32 d1 69 52 21 c3 fd 56 85 b4 6b ab 10 a5 42 5c 7d ac 8b 2f 6c a7 df ed 09 6c 1f 76 77 2a 84 1b d1 e5 ed 5a 52 21 ec 15 e2 a9 10 ec a2 e7 a1 42 88 55 21 e5 2c 69 c4 3d dc 04 5a 7d 1d a2 67 98 2d 8f 56 29 a3 e7 98 67 88 f4 51 7a 19 bc 1a aa 10 42 19 d2 db bb 50 57 2a c4 a9 90 27 9f ec 3d e5 d8 f6 fb ef f7 bf 65 4f 98 90 a7 10 0b 39 36 b3 d9 a1 10 d9 0e 17 07 d1 49 d3 a5 42 54 00 8b 8b 36 72 1a ba 81 85 17 dc a7 e2 43 cf c0 d4 86 db f5 d1 10 dd d7 33 f1 1a d4 a3 c4 00 1b 22 20 43 8e 0d 32 24 b0 63 c9 9c 38 24 52 15 f2 44 2e 55 21 37 51 84 8c 2e 2d 19 17 b2 b4 b4 56 ac
                                                                                                                                                                                                                        Data Ascii: l6&ioKtjqs!T!Fh*dET]?c!-\,w:2iR!VkB\}/llvw*ZR!BU!,i=Z}g-V)gQzBPW*'=eO96IBT6rC3" C2$c8$RD.U!7Q.-V
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: ab a6 f9 19 9c a7 f1 11 9c ce 24 e8 1c 76 54 ac 90 15 d9 d1 f1 2a 24 4d 5a e3 2a c4 d0 8d 54 3e c4 ff 80 97 16 88 85 24 aa 16 30 7c e8 7d 17 0b 71 2a 64 6a a4 1e b2 fd ca 2a 29 32 aa 10 7b 41 2b 44 4f f8 e2 5e 85 6c bc 12 22 64 b0 85 12 a3 bd 0c 20 32 8a 16 ee a6 f6 d3 62 4b 83 28 17 42 15 02 eb 31 bf 80 0e 41 4b 64 b9 5d 15 03 a8 90 2d 9b 91 0a c1 2b f4 9b 62 d3 1e a0 a7 60 88 c9 90 d3 d6 cf ef ce 77 3f fb 3c 25 42 56 bb 65 ba 71 f4 f1 b2 0d 41 18 63 b4 57 88 1e 4a 5e d0 76 98 c4 80 e6 30 bf e1 76 b5 0c e1 ea 24 88 54 09 77 f5 96 3b 13 21 7a 2c b0 51 28 84 68 15 16 0b f1 32 24 86 42 22 3b 1f 13 50 21 a4 28 1a b3 c6 78 20 c4 ce 6a 9d be 58 cd ce 66 ca 84 70 c0 85 94 b9 73 21 8a 85 c8 85 50 86 40 87 6c d0 ef e8 30 5c 0f a7 02 36 84 85 b2 bc 0a 21 9d 5a 85
                                                                                                                                                                                                                        Data Ascii: $vT*$MZ*T>$0|}q*dj*)2{A+DO^l"d 2bK(B1AKd]-+b`w?<%BVeqAcWJ^v0v$Tw;!z,Q(h2$B";P!(x jXfps!P@l0\6!Z
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: e0 12 60 2c 84 7a 23 4c 85 58 e4 c3 0f eb 16 92 16 a0 9a 28 59 b8 2a 95 9a a2 bd 78 0f 07 5a cd 42 4e 6c 14 29 2e 76 44 6d 1a 89 6c 98 53 2f bf c5 2a 64 79 17 82 61 58 26 24 28 90 d5 11 0b c1 a6 23 15 82 eb cd 8f 85 9c 38 36 94 64 93 b7 19 67 29 fc 70 e4 89 f8 ed d3 df 9a 74 71 09 7d 48 a3 0a 01 58 3a 53 21 34 b1 16 0b 91 11 c1 a3 7c 33 bb ef 29 be e1 f5 2a 04 93 47 58 1f 4b ad 3c 94 08 01 2e 13 42 15 92 67 ea 6d 4e 13 32 ad 48 08 0e 15 c9 c2 69 41 32 44 46 c3 d9 10 99 90 9c 59 14 85 42 64 59 0a d2 60 15 41 5d 66 46 b5 9a b9 2c 48 31 e5 2b 1e 60 72 d4 e7 e6 ea 45 5a 3f fd 34 28 87 23 4f df 0b 29 53 3f f9 b0 7d fe 0b ea 62 71 76 2a 8e ad 5a 70 c2 11 2a 0e ed 3a 96 52 0c 85 44 22 91 48 24 b2 0e 7a 8f da bd 67 c7 ed ee a7 e1 31 57 e4 41 4c 4b 86 ec a5 0c d9
                                                                                                                                                                                                                        Data Ascii: `,z#LX(Y*xZBNl).vDmlS/*dyaX&$(#86dg)ptq}HX:S!4|3)*GXK<.BgmN2HiA2DFYBdY`A]fF,H1+`rEZ?4(#O)S?}bqv*Zp*:RD"H$zg1WALK


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        224192.168.2.749959119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-1.31d4bb78.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:06 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 13803
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:05 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 1a85a330-60c9-4123-b5e6-94f16686872c
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC13803INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 6a 00 00 01 6a 08 03 00 00 00 04 06 e0 d1 00 00 01 ce 50 4c 54 45 00 00 00 ff c3 00 ff bf 00 ff c1 00 ff c5 07 ff d4 0b ff cb 04 ff ab 00 ff ab 00 ff ce 01 ff bc 00 ff cd 00 ff af 00 ff ad 00 ff be 00 ff b8 00 ff b5 00 ff b0 00 ff b1 00 ff bb 00 ff c7 00 ff b2 00 ff b0 00 ff cd 28 ff c2 00 ff c1 00 ff cb 00 ff d5 14 ff d1 03 ff d4 18 ff d3 03 ff ca 00 ff b0 00 ff d4 0d ff c0 00 ff b4 00 ff d4 13 ff cd 00 ff ad 00 ff d4 16 ff ce 00 ff c4 00 ff ce 00 ff af 00 ff d3 11 ff bf 00 ff bd 00 ff ae 00 ff bc 00 ff bb 00 ff d2 10 ff bb 00 ff b7 00 ff b4 00 ff b2 00 ff c5 00 ff c6 00 ff ad 00 ff d0 00 ff d4 13 ff b3 00 ff d4 17 ff bc 00 ff ae 00 ff d1 00 ff d0 01 ff bf 00 ff cf 00 ff b9 00 ff cb 00 ff d1 18 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRjjPLTE(


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        225192.168.2.749960119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-4.a0581c94.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:06 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10534
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:05 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 5ec59781-8a0d-477d-860f-cd115b898e9e
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC10534INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 df 00 00 00 ce 08 03 00 00 00 89 ad 27 20 00 00 03 00 50 4c 54 45 00 00 00 f0 ef ed eb e8 e6 f2 f1 f0 e9 e8 e8 ee ed eb dc d8 d5 eb e9 e8 d7 d3 d0 e4 e4 e3 dc d6 ce e7 e4 e3 a8 a5 a2 d0 ce cc c4 c2 c0 cc ca c8 ee ee ee d1 cd ca c1 be bc bc ba b8 b4 b2 af d3 ce ca cc ba b0 cb c7 c4 b9 b6 b4 ef ef ee ad a9 a6 9b 9a 99 d4 d2 d0 b1 ae ab c5 c1 bd e1 df dc ad a9 a4 cd c8 c4 c8 c6 c4 dd db d9 a5 a3 a1 9f 9f 9f a9 a5 a0 9e 9d 9c ac ab a9 c0 ba b5 a9 a9 a9 b3 cc e8 d8 d4 d1 b1 b1 b0 bf bb b7 c9 c8 c7 b9 b5 b1 b9 b8 b7 d3 d1 cf c7 c2 bd a3 a2 a2 de de de c4 bd b5 b0 ac a8 b3 ae a9 c4 d2 e3 b8 b3 ae be be be 25 8d ff f3 f2 f1 c0 bf be f5 f4 f4 fa fa fa c7 c6 c5 de 33 3c b5 b5 b5 f2 f0 ee d3 cd c4 69 c5 ff e3
                                                                                                                                                                                                                        Data Ascii: PNGIHDR' PLTE%3<i


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        226192.168.2.749961129.226.103.1234437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:05 UTC442OUTGET /analytics/v2_upload?appkey=0WEB0QEJW44KW5A5 HTTP/1.1
                                                                                                                                                                                                                        Host: otheve.beacon.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        Cookie: tgw_l7_route=f6ea232aaa461ee191d4715b947092de
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC542INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:06 GMT
                                                                                                                                                                                                                        Content-Type: text/plain
                                                                                                                                                                                                                        Content-Length: 32
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-27=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q039=":443"; ma=2592000, quic=":443"; ma=2592000; v="39,43,46"
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        error-type: unsupport-type
                                                                                                                                                                                                                        Access-Control-Max-Age: 600
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Methods: POST
                                                                                                                                                                                                                        Access-Control-Allow-Headers: x-requested-with,content-type
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC32INData Raw: 7b 22 65 72 72 6f 72 2d 74 79 70 65 22 3a 20 22 75 6e 73 75 70 70 6f 72 74 2d 74 79 70 65 22 7d
                                                                                                                                                                                                                        Data Ascii: {"error-type": "unsupport-type"}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        227192.168.2.749956203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC386OUTGET /im.qq.com_new/de9c920b/img/room-8.c0d3424b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC665INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:06 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 58441
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:05 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 003136a811de76893c7f3a09138cbdda
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 385da0df-c071-4c13-aab3-7f4d741833e4
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC15719INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 07 07 07 d7 d7 d8 95 95 95 7a 7a 7a c5 c5 c6 b7 b8 b8 b3 b3 b3 ce ce cf c0 9b b6 c2 9d b7 7a 71 a5 bd 93 af 81 75 a9 82 71 a3 bb 97 ae bc 98 b5 93 7d aa e9 e8 e9 b8 91 af 99 81 ad c3 9a b6 88 77 a9 7f 6f aa bb 95 b1 8c 7a a9 c7 c7 c7 be 98 b0 bc 9d ba ae 8d af ce ce cf cd c3 e5 89 76 a3 8f 79 a6 e1 c4 fc a7 88 af b6 9e bb 7c 6c 9d 9e 88 b1 b1 92 b3 6e 66 99 b7 96 b5 a1 83 ad ae 4d ad ff 71 c5 89 70 a0 74 69 9c e8 cb fe 71 6d a1 5e 6a ce ad 99 e7 c0 bf bf b4 8d ae ad 9d d6 c3 bb e0 a4 8d b6 0a 72 95 93 3f 96 87 43 b0 85 73 b3 c1 93 e6 44 49 b2 69 75 d4 a0 46 a2 2d 91 b2 4b 52 ba ba 55 b7 aa 72 d6 8b 84 ac b7 34 9e e0 dd e2 0a
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEzzzzquq}wozvy|lnfMqptiqm^jr?CsDIiuF-KRUr4
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: 52 32 a9 86 5d f8 c8 37 47 0a a2 56 1a 5d 93 cc 74 86 9b 33 75 53 53 ac 8a ba 7a a3 c5 c1 62 b9 9c 2f c2 a4 d7 24 c1 73 00 9a 8e 84 63 af cc 4c 72 9a 2d 99 fe 7b cb d6 0b 9f 79 e1 3b 61 1a 7c 36 08 68 e6 53 63 7a 08 42 ef 4f 52 21 fd 2c 73 6e 78 91 0e 98 56 8c 4c 01 d4 90 82 e9 91 a0 8a cd 1f 7e 79 6b 4c 6d 48 43 92 38 db a2 42 4a 91 8e df 79 e7 9d 77 24 6e 35 c1 8c 64 6a 8f d8 60 7e 46 a0 ba e7 e4 a2 6d 80 f9 2e b6 18 8a 2c 20 b6 a1 ea 31 b8 50 07 e9 99 1f d5 5e d5 c8 46 19 af 66 ae cd 2d 08 14 67 c2 9b 8a 52 6e e9 52 f9 22 a9 32 e5 97 25 1e ae 4c a4 bf 56 cc 91 86 c3 fd 13 c3 13 e1 dc f0 c9 a7 86 32 4d cd 9b 9e 84 49 a3 e5 22 4e 4f 36 14 0a 05 30 8d c7 e3 60 7a 4d d7 76 20 9d 8b a7 af 4e 5f 70 fb 99 97 9c b5 75 83 e7 53 3c 65 fa 07 17 6e fb 7d fa fc cb
                                                                                                                                                                                                                        Data Ascii: R2]7GV]t3uSSzb/$scLr-{y;a|6hSczBOR!,snxVL~ykLmHC8BJyw$n5dj`~Fm., 1P^Ff-gRnR"2%LV2MI"NO60`zMv N_puS<en}
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: ab 0d 53 6f af a0 29 81 cc 55 df eb 23 a8 cb 5d 23 97 41 58 4e b1 01 95 0f 31 5c 38 38 d5 bc d7 41 27 20 22 3d b4 a4 55 60 2d 8a 46 a3 8a 45 a5 f6 80 da c2 e6 97 ff bd 99 d5 a2 68 e4 94 79 c9 75 a4 64 1d f3 5c a7 ac d2 5c 60 d3 a2 67 30 35 51 f4 97 fc db e8 52 11 e7 0c ac af d0 de 9e 6a be 41 35 92 d4 6e 9a ce 2d 6c ff 91 7d e9 ab df 4b 47 3a 32 89 6f 38 9e a5 69 65 30 75 d6 e5 aa f6 54 15 72 7a 52 d9 ec a2 ee 05 1a 5a 56 67 d5 11 d1 3b ef 6c b2 f9 0b 93 cb cf 40 bd 76 d3 a6 ee 36 35 1d 1c 7b f1 93 b7 77 12 d1 50 4c e5 2e d4 e4 6e d5 65 a8 b6 1b b0 67 58 51 99 54 5b 63 aa e3 7f 33 7c 69 73 7e b7 e6 a1 d6 ba 0c 18 dd d4 55 51 a6 1a 5c 39 fa 45 a4 51 2d 83 44 e5 cd 8e 15 56 86 6a 9b 9a 96 5a ef dd 9f a6 95 cb b2 5a a7 9a c4 64 e1 07 7e 03 3f 87 46 a1 2a 6b
                                                                                                                                                                                                                        Data Ascii: So)U#]#AXN1\88A' "=U`-FEhyud\\`g05QRjA5n-l}KG:2o8ie0uTrzRZVg;l@v65{wPL.negXQT[c3|is~UQ\9EQ-DVjZZd~?F*k
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC9954INData Raw: db 87 0e 9d b8 fe e2 b9 d3 52 d4 f4 a8 77 6f bf a3 73 f0 69 f4 d2 6d db 38 ec 92 34 04 2a 1f eb c9 4c 42 95 8b 53 2b 26 74 2e 40 29 ca ba 30 4a d2 c3 ae 06 23 af 8d 63 5b 69 e0 0e 4c bb f6 87 4d 55 d5 92 9a 77 de 9b 2b 5a ee 1d ca 29 1a 2c 73 35 54 a5 a2 5a fe 95 8c 6e 43 f9 98 8a ea 3e b6 d5 40 56 59 39 a2 ed 45 d5 24 fd 31 ef 0d 34 55 6b ab 09 4c 81 7b 37 1f ff 26 f6 0a 99 d3 5e d0 7e 13 6f c9 20 a8 8b e8 ba 28 92 5a 7b 04 8f 02 6b 2c 2e f0 39 4d 55 4d 27 5b 02 aa 35 9c 2a 9d 45 ff b4 52 51 8b 29 a7 47 4f 0f 76 9e f0 c3 ae a4 34 20 ca ad 4e bc 80 9a 86 ea 9c 41 af 49 36 0c aa 06 8a ba 31 97 a4 be c6 40 8a 35 ed 9d 41 98 5e c5 ff 35 66 41 fd 0a 67 c0 c2 9a ff 3e fc ec b0 db ae a2 1c 1e 45 34 54 6a 0a d2 10 2a cf b0 68 68 1f 49 cb 93 e2 bf c7 a9 2a 22 77
                                                                                                                                                                                                                        Data Ascii: Rwosim84*LBS+&t.@)0J#c[iLMUw+Z),s5TZnC>@VY9E$14UkL{7&^~o (Z{k,.9MUM'[5*ERQ)GOv4 NAI61@5A^5fAg>E4Tj*hhI*"w


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        228192.168.2.749965203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC387OUTGET /im.qq.com_new/de9c920b/img/room-11.1e3d5127.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:06 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 50531
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:06 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: fbe306cd-42d0-4399-a59a-434cd1ec61ef
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 02 fd 50 4c 54 45 00 00 00 00 00 00 00 00 00 d4 d4 d4 ba ba ba 7a 7a 7a c0 c0 c1 b3 b3 b3 9e 9e 9e 52 52 52 b6 b6 b6 e2 e2 e2 b9 b9 b9 c9 c9 c9 c6 c6 c6 bd bd bd d7 d7 d7 d7 d7 d7 a0 d2 e0 ca df e3 c6 dc df a3 d3 e0 b2 da e3 ab d8 e4 ae d8 e4 a6 af bc 86 a2 b8 bb db e3 c8 bc be a9 af bc c6 de e3 a8 d4 e1 c1 dc e3 a8 d6 e4 ab d4 e1 c9 bd bf b6 da e3 b3 d6 e0 c2 db e0 bf d9 e0 cb a6 b1 bb d7 e0 b8 b9 be 8a a3 b8 af d4 e1 b9 d8 e3 b4 d8 e3 f2 da cf bc d7 e3 b7 d6 e0 dc ca c6 da c8 c5 ea ea ea e6 e6 e6 cc bc bd b5 b7 be d5 ca c9 8e a4 b8 60 5c 56 c9 c9 ca 5c 59 56 ce ce d0 aa b1 be 64 5f 58 cc cb cc ce c3 c3 c9 dd de d6 c6 c4 c6 c6 c7 d3 d0 dc d2 d0 d1 d2
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEzzzRRR`\V\YVd_X
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: f0 3b f4 29 79 e2 f4 75 06 32 35 a8 e9 1c 75 e8 1a e9 ec 22 13 a9 9c 27 fb a2 42 b5 c4 a0 9a 48 a7 60 73 31 69 9e 48 97 d7 df bf 12 44 03 50 32 55 a2 30 28 90 3e f1 84 7c dc 05 a6 2e ad c6 21 f0 e8 00 dc 48 99 0a d4 46 06 95 58 09 d5 2d bc bd d3 36 75 3b 22 19 1d 29 4f 39 21 79 4f 28 ff 32 69 f9 e2 08 b4 28 29 17 eb 3f 05 e2 d1 f3 53 53 f6 5b df 81 5e c6 34 25 3a 14 29 d6 48 59 da cd 3d ca e2 90 3b f3 99 8b b5 91 e8 54 51 63 58 5a be 73 59 88 fe fa c0 53 4f 05 a6 a9 4f 2f b0 a0 2b 40 41 54 84 4f f4 aa b7 ea d3 ce aa d9 54 d5 7b 55 11 93 2a b8 ea b5 6f 83 8b 63 64 0a ab aa ce 5b 5b 33 b3 ae 82 a8 69 cb 90 be 9b cf 46 15 26 54 40 4d 7e 20 65 e7 3e e5 86 4f 28 b2 cc 6d ca 5b 12 ae 8a bb 9a 48 6d 46 8a 7d 61 65 55 05 0e 6d 4b 43 2e a2 2e c2 ed c9 96 48 39 23
                                                                                                                                                                                                                        Data Ascii: ;)yu25u"'BH`s1iHDP2U0(>|.!HFX-6u;")O9!yO(2i()?SS[^4%:)HY=;TQcXZsYSOO/+@ATOT{U*ocd[[3iF&T@M~ e>O(m[HmF}aeUmKC..H9#
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: 94 9b 5e 70 09 d1 87 6c fc f2 bd 26 52 c5 9a 44 cd 4b 9b 1a 50 63 ea 5c 8c ca 3a 3a cd c0 a6 74 a2 8f 55 8d 29 ef 07 c5 5e fd ed d1 8a 35 52 cd 62 e1 42 0e 9b 91 19 6b 51 19 f1 21 01 4d 1e 7d ec 3e ac 47 43 ff 0b 60 21 2c a1 12 a2 8e 38 8a 75 a6 61 51 3a 51 b7 3e f5 d4 1d cd ab e7 3a 50 79 5d e9 da 15 e2 2e 8c fd 7d 0a ed 65 6a 16 cd 33 65 ec 35 8b ea 65 0e 95 d7 d4 2b 8f 5c 3b 36 71 f3 c4 c4 d8 d8 f4 23 ea 52 da 14 f3 a3 7d 63 3c 4f 1e 26 35 77 32 da e2 99 af c6 c6 46 da fa db 94 a9 96 4a c2 14 c5 91 d6 46 32 85 3e 49 a2 bf 3f b4 3b 91 12 69 5e 5c 36 06 5e 6e ef c8 3c 6a af 68 52 4d a7 5d 91 8a c8 c9 ff db a7 10 7f cb 98 36 c3 aa d2 83 c8 02 6b 4f 30 0d 98 10 8c 79 14 5a c0 e3 7d f7 dc 77 1f 5d 8a 41 0a b9 22 c8 46 6d 5b 6b 5a ac ca 0d 1b a2 a7 40 f4 82
                                                                                                                                                                                                                        Data Ascii: ^pl&RDKPc\::tU)^5RbBkQ!M}>GC`!,8uaQ:Q>:Py].}ej3e5e+\;6q#R}c<O&5w2FJF2>I?;i^\6^n<jhRM]6kO0yZ}w]A"Fm[kZ@
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC1952INData Raw: 95 78 39 54 97 dd 02 53 fe 97 fe 51 1b 4a d5 e0 82 e9 fa 14 d2 ac 50 48 cf fc 1f f3 80 3f 2c 7f 15 ee c5 a7 2b 5d 3c 23 49 9c b6 7e 33 4e d3 31 67 71 05 ab a7 c0 60 74 5a f0 5d 2e a6 5e 4f cd 96 f7 d8 3b bb 15 0a e9 cf 95 d5 c7 bd ae d6 53 ef 19 69 bb 25 b3 1f a6 71 e4 b2 68 19 d1 70 26 82 ff a1 26 5f 7d 46 62 66 d5 b9 d7 08 cf 69 c6 c1 56 d5 48 3d 2b a4 c7 d3 11 08 ed b3 69 ff 45 d7 f1 64 af ad c8 ec 56 c7 73 ad c7 90 a5 9b a6 d4 8b 44 a2 29 07 34 0d 3d 4f 5f 9b 2b bb c5 a9 2f 29 a5 53 dc 9a a9 4e 39 08 51 4a bb 23 7a a1 90 9e ac f5 66 ef bf ab dd ab 70 dc bb c2 47 4c fd a0 70 ae ea 87 b5 d1 69 1c 4b 3b 92 35 23 bd ed 02 aa cd 39 d8 4c 6f d3 cb bd fa 05 53 83 4b 4b bb a3 42 21 0d cf 46 3f b5 0a 37 a6 40 45 2f 70 ff 47 99 b6 da eb d3 bd 25 a0 e5 99 fd f7
                                                                                                                                                                                                                        Data Ascii: x9TSQJPH?,+]<#I~3N1gq`tZ].^O;Si%qhp&&_}FbfiVH=+iEdVsD)4=O_+/)SN9QJ#zfpGLpiK;5#9LoSKKB!F?7@E/pG%


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        229192.168.2.749962203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC386OUTGET /im.qq.com_new/de9c920b/img/room-9.348ed857.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:06 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 71635
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:05 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ffd8253c-a89a-44c4-ac25-7cab80ce4452
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 de de df 94 94 94 6e 6e 6e b9 b9 b9 c2 c2 c2 b8 b8 b9 d7 d8 d8 c2 c2 c2 a7 a7 a7 cd cd ce ff 5a 3a ff 64 41 ff 6b 45 6d 17 14 71 18 15 ff 5e 3d ee ea e9 ff 8d 7c f0 cc c5 ff 92 80 d9 b8 af ff 65 46 c4 ab 99 78 1c 18 7b 20 1a c0 a9 96 ff 52 35 e6 e6 e6 76 17 15 c9 c9 c9 ff 6b 4c ff 79 4c ff 97 87 80 21 1a 72 1f 17 ff 73 4b e8 c0 b8 ff 72 46 ef e4 e3 ff 89 75 ff 9c 8b ed c5 bd ff f7 ef c4 c3 c3 ed c8 c0 d4 b4 ac ff 7a 53 b3 1d 29 94 36 25 ff a2 90 b8 24 2b 67 17 15 ff 6f 53 23 62 4a c7 ae 9c bd a6 94 9a 22 19 cf cf cf 92 19 16 9c 3e 2a ff 83 4f 8b 32 21 ff c1 55 ff 8d 56 ff 82 6f 82 28 1c 86 2e 1e b0 26 2c aa 1c 29 7c
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEnnnZ:dAkEmq^=|eFx{ R5vkLyL!rsKrFuzS)6%$+goS#bJ">*O2!UVo(.&,)|
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC16384INData Raw: ff fb 2e 3e fd 1c 66 70 59 99 d8 2a 1e d9 ea 73 4e 54 3b f7 ce f4 b7 50 42 6d c7 d4 e4 ed 02 61 54 1d 7b 1f ba 1b 7f 62 e7 a9 b9 42 9d 48 a8 00 aa 93 29 24 89 ae 1e d6 2b 55 a6 aa d2 2a a0 ee ce 10 53 ce a8 b0 aa da 46 73 2a 50 43 42 d5 36 c5 75 0d aa 42 d2 36 65 ed ae f2 2a e6 a7 df 12 28 8c 4a 85 44 43 94 ba 8d 42 2e 4f 2e 5d 2b 3f fb 2c 58 b2 98 a8 a0 8a c6 44 3e 44 ca 4e a0 5b 58 dd ca ed 28 a8 9d 35 1b 54 5c ff 90 8e a5 39 fc 32 55 e4 d2 51 af 17 97 ea 07 5d 7c fa f9 7f 0b a4 ce 73 67 81 18 fa ca 8e 36 b1 ed 7b da 27 54 98 2e 66 fa 71 56 4d db 54 74 92 6e c1 ed 4a 38 bd 7a 3c 55 18 d5 33 f5 a0 dd a5 10 01 85 0e eb f5 6d ec 77 29 aa 93 57 b8 07 d1 04 53 69 54 e6 b5 77 2c d2 70 9a 12 ea 13 ca a8 83 54 24 01 67 58 65 53 3d 9b dd 0b 9b 1e 5c fb ea 97 a7
                                                                                                                                                                                                                        Data Ascii: .>fpY*sNT;PBmaT{bBH)$+U*SFs*PCB6uB6e*(JDCB.O.]+?,XD>DN[X(5T\92UQ]|sg6{'T.fqVMTtnJ8z<U3mw)WSiTw,pT$gXeS=\
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: 19 ec 25 e4 11 62 4a 19 51 2e b8 b5 73 4c 54 71 73 c0 fd b8 cf c0 d0 fd 10 a7 33 d0 2e 24 a6 db f9 0f 4d 44 f3 53 db 11 3e b4 0a 6b ef 2c a5 1b 57 04 d1 0b a4 53 a3 cd 74 1a de 17 4c d1 fa 19 45 33 9f bd ef 6c 94 ca 54 32 b5 eb 30 9f 27 b5 16 98 a9 4e 8b 48 a1 ca 44 40 7d fe c6 8a 78 1a e7 d1 0c 72 24 62 da d3 df a9 53 25 54 a5 d3 33 6f 3e 3d a0 3a 3d 69 c3 74 38 6d 3a 65 a2 34 23 45 2b 90 63 e9 65 96 a0 d1 66 4a b5 0c 7e 80 9f 60 5a 77 19 46 18 55 0d 13 45 23 90 32 43 c5 d4 25 74 aa 99 fa fc 50 e2 d4 7f 19 3b d7 d8 36 af 32 8e 4b 7c 6e 2b 5a db 09 97 01 ae 21 89 2f 25 8e 66 14 95 5b 21 af 40 64 96 a6 68 18 39 56 23 a1 64 09 4d ea db ec 98 06 25 a6 2d c8 0e 28 91 d7 17 d9 c4 24 a6 38 65 72 64 83 62 90 56 61 22 2e 29 2a e5 4b 08 6b 91 ac 7e a1 aa 04 6a b9
                                                                                                                                                                                                                        Data Ascii: %bJQ.sLTqs3.$MDS>k,WStLE3lT20'NHD@}xr$bS%T3o>=:=it8m:e4#E+cefJ~`ZwFUE#2C%tP;62K|n+Z!/%f[!@dh9V#dM%-($8erdbVa".)*Kk~j
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: 51 2e 7b 6c c1 f4 8e 1a a6 ec 7a 53 01 4b 16 cb a9 c9 91 ad 8c e6 e6 06 87 89 e9 1c 98 0e 23 a1 32 2d 3c 30 52 87 1b 2b 9d 92 43 75 7e e2 65 38 5f 40 65 9d ca 32 ed 19 d0 66 30 44 08 29 24 18 c2 1f 86 d1 0e a6 5c fc a9 75 26 b1 93 6c 4b f5 1e 32 ec 8f 3b 8b 2e a4 1e 1c 05 eb 63 8f 36 a0 e6 1e 3a 66 a6 2d 97 66 4f 5a e9 0e 0d e6 27 ca ed 7b 5d d6 76 ab bd ad e0 b7 38 82 36 29 91 f0 f7 3b 53 ba 24 4a 1f e2 f1 6c 36 ee cc e6 b3 19 e4 bb 06 cb 65 5c 64 ed 47 69 d2 c0 37 97 95 28 49 ac a7 f8 7b 82 29 4a 22 3e bd b7 59 26 01 3a 37 d3 29 e3 14 4c 01 95 bd 2f 33 bd ad 08 71 2a 48 95 60 49 ec 6b 94 d6 eb 0d 2d 8a 48 51 fa 4d 4c ff 5e a7 78 78 7d d4 b5 5e e7 4a 26 6d fe 60 d1 16 f2 1b 62 cd 91 fa 1a df 1b 71 d1 24 02 f3 b6 2a 89 29 7b 6c c4 48 44 b4 86 69 a3 bc 93
                                                                                                                                                                                                                        Data Ascii: Q.{lzSK#2-<0R+Cu~e8_@e2f0D)$\u&lK2;.c6:f-fOZ'{]v86);S$Jl6e\dGi7(I{)J">Y&:7)L/3q*H`Ik-HQML^xx}^J&m`bq$*){lHDi
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC6672INData Raw: ee 92 a5 60 ab 45 08 7b da 84 6a 5c 4f 07 d4 a8 4e bf a2 76 ab 89 2e df b4 6f 61 d5 48 da 54 a0 6a d3 e2 64 69 0b 3a 5d 6f d2 00 0e 50 59 c5 28 a9 09 82 ce 4e 34 d7 63 c5 c9 d2 55 1d 85 61 41 a3 30 78 dd c0 2d 9d d3 e3 72 d2 49 c8 7a c2 0d 98 2e a1 4a a2 59 6a 74 e0 6d 17 4c 6b a0 2a 07 6c 99 d1 ba e8 9a 54 65 d5 2f 41 94 d6 4e 99 dd d1 a6 4d cb 92 f8 33 02 4d dc 52 a8 fa 64 84 f5 b4 67 81 14 48 fd d6 fa db 6b c2 5a 58 85 bb bb e7 15 2a 7c de 3c 50 23 fc c8 3e a4 8a d3 23 dd 86 eb 65 5f b4 d3 cc f2 a3 80 06 2a 93 1d ab f4 4d a6 73 7c af 5c 9d 77 c3 8c ac 20 0a 9e 96 e6 06 52 2a a5 2a c3 c3 b7 25 d3 e9 3c d5 bc 0b be 56 24 2a 9d b6 86 ca ac 21 55 f9 13 91 14 4a e2 55 de 5b dd 23 d0 8d 8d 8d f2 06 a0 3a a5 66 21 15 2a ed a0 3f 56 17 f9 7d c7 93 60 99 ed 9a
                                                                                                                                                                                                                        Data Ascii: `E{j\ONv.oaHTjdi:]oPY(N4cUaA0x-rIz.JYjtmLk*lTe/ANM3MRdgHkZX*|<P#>#e_*Ms|\w R**%<V$*!UJU[#:f!*?V}`


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        230192.168.2.749966203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC387OUTGET /im.qq.com_new/de9c920b/img/room-10.de84dd3b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 55588
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:06 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ba4d351d-ecbe-4040-8bb5-80f020cf5a09
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC15811INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 94 94 94 6e 6e 6e b9 b9 b9 cd cd ce c0 c0 c1 c2 c2 c3 e1 e1 e2 a8 a8 a8 8f 8f 90 f2 e2 e2 ee df dd e1 c1 ba e9 e9 e9 e9 c9 c3 c4 a5 9d c8 ad a9 e1 bf b5 e8 c6 bf eb cd c7 90 59 4d c6 a8 a1 6e 4d 3b 73 4f 3e 92 67 74 c8 c8 c8 8a 54 47 8c 56 4b 95 5b 4d 97 5f 52 8d 64 71 cd b5 b5 99 62 55 c1 a2 9b c9 ab a3 c6 a9 a6 ce cd ce e6 c4 ba 86 52 44 ca b2 b1 c9 b0 ac cf b9 b9 ec d0 ca e3 e2 e3 92 5d 53 e7 dd dd 96 6b 77 c3 c2 c3 9c 65 58 bc 9c 9a df ba b0 90 56 49 89 61 6d dd aa 5d 9b 70 7b 78 51 40 84 5e 69 a7 65 56 7e 5a 65 a2 6c 60 e0 ad 5e ec d8 d7 78 56 60 db b5 ab cf bb be cc ae a8 d4 d3 d4 a6 70 65 c0 a1 9f 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEnnnYMnM;sO>gtTGVK[M_RdqbURD]SkweXVIam]p{xQ@^ieV~Zel`^xV`pe
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: 1e cb d8 d0 60 f0 34 3c af 80 3a 3c 33 36 8f df fb 21 52 42 5a 65 32 59 2b a6 5f 3e 32 fa ca a3 f6 1d 2f 61 66 bb c6 09 a2 b4 07 0a 05 07 10 15 25 5f 7a 42 62 d3 93 4c f6 84 d1 60 59 28 9d ab 3b 16 46 aa 63 a6 20 0a a6 91 f5 d4 22 99 b2 e1 37 61 a6 00 8c 0d 36 b2 0b c7 66 96 8b 5b b8 c9 16 5e 51 cf 86 7f 6c ee 2a 46 36 93 97 94 94 68 42 3f 25 ce 6e 0a 25 4a 52 cf 69 56 e2 5e 55 a7 eb 33 2d 8c af d3 22 62 7a 04 9b 25 b4 53 53 ca ef 71 64 23 2e ca 99 da 87 d8 68 71 e4 e8 15 0a 8e be 46 64 84 75 14 4c 57 96 ae 2d ad dc b8 71 65 62 71 14 4c 11 11 a1 c1 d2 03 8d ba 67 74 46 54 05 1b 27 83 a7 08 68 1e 41 05 53 9f 1f a9 0c 33 b5 9a ac 95 83 93 43 b3 c7 ec ed 69 18 06 05 d6 7e 20 6d ed c5 b9 a0 b2 19 fe 08 1f d6 01 a6 06 62 0a 8e b5 81 27 2c 8f 1b 05 52 a9 d3 d4
                                                                                                                                                                                                                        Data Ascii: `4<:<36!RBZe2Y+_>2/af%_zBbL`Y(;Fc "7a6f[^Ql*F6hB?%n%JRiV^U3-"bz%SSqd#.hqFduLW-qebqLgtFT'hAS3Ci~ mb',R
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: 9f ef 39 e7 fb 9e 73 de 1d 60 6a e2 6f 5e 7e 5d eb 92 20 53 16 61 a6 5f 18 10 53 a2 94 4f 21 c3 14 25 a9 0e 62 92 e9 28 6b 51 9f 3a a2 8e 69 2a ef a9 c3 40 a9 c6 14 48 31 75 93 c2 a4 fb df ff e4 70 f7 fa 7f 00 a7 f4 f1 8f 4f 60 ef b9 b1 2d dd b8 9d e2 94 6c 0a a6 a7 30 6b 5f 40 7d a2 44 ea 5c 8a 2a 91 9e e6 b5 9c 2d 0a bd 6a 48 2f f4 6d dc d4 d9 45 a1 cb db 84 07 8f a8 dc 07 fd 89 64 dd e7 aa ab 67 99 14 90 45 d5 aa 9c 07 02 2f 86 a7 89 7e b3 da 6d ab 76 c1 b2 7b 35 8b ea 12 47 56 78 a3 3e 75 49 e0 b4 a8 46 b9 8a aa 4a 49 50 3d aa 6b 8c 55 ab 62 fb 37 87 99 b2 84 e6 f2 a9 63 ba 54 4c 79 e0 76 4c da 21 82 46 8d 32 95 02 4c 31 bf 13 6c 84 b4 fb 8c 65 7a 2c ef a9 df ff e4 e1 4d 7f 23 4d a9 66 62 02 58 6f 76 77 6f ba 49 a4 5b 74 5d e6 c3 df fd e1 91 30 d2 43
                                                                                                                                                                                                                        Data Ascii: 9s`jo^~] Sa_SO!%b(kQ:i*@H1upO`-l0k_@}D\*-jH/mEdgE/~mv{5GVx>uIFJIP=kUb7cTLyvL!F2L1lez,M#MfbXovwoI[t]0C
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC7009INData Raw: 04 de cf 72 61 84 5f a7 d5 9e 91 fe 34 a6 49 4c 7b 43 02 3b da 0d ce 14 c3 6e b5 a9 64 ff 4e 94 e7 9f e6 d1 ff 51 f5 93 52 ba d4 81 01 dd 0d da aa a2 92 d3 a5 90 d2 2b 92 f0 26 3f 97 37 f9 43 f4 80 e9 2a e9 1a b0 fa 3a 17 81 41 7a 6e ff fe 43 d7 5f 59 2c 31 01 a4 40 35 4d de 52 9d 69 b4 26 9a a9 a6 09 36 4e a9 bc 34 39 0c ca 5b 87 a4 e3 25 91 d6 14 b1 b7 15 3e 3d b8 5d dd 23 12 a9 3d 7a cf 33 6a f7 3f ad 22 a7 d5 4e 11 05 2b ea 9b 1e 4a 65 b5 cd a3 6a 08 be c1 b5 f9 30 1f 33 35 55 3f a7 d8 44 93 ce 7b c6 54 b0 b2 51 77 88 91 23 2f 4e 84 e0 21 c1 73 d2 05 bc be e4 6b 4c 0a 5c 63 0e 6d 4d 69 55 44 4f 29 5a 4b 60 1d 81 a8 bb 47 0d a5 7a af 39 1a 69 03 2a bf ab d5 8d bd b9 8e 84 4f 8d 13 c9 a2 85 27 2d f3 e0 0d af d6 fa 48 7f d8 65 93 42 f4 bd 0f c4 a3 77 4f
                                                                                                                                                                                                                        Data Ascii: ra_4IL{C;ndNQR+&?7C*:AznC_Y,1@5MRi&6N49[%>=]#=z3j?"N+Jej035U?D{TQw#/N!skL\cmMiUDO)ZK`Gz9i*O'-HeBwO


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        231192.168.2.749967119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-5.587b1e5e.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10726
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:06 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 9c3f43a0-00f3-4c47-aad0-c9576d62b897
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC10726INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 92 00 00 00 aa 08 03 00 00 00 71 8c e6 7c 00 00 02 fd 50 4c 54 45 00 00 00 77 78 6f 66 64 5c 7f 7e 75 4b 4b 46 bd c5 bf 66 67 60 41 42 3b 54 55 4f c9 d0 cc 5c 5d 55 87 89 81 59 59 52 59 59 54 5a 5a 54 6f 6f 68 5d 5d 56 5e 5e 58 b0 ba b4 74 74 6c 5e 5f 58 b2 b3 b1 4b 4c 46 5d 5d 57 50 51 4b c3 ca c5 5e 5e 58 5f 5e 59 af b7 b2 5e 5e 58 64 65 5e 7c 7c 74 89 8a 83 96 99 95 64 64 5d 65 65 5e 6b 6b 64 c2 ca c3 b5 b9 b5 74 73 6b 54 54 4e ba c3 bb 84 85 7d 81 81 7a 9e a4 a0 68 69 62 77 78 70 79 7a 72 8f 90 8a 77 7a 73 81 84 7d ae b7 b0 81 81 79 98 9c 96 b8 bc b7 a9 ab a8 6d 6e 66 a5 ad a9 87 87 7f a6 ac a5 bf c8 c0 96 99 92 bd c5 bd c3 cc c4 93 9c 98 92 94 8c 96 9d 97 8a 8d 87 4d 50 4a 9a a2 9e c5 ce c6 60
                                                                                                                                                                                                                        Data Ascii: PNGIHDRq|PLTEwxofd\~uKKFfg`AB;TUO\]UYYRYYTZZTooh]]V^^Xttl^_XKLF]]WPQK^^X_^Y^^Xde^||tdd]ee^kkdtskTTN}zhibwxpyzrwzs}ymnfMPJ`


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        232192.168.2.749968119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-7.17756db7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 11943
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:07 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 7588c5fe-a6ba-4f74-ac22-c9df3fa36555
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC11943INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 1f 00 00 01 1f 08 03 00 00 00 4f 89 32 7f 00 00 02 f7 50 4c 54 45 00 00 00 ff b5 00 ff 4f 01 fd 63 00 ff 55 0c f3 9c 02 ff 58 00 ff 54 00 ff 59 00 ff 60 00 ff 98 00 ff 9b 00 ff 58 03 ff 58 03 ff b9 01 ff c8 2b ff b7 01 ff 5a 06 ff ca 27 ff af 00 ff b0 00 ff b3 00 ff af 00 ff b1 00 ff d3 2a ff b0 00 ff dc 51 ff d7 3f ff 32 65 ff da 4f ff d8 4c ff da 4f ff b7 01 ff c6 00 ff 35 60 ff aa 00 ff d1 21 ff dc 52 ff b2 02 ff 34 61 ff b2 00 ff db 52 ff d3 36 ff 36 60 ff d7 49 ff d3 37 ff dd 52 ff c9 0f ff dd 53 ff d1 24 ff cd 06 ff d9 5b ff d8 3f ff ac 00 ff de 54 ff a7 00 ff c5 4f ff ce 0a ff 8f 00 ff d7 3c ff c3 00 ff ca 00 ff 37 60 ff d2 33 ff c7 01 ff 37 60 ff d4 32 ff 35 60 ff cf 19 ff 35 61 ff c1 00 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRO2PLTEOcUXTY`XX+Z'*Q?2eOLO5`!R4aR66`I7RS$[?TO<7`37`25`5a


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        233192.168.2.749970119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-8.18097ed7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:09 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8670
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:09 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: d2c359df-1289-4bb5-9396-1f1e19c7472f
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC8670INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f3 00 00 00 f3 08 03 00 00 00 64 28 d0 0d 00 00 02 eb 50 4c 54 45 00 00 00 ff da 00 ff c6 00 ff a5 00 ff a9 00 ff a9 00 ff cc 00 ff be 00 ff ad 00 ff a9 00 ff a7 00 ff ac 00 ff a9 00 ff ca 00 ff ab 00 ff b2 00 ff cf 00 ff ba 00 ff a4 00 ff a5 00 ff c7 00 ff c9 00 ff a6 00 ff ce 00 ff ab 00 ff a8 00 ff ac 00 ff bf 00 ff b4 00 ff a7 00 ff c4 00 ff af 00 ff ce 00 ff c9 00 ff c3 00 ff ce 00 ff bc 00 ff b0 00 ff cc 00 ff bc 00 ff cd 00 ff a9 00 ff a2 00 ff b1 00 ff cd 00 ff c8 00 ff c0 00 ff be 00 ff a5 00 ff a8 00 ff c0 00 ff bc 00 ff b6 00 ff ab 00 ff c8 00 ff be 00 ff af 00 ff b9 00 ff ad 00 ff b1 00 ff ab 00 ff b3 00 ff ce 00 ff ad 00 ff ac 00 ff b4 00 ff b6 00 ff b4 00 ff ab 00 ff c5 00 ff ab 00 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRd(PLTE


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        234192.168.2.749969119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC668OUTGET /im.qq.com_new/de9c920b/img/ornament-9.39b61a69.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC469INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8337
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:07 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 4c12ec3b-be59-4654-bffe-2b12240d3f33
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC8337INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d0 00 00 00 d0 08 03 00 00 00 41 7a 1f 46 00 00 02 fa 50 4c 54 45 00 00 00 f8 52 0d fb 51 10 fb 4b 0d 75 a6 f4 85 af f4 82 b4 f7 ff db 29 86 b7 fd 89 b8 fc fc db 25 7a b2 ff ff dc 2c ff df 34 fe dd 2a cc de ed 7f b4 ff 7a b3 ff 84 b4 ff ff df 2d 84 b7 ff 7d b3 ff a5 cd fe ff c0 18 fe d1 22 a8 cb fa ff ce 1d a6 cd fe 79 b1 ff ff b0 12 ff de 35 77 b1 ff 85 b5 ff a6 c6 f8 ff e2 28 ff d7 26 ff dc 30 fb b1 16 88 b4 ff ff dc 26 fe 95 0e dd d7 b6 ff d2 12 a5 cd ff fe da 37 ca a4 b4 ff c6 1d 69 af ff 9d ca ff 82 b2 ff ff d1 2e ff dd 1d ff bb 13 69 ae ff fe d7 2d fa c2 21 7d b4 ff ff b4 11 c0 c1 dd ff df 1d ff ca 1d ff ce 1f ff b7 12 af d0 fb ff c0 17 c2 d7 f2 a8 ca fa ae c1 d3 bf d8 f8 ff c2 16 c8 dd f8 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRAzFPLTERQKu)%z,4*z-}"y5w(&0&7i.i-!}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        235192.168.2.749963203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC387OUTGET /im.qq.com_new/de9c920b/img/room-12.a1354ef0.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 53795
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:06 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 894cfb08-5e0d-429b-8d79-c5fbc57b1ec6
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 bc bc bc d4 d4 d4 79 79 79 52 52 52 9e 9e 9e e2 e2 e2 b9 b9 b9 b6 b6 b6 c6 c7 c7 bd bd bd c4 c4 c4 d7 d7 d7 d3 d4 d4 af af af a2 a2 a2 ab ab ac a6 a6 a7 89 89 8a c9 9c 9c c3 94 94 c7 9a 9a cb 9e 9e c6 95 93 c5 96 95 c2 93 93 ba 9d 92 b7 9d 94 6c 51 46 68 4e 43 44 2e 2a 6e 53 49 ea ea ea 72 54 49 bc a4 9c b4 9b 93 6b 4f 43 5b 46 3b 65 4c 41 ca ca ca 58 43 38 64 4a 3e b6 9b 90 b3 99 91 bb a6 9f b8 9f 96 ba a2 9a e5 e5 e5 69 50 46 b9 a4 9c 75 58 4e c6 c5 c6 70 52 46 71 56 4e ea d3 cd 47 30 2c 5d 49 3f 6d 54 4e 68 4c 40 3e 2f 2d bd a7 9f b8 a1 98 38 2b 28 42 32 30 61 48 3c eb d7 d3 b2 98 8e ce ce ce 46 35 33 4e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEyyyRRRlQFhNCD.*nSIrTIkOC[F;eLAXC8dJ>iPFuXNpRFqVNG0,]I?mTNhL@>/-8+(B20aH<F53N
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: ee fa 16 c1 09 53 c3 2c 9c 68 e9 2f 59 7d 0a 53 1d a1 a3 c9 74 a6 32 07 99 a2 92 49 67 62 31 72 be 55 e8 db 13 53 0f 77 bd e9 8c 8b 88 d2 68 0a b6 4b 7d 30 fb d5 ea ea ec ce 9e a4 5e 30 d5 37 7d fc f1 39 30 3d 0c 9c 39 8a cd a6 09 1a 54 53 33 ad b8 84 69 cb 81 8a bb 68 75 a7 c5 e8 75 9a 65 a6 97 d3 1e d4 cd 1a 69 8f 8c d4 eb db 09 a6 2b 09 30 7d 7f 29 73 5b d5 9e 3d 7b aa 64 aa 99 b4 be 3e 3d 27 c7 d3 4d 9f 2f 60 db 58 5b bf e3 5a 30 b5 48 b6 56 99 29 f3 bd 4c aa 54 a3 7e 28 67 49 4f 73 a1 6a 1f fd 7a 91 95 b4 df ab 7d 57 db 55 5a 4c 01 06 4c c7 1b e2 c9 e9 50 74 c0 06 a4 d0 29 99 cb 72 d4 c2 86 04 6d c3 b8 81 fa 83 d3 b8 e1 7f f5 ab 09 c3 0c e3 f9 ac cc b4 f2 e3 73 1f ef ad 24 85 9a 52 d8 7a 9d 0b cf 38 30 12 0a 96 45 99 a2 e7 d0 48 bd a4 16 94 16 4e 85
                                                                                                                                                                                                                        Data Ascii: S,h/Y}St2Igb1rUSwhK}0^07}90=9TS3ihuuei+0})s[={d>='M/`X[Z0HV)LT~(gIOsjz}WUZLLPt)rms$Rz80EHN
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: 15 04 c4 f4 39 14 8b 54 b8 31 29 c5 06 d3 15 03 47 1b 81 75 75 6a e2 a9 24 be 88 a8 ac d3 79 b4 09 a9 7b 5a 53 23 85 29 5f 88 9a ce 4e 4a cc 12 a5 0a 37 6e f1 ef 4d eb 77 6c 79 d0 32 75 c0 94 21 0a 5a 30 e5 f3 fb 0d 1f 48 61 d9 74 bb 5c e9 52 2d d6 c3 54 a3 8a f5 99 42 a1 0c fb c5 c4 72 93 23 d9 d5 42 22 48 82 f1 a4 38 de 9a 91 2f e3 30 53 28 1c 5f cf c4 69 ad 21 a4 d2 67 df a6 29 a3 8e 98 7d ef a9 f1 54 23 a9 86 50 dd 4e 36 4f b7 84 a9 62 65 a6 6a ed fa 36 6c 53 0d b1 34 26 9c b9 08 8c c0 9a d8 de 6e 4f 56 fa d9 1c 64 41 42 30 12 c1 26 06 a6 52 5b 02 53 82 12 07 52 b7 b4 d7 8c c5 cc d8 3d 84 ea 58 2c 8a 63 22 26 ce 80 06 e0 e3 45 1a 0c 26 a1 bb de 29 d5 9c 21 63 94 2b 8d ae e2 ee 61 d6 f7 0e 18 df 7b 35 c8 94 c2 e9 b2 98 5f 6c 57 bb 54 b3 39 fa ad 36 b1
                                                                                                                                                                                                                        Data Ascii: 9T1)Guuj$y{ZS#)_NJ7nMwly2u!Z0Hat\R-TBr#B"H8/0S(_i!g)}T#PN6Obej6lS4&nOVdAB0&R[SR=X,c"&E&)!c+a{5_lWT96
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC5176INData Raw: f6 cd f1 bb 6d ad 3c 98 27 a0 4e 89 a9 d3 94 c4 d3 5d 72 5f b8 a5 36 4b 66 93 b2 d3 33 19 5b 9c d5 ca 91 32 a2 6a 16 a6 cb a1 11 98 e2 45 91 35 98 c2 50 65 a9 82 da c2 6e 42 f6 a2 90 24 07 23 e2 c9 95 6b 3a 4a ac a7 ba 98 fd 77 a2 a9 ba 02 d5 e2 b5 0b a6 ed 1d 48 ff 53 b9 50 62 b9 d0 7e da fc d9 5a 5e 23 ae 9a 5a d3 52 b6 1b b9 83 5d 02 a6 24 e9 a8 68 6a 67 21 12 c5 fe 42 a0 4a c9 8e ed 9a 8d f1 d4 dd 6f 0b 1d 7c 43 bc c6 02 56 e3 69 be 17 04 a5 2c ba 0c bb ad b8 c5 1d a5 a9 56 ac af c9 30 13 e6 c7 58 fb 6b 05 53 e3 68 21 15 f7 ea fb b5 b5 07 52 07 ce 4f 06 63 f3 cd 91 69 d6 8d 33 41 94 81 f4 65 0f a4 db a2 10 f8 d6 32 60 9f 85 93 9e df b0 9f b7 7c 6e 8f 04 14 ba 42 64 2a 68 86 0c 08 cd 3e b5 03 4d 06 37 34 d3 98 fe 0a 3d 98 12 95 43 a4 fc 83 db aa 2e 62
                                                                                                                                                                                                                        Data Ascii: m<'N]r_6Kf3[2jE5PenB$#k:JwHSPb~Z^#ZR]$hjg!BJo|CVi,V0XkSh!ROci3Ae2`|nBd*h>M74=C.b


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        236192.168.2.749964203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:06 UTC387OUTGET /im.qq.com_new/de9c920b/img/room-13.5bb4e455.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 52214
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:06 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: daadcfcf-e604-4fb7-a95a-b525551ba7a3
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 d3 00 00 02 18 08 03 00 00 00 01 e7 f6 75 00 00 03 00 50 4c 54 45 00 00 00 00 00 00 00 00 00 d4 d4 d4 ba ba ba 7a 7a 7a c0 c0 c1 9d 9d 9d b4 b4 b4 51 51 51 c1 c1 c1 e2 e2 e2 cb cb cb b7 b7 b7 d8 d8 d8 d7 d7 d8 b1 b1 b1 c3 c3 c3 b9 b9 b9 b2 b2 b2 ba ba ba c6 c6 c7 cc cc cd a9 a9 a9 af 8e 8c b2 90 8e a8 88 86 ac 89 85 a8 87 85 b5 91 8e a6 86 84 ac 8a 88 af 8c 88 5a 46 3f 56 43 3c b1 8e 8c eb ea ea 89 51 2a bb c1 d3 e6 e6 e6 5e 49 41 c8 c8 c8 8c 52 2a 8c 54 2d cd a8 a4 db 9d 56 8e 57 2f 98 5c 30 c7 b5 b3 f2 ad 61 c5 9e 99 8a 58 32 fa b8 6c c7 a1 9c c4 c3 c4 f4 b0 65 9d 64 37 7c 53 6b 8f 54 2b 9f 68 3a cc cc cc 95 5a 2f dd a0 58 98 5f 33 9b 61 35 8e 5a 32 98 56 29 95 5d 36 91 5b 34 f4 b3 6a 88 55 2e 91
                                                                                                                                                                                                                        Data Ascii: PNGIHDRuPLTEzzzQQQZF?VC<Q*^IAR*T-VW/\0aX2led7|SkT+h:Z/X_3a5Z2V)]6[4jU.
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: 57 c4 13 4a ce d4 e1 c1 0e 30 8a 69 11 ed c2 9f 9e 19 bc 70 56 45 86 3c 2a 55 92 52 26 4d d8 4e 9d 98 d4 ff 73 af 57 8d 99 06 fa 34 d8 a6 25 3f a2 b4 c2 4c 90 32 53 42 7a 6f a1 75 b7 fe 64 1b fc 59 de 9b 6a b7 77 bf bd b7 60 99 a4 72 a5 59 59 d8 dc ac 2e ad 34 80 e8 ea d9 d1 d1 9d f8 e1 71 b7 db 4a 8e a7 7b c7 de 90 34 a8 b2 f5 87 86 1b 89 22 43 37 55 c4 18 27 70 62 50 3c 89 30 43 25 e4 42 95 59 f5 f1 4e 6a 5f 5f 70 1b 54 7c aa 40 2b 49 8b 1a 55 5c aa fc e1 d2 f9 74 cc c3 34 f2 5f 8f 65 74 af 4f c7 69 67 1c 2b 6f 19 f7 36 4f 1e 87 8c 5a ad 74 21 b1 be fa ed bd 9a 39 9f 02 ad 54 1a cd 6a 75 b3 da da 5b 69 ac 7c 51 7c 0a 99 02 d1 ba 35 9e 5e 7c ed d9 1f 62 12 79 55 39 44 99 69 b1 f0 29 25 d1 19 84 1a 17 a8 44 8f b2 aa 90 e5 2b 8b d1 c3 df 31 ad f6 a1 fe bf
                                                                                                                                                                                                                        Data Ascii: WJ0ipVE<*UR&MNsW4%?L2SBzoudYjw`rYY.4qJ{4"C7U'pbP<0C%BYNj__pT|@+IU\t4_etOig+o6OZt!9Tju[i|Q|5^|byU9Di)%D+1
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: d7 14 bf ed 76 45 5a 15 d5 08 d5 86 32 35 50 37 cb aa 13 4f 3c a2 2f 94 7c e2 f6 27 ac af 1b a8 02 d2 a4 8b a9 c9 59 0a a0 ea f7 cc c4 a9 4d 86 1c 62 2a 14 ea 40 00 f4 f6 db 3f 39 6b 74 b4 84 28 92 22 54 ae 80 aa 43 45 43 a5 89 b6 8d 61 30 d3 3b d2 c2 df c2 b6 9e fa 06 54 7f ed 26 e6 5e 7c 89 33 75 a4 d4 bb 77 8a 68 84 1a d3 6a 75 9d 0a 2c bb ba 48 a7 ea d3 0f 8e 95 b9 71 73 20 aa af 89 32 0d df 07 d1 e7 96 ca cc cd f8 7c db fa 75 af 39 f5 d3 40 f4 59 4c fa 77 22 91 c2 8e e0 da 00 37 a8 16 32 99 04 9b 42 50 50 75 c5 65 ae 2e a1 0a 16 53 a0 66 a0 da 3c 32 1d c6 aa 88 1a 18 8e fc 40 e1 eb 88 9d 6f 6d 00 a6 46 82 69 7f 0d 55 a0 ee f7 5b 02 4f ed 87 a6 2f 47 a9 41 ba 37 ec 9a 50 3d e4 0b bf 10 07 48 ea ec 41 b3 e5 a9 29 ee c6 b1 3c 30 0a 4f 24 a8 28 fa 33 20
                                                                                                                                                                                                                        Data Ascii: vEZ25P7O</|'YMb*@?9kt("TCECa0;T&^|3uwhju,Hqs 2|u9@YLw"72BPPue.Sf<2@omFiU[O/GA7P=HA)<0O$(3
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC3595INData Raw: 70 15 e2 94 f1 44 12 d1 9e 6b 6e 19 a8 2a a9 ea 6a 35 d5 90 50 c3 ef 06 d4 99 9b 42 50 5d 43 b5 a5 5f 2d df 88 b3 9b ef 7a e4 d9 15 a8 cb 9c d7 2c 4e a8 62 a2 ad 11 15 61 b4 32 1d a8 56 89 af d5 c7 c5 44 21 fa ec 43 37 7d 6d f4 cf 9a f6 8f 56 34 fa f0 6f ee b0 ac b6 3e a1 7a 40 ed 8f 7f ca 44 cf 91 b9 43 dd 26 5b 96 44 a8 02 ae 60 cb 27 9f 25 ac 16 96 fc 15 05 aa be f7 4e 94 fc c3 07 13 1d d7 79 9a cd 12 71 98 f5 cb 42 75 bf 13 6a b9 99 d3 11 b3 42 d5 50 5b a8 06 47 79 66 4b 95 f1 7b 50 45 bf bc 91 89 f2 7e fc be 5b 46 f4 8f 61 75 23 af e9 53 6b e5 d6 c3 dc b9 72 d0 7a f3 b8 59 02 39 03 54 57 a9 b1 76 db 66 a8 83 a9 aa e1 57 9e 5b 6d 4c 70 29 30 14 a8 8a 1f 7c a3 59 50 5d 7a 21 ca 94 d1 1c d9 30 27 fb 06 d4 30 55 6d 15 01 d5 6c 35 d7 f4 25 ba e2 19 50 07
                                                                                                                                                                                                                        Data Ascii: pDkn*j5PBP]C_-z,Nba2VD!C7}mV4o>z@DC&[D`'%NyqBujBP[GyfK{PE~[Fau#SkrzY9TWvfW[mLp)0|YP]z!0'0Uml5%P


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        237192.168.2.74995243.137.221.1454437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC875OUTPOST /speed?id=RiaWqsnTvsDTTgQtCE&uin=&version=1.43.6&aid=05da1531-b0ba-4aec-bc1c-01f349377e32&env=production&platform=3&netType=3&vp=1034%20*%20870&sr=1280%20*%201024&sessionId=session-1708076989332&from=https%3A%2F%2Fim.qq.com%2Findex%2F&referer= HTTP/1.1
                                                                                                                                                                                                                        Host: aegis.qq.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Content-Length: 745
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarymdAGcynbnJVSZQDM
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Origin: https://im.qq.com
                                                                                                                                                                                                                        Sec-Fetch-Site: same-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC745OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 6d 64 41 47 63 79 6e 62 6e 4a 56 53 5a 51 44 4d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 61 79 6c 6f 61 64 22 0d 0a 0d 0a 7b 22 64 75 72 61 74 69 6f 6e 22 3a 7b 22 66 65 74 63 68 22 3a 5b 5d 2c 22 73 74 61 74 69 63 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 71 71 2d 77 65 62 2e 63 64 6e 2d 67 6f 2e 63 6e 2f 69 6d 2e 71 71 2e 63 6f 6d 5f 6e 65 77 2f 64 65 39 63 39 32 30 62 2f 69 6d 67 2f 62 67 2e 32 35 32 61 36 32 34 62 2e 70 6e 67 22 2c 22 6d 65 74 68 6f 64 22 3a 22 67 65 74 22 2c 22 64 75 72 61 74 69 6f 6e 22 3a 31 38 37 30 38 2c 22 73 74 61 74 75 73 22 3a 32 30 30 2c 22 74 79 70 65 22 3a
                                                                                                                                                                                                                        Data Ascii: ------WebKitFormBoundarymdAGcynbnJVSZQDMContent-Disposition: form-data; name="payload"{"duration":{"fetch":[],"static":[{"url":"https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/img/bg.252a624b.png","method":"get","duration":18708,"status":200,"type":
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC134INHTTP/1.1 204 No Content
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: openresty
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        238192.168.2.749971119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-10.4f6a1e0d.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 17747
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:07 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 6cafdb0c-941f-4875-86e7-938860d07806
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 37 00 00 01 37 08 03 00 00 00 f8 fc f6 00 00 00 02 fd 50 4c 54 45 00 00 00 ff 79 7a ff b3 b4 ff aa ab ff 68 6a 03 86 31 00 7e 22 00 7f 22 ff c8 ca 00 7f 1e ff c9 cb 00 81 25 00 83 29 00 81 27 ff b6 b8 ff d0 d1 ff d2 d4 ff 9f 9f ff c2 c5 ff c6 c9 00 7e 20 ff c5 c7 ff c1 c3 ff c1 c4 ff a7 a8 00 7f 25 ff c8 c9 00 82 24 ff a9 a9 ff 8e 8e 00 80 24 ff a7 a8 ff a2 a0 ff be c1 ff ba bc ff b9 bb 0f a1 57 ff 8a 8c ff b4 b6 ff d0 d1 ff a9 aa ff b2 b4 01 7f 24 ff a5 a5 ff b4 b5 0c a1 54 ff b3 b4 ff c9 cb 12 a1 55 ff d0 d1 ff c4 c6 00 7d 20 10 a1 55 ff 8b 8c ff a4 a5 ff c5 c7 0a a0 53 ff a9 aa ff 8b 8d ff 8c 8d ff cd ce 7e a4 70 ff 95 96 ff b5 b7 0b a1 53 00 86 2f ff 8c 8a ff 95 95 ff 86 87 ff e6 e6 ff a1 a3 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDR77PLTEyzhj1~""%)'~ %$$W$TU} US~pS/
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC1833INData Raw: 8e 6c 56 ae 24 b7 12 16 37 b8 24 9c b5 cb 7f ac d5 df 65 fd df 80 30 71 1f 5e 00 d8 0c 91 75 bd ff d0 fd ed f4 e9 d3 67 b0 a8 e6 d8 64 a6 33 96 53 c3 4a 1d ea 59 6c ee 68 ca 79 8a 0b a1 5a 15 d5 76 03 6c 37 9b 52 70 bd fa f5 b9 7d f1 fc 85 1b af 0f 57 aa 66 2c 70 b9 c9 e0 cb 2d 75 d2 d2 0e 47 35 b0 e9 de d7 b7 6a 9c fb c4 eb e6 f3 e2 2c 9f 73 fa 98 4f 88 77 75 bd ef 6e bc be 01 33 a7 26 b9 64 97 22 62 f3 6e 3c 2b f8 71 1a 3f 20 d7 61 41 6e 7a 1e a2 26 3d 7d eb c2 f9 8b 37 87 64 9a 90 be 7d 2e 5d bf 26 38 56 5c 35 52 8d e3 8a e1 18 5f 71 3b c3 a3 96 6d d4 f4 0e e7 d8 f4 e5 7d ac fb cf 3b 3f 7e 6c 74 7f b2 f9 fe fd db b7 1f e7 cf 5f b8 70 eb d6 8d 1b 80 53 7c 9b 5a 38 a9 29 6d e9 33 bd 6f 54 b9 d9 d3 29 d0 10 a9 55 d4 a4 37 a7 64 9a 92 7e 67 2f 5d bf 79 fb
                                                                                                                                                                                                                        Data Ascii: lV$7$e0q^ugd3SJYlhyZvl7Rp}Wf,p-uG5j,sOwun3&d"bn<+q? aAnz&=}7d}.]&8V\5R_q;m};?~lt_pS|Z8)m3oT)U7d~g/]y


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        239192.168.2.749972203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC392OUTGET /im.qq.com_new/de9c920b/img/user-profile.a6a93e4d.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC667INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 500143
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:07 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:33 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: df7901be8e24fc5b16724eaaeabf571b
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8fc07d23-931c-4c4d-bd1d-22767142e82a
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC15717INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 84 00 00 05 72 08 06 00 00 00 98 db ef c5 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRrpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC16384INData Raw: db e6 89 8e 73 20 dd 0d 45 8c 6c d8 7c b3 a7 ac ce 42 e3 72 df 87 a9 eb ba c1 91 08 ca c5 45 1b d9 ab 1b 35 f6 e7 17 74 a5 24 77 ba 06 e1 cd af 7d 95 de 7a e3 8d be c8 b3 5c 3f 2e c9 98 3c 7c 48 8f ca c8 e1 69 99 0e ae 89 23 7f e3 4f fb 28 65 c5 52 e7 f8 f7 da 8d d2 60 e3 8d 9b 6e 7d bf 2c bd a3 e7 3e f0 a1 36 62 a8 c7 f7 0b 9c 36 8c 3d d6 20 3e 2a 23 8f 83 7d 3b 2e 2f f7 74 f6 e8 3e 5d 3f b9 4d 57 af df 6c 81 e1 5a 31 f4 2a 8b cb c7 e7 6d 2d 41 e8 11 96 93 87 6f f6 b5 04 47 27 c7 6d b3 c9 f9 fd fb a3 c1 c2 96 8c d6 71 cc 9c 32 b6 2e 43 43 1d 11 bc 58 50 62 db 39 1a 30 82 b6 9c a3 55 ed ba 01 d6 b1 da 23 d2 c6 d4 91 04 56 80 d4 89 56 8e 01 9b 37 3e e6 9a ab e5 27 1a 68 88 74 e7 6d 0a 88 b5 ce 8e dc b4 f6 b4 94 9b 99 63 63 62 e7 19 82 d6 a5 59 4e ed 1e e8
                                                                                                                                                                                                                        Data Ascii: s El|BrE5t$w}z\?.<|Hi#O(eR`n},>6b6= >*#};./t>]?MWlZ1*m-AoG'mq2.CCXPb90U#VV7>'htmccbYN
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: 6a 7f 7a 7c 74 f4 91 dd 61 82 60 87 2c 10 e5 84 8c 67 25 08 ee db 2b 56 9c c8 8a f3 ca cd 9b c4 d3 eb 66 d8 88 54 6d 72 4e 5d 8d ad 0d ab c9 a9 33 6d 89 70 90 23 0e b5 93 cc 60 f4 10 cb 69 76 0e e0 7c e2 81 40 c8 7e 6b e7 fc 48 7f 27 21 61 10 58 74 07 f2 7a bc e8 71 83 3a 80 a1 eb 08 77 ed 5b c9 3b 3a aa 6b 0a 4b e2 7d 5a bf 8b 7c 79 8f ee bf f1 05 3a 7f f0 3a 85 09 fe 18 c1 29 38 10 a5 d0 c2 58 41 96 f5 e2 91 a3 46 6a 14 c7 63 51 f9 c7 e8 3a 83 ea 8c 42 79 59 65 63 07 8e d8 22 87 04 67 42 09 8e b3 69 45 42 10 71 29 c8 28 39 d8 14 74 c8 25 bd 6a 48 b2 3c 43 5c b2 8e 00 87 67 4b f2 18 02 8f 26 40 66 d1 92 8a 63 f2 d1 b1 ad d6 7d 4e 62 b7 d2 c9 5f d9 ed 38 4e 5c 8e 20 c5 7d 59 45 b0 24 d1 14 61 fc 97 ec 80 d1 67 db 0d e0 cf a1 3b 3d 41 c5 9e 0e 12 c0 66 03
                                                                                                                                                                                                                        Data Ascii: jz|ta`,g%+VfTmrN]3mp#`iv|@~kH'!aXtzq:w[;:kK}Z|y::)8XAFjcQ:ByYec"gBiEBq)(9t%jH<C\gK&@fc}Nb_8N\ }YE$ag;=Af
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: 92 53 3b 78 6c f8 38 e4 cf 03 86 49 ca 4d 5f b8 6f 4a 03 05 63 d5 88 6b 9b 32 15 5c 22 7f d7 ab 10 be ee 42 e7 8d 73 61 d7 69 66 5e 3b 7e bf ef 47 d0 ac 51 c2 8b 8b 73 da 2d ed d0 eb 93 b3 73 fa d3 ff db ff 9d 1e 7d fc 59 ab b2 3b 83 2f bb 33 98 23 36 39 00 83 d3 24 b9 43 79 f2 cb 13 62 31 28 8c c0 33 5b f4 e2 49 75 1c df 0b cd 81 d8 13 73 d8 46 06 0c 23 6a 9e 1b 7e 57 4c f1 59 d4 b3 9c f0 a1 01 d9 ed 98 45 1c 53 32 c6 fa b9 a9 43 af 88 a6 f4 b0 aa 42 17 66 c6 a5 80 e3 84 ec a4 aa 2a fc f2 24 13 12 65 24 ab 2b 37 e4 81 0e 2c 67 8f 36 35 45 60 85 69 08 8c ce da 9e f1 83 5f 9e 3d 3c 92 72 10 61 6b 2a 39 e8 86 0d f0 71 5a 95 37 6a 9f 4f 89 e3 3a 51 db 6b 34 e9 f3 54 2c 3d d6 69 97 23 0a 8a c7 29 bf 88 1d b9 0e d0 eb 5c e1 0c 09 82 8e 43 4d cc 0f f8 c3 4b 88
                                                                                                                                                                                                                        Data Ascii: S;xl8IM_oJck2\"Bsaif^;~GQs-s}Y;/3#69$Cyb1(3[IusF#j~WLYES2CBf*$e$+7,g65E`i_=<rak*9qZ7jO:Qk4T,=i#)\CMK
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: 4f 14 0d 8b d6 01 03 44 f6 c8 a4 b7 55 28 47 b4 00 60 c7 77 1c 4b 8f ba 9e e1 9c 43 02 66 90 80 55 af d4 70 c3 1e 8e f5 8e b8 70 ee ab 10 a6 8b 31 9b 2c 49 50 1d 59 9f f7 17 c8 2f 8e 2b 59 9f e0 31 4d 12 ea 45 63 23 1b 78 bb d1 71 03 03 dd 6f f4 a0 a0 e3 39 20 1e 41 46 4d d6 65 c5 1a 08 6d c4 76 aa d1 04 e6 56 dd 89 54 9c 26 ed 52 dc 30 38 70 84 c3 0a 95 82 22 1a 74 21 12 9d d2 0e 5a c2 ba 12 17 99 ce e1 4c 0c cb e5 75 39 7f 4c 1b a9 c4 1e 94 a7 a0 9d 9f d0 48 4c 8e e3 80 12 f8 a4 c3 c2 6b 7c 89 eb b9 b1 19 6a 4b 67 14 f6 3c 0e a3 da ef 09 9f 0c 6d ee f4 08 3d c8 21 77 96 1a 9a 0d 94 4c 6b 80 c3 8d 6c 56 d2 82 15 43 79 95 27 db f8 45 82 4a b4 cb 36 9c 7a a1 58 f5 6c e3 58 d0 ad 94 f9 02 12 99 dd 36 aa 98 ed 25 ff 8d b5 34 1c 81 9e aa 77 9b 9c 06 26 23 a5
                                                                                                                                                                                                                        Data Ascii: ODU(G`wKCfUpp1,IPY/+Y1MEc#xqo9 AFMemvVT&R08p"t!ZLu9LHLk|jKg<m=!wLklVCy'EJ6zXlX6%4w&#
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: 08 1e 40 8a f8 f7 fa f4 0b 16 d8 3f 81 f0 7c bc 09 59 37 d9 3b 58 d0 9f c1 25 ba b6 2c 1b 74 81 6a 94 27 b0 aa 0f 4d 15 de 50 1d c3 5b bd 94 23 0a f3 03 31 78 5f 85 d0 1b 6e 72 61 4a 50 53 73 5e 6b 14 8c 5a 34 aa 7d 2f 7b 47 a2 a7 c8 6b 9f 53 1b bc 1c 6e cb 12 84 b2 b3 f8 74 52 1f 0c 1c d0 ab ef 3c 6f 4e d0 69 99 26 7e 5a 37 4c a8 23 aa 3b 83 75 c7 b0 96 33 8c b9 39 ae 1c 0c 98 4c 1a ac cf 9d 40 cb b2 4d ac b6 61 86 fa 61 95 2e e1 da 7d 7a e6 98 1f 9f a3 74 63 1a a6 31 cd d3 ec bc 09 ce 5b 9b 12 46 19 6d 75 87 9d d7 3d 5f a0 67 5d bf 79 47 76 f6 0b 3b ec ba 89 ac 5c f7 83 ad cb 97 4d 2e 1e 3f a5 73 f9 36 2d ef be 58 6d cc 1a 79 78 f9 ba 7e dd 65 77 f2 ed f5 ef ac ba f7 87 9b 2b 5a 0e 77 5e c7 03 92 20 4a 11 bd fb 0b 4d df 25 f9 40 c7 5b 3c 4b 2e 42 33 3c
                                                                                                                                                                                                                        Data Ascii: @?|Y7;X%,tj'MP[#1x_nraJPSs^kZ4}/{GkSntR<oNi&~Z7L#;u39L@Maa.}ztc1[Fmu=_g]yGv;\M.?s6-Xmyx~ew+Zw^ JM%@[<K.B3<
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: d5 20 50 75 4b 33 d4 60 34 6e 7c 22 ec ca c1 a2 6f 5c 72 40 25 8f 93 f7 29 ea 51 af 8c 9f ab bf b6 2d 85 50 63 54 20 d7 d5 4c 6f c2 d8 a4 62 a1 52 34 8d 93 be 5b e7 b4 e4 dc fa 48 bd 95 fd 9e 6f 9b 9f 5b c1 a5 0e 28 28 ca d2 8f b6 0d f1 82 6a ba 8b 77 4b 8b d4 50 f5 bf d8 0e aa cd 1e 3f 67 ba b0 30 9a 12 36 1b b1 eb bd 2e 6e 1a 9a e1 69 cf f8 67 71 66 57 03 66 9f 17 0a 91 a6 56 4b 53 d2 1f 4b 5b fb 59 38 1c 6e e9 44 96 4f a0 45 04 45 50 68 ed 5d e1 02 64 e0 a2 74 c3 a3 30 4c 7e da 67 30 32 58 71 3e d0 65 3a de 11 46 54 f9 6a fa 1a e9 8d 7f 9f 55 37 19 93 0b 94 ad 59 ae e7 77 1b 23 5c 61 ed 86 e1 5f eb f3 53 b9 24 61 66 54 b9 6c 03 18 a5 f1 ae 6c 07 8c 03 28 44 b7 b6 c8 69 d4 8c 14 ef ec ec 1e dc bb 7b c7 1e 16 e9 4c de 64 d6 34 1e b8 86 a3 9c 4c 86 ee 00
                                                                                                                                                                                                                        Data Ascii: PuK3`4n|"o\r@%)Q-PcT LobR4[Ho[((jwKP?g06.nigqfWfVKSK[Y8nDOEEPh]dt0L~g02Xq>e:FTjU7Yw#\a_S$afTll(Di{Ld4L
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: dd 53 9f 61 32 69 49 d9 c2 31 6b 98 37 c7 f1 de d5 f0 1c 5d f4 58 77 dd 36 db 17 14 31 58 ad 49 09 7f a0 fe 08 53 06 26 f4 20 95 28 45 29 0f 15 dd 47 a1 90 df 48 e8 95 3f a1 28 8d d4 06 f2 9d 2e c9 1b 0e 29 eb c0 e9 44 d0 dd 92 81 03 d1 ed 58 96 c0 59 fa 0c f3 62 93 b1 c1 94 48 27 9d 86 90 4a 84 a6 d5 3d a7 b1 fe 6a c2 78 c5 61 2d 3f 87 9e 9b 5d 98 ed c0 82 04 7b 30 f8 c8 14 ca 3e 09 f7 8e ae 88 1a 86 9d 1b 1f 1c cc a4 9f e4 de 6f de 8f 11 4b b3 9c cf 41 b4 92 36 26 76 72 db 89 93 1a 46 30 e2 81 a1 bd 23 59 40 a1 37 cd 73 2e 1e 82 9d 20 45 d3 0e 69 bf d7 10 37 b1 5b 6c b6 0a ce 93 b7 d3 a3 d0 bc a0 3a 06 4f 5f 7c 57 c5 6b a7 e2 a1 10 9b a9 75 53 d6 05 e0 d4 5f 2f 0d 78 53 94 78 7b 8a e6 52 a1 72 b6 4e 6e 51 d9 68 5b b0 12 53 77 70 44 83 44 07 8e 03 08 66
                                                                                                                                                                                                                        Data Ascii: Sa2iI1k7]Xw61XIS& (E)GH?(.)DXYbH'J=jxa-?]{0>oKA6&vrF0#Y@7s. Ei7[l:O_|WkuS_/xSx{RrNnQh[SwpDDf
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: 78 56 1a e7 c0 9d 92 74 a2 9f f0 5c af c5 81 18 f7 0a 01 c2 46 57 2d ed 0b 1d 82 8e 15 6a d5 b4 a4 f2 ca 55 20 03 c2 ec 42 ee 82 bd 42 b2 2b f4 fd ec 6d 2e 9d 3b 85 f4 2a 9e 38 31 fc 7c 4d aa 93 7c 66 94 3d 23 10 4d db 42 31 14 29 b6 03 9c b3 11 ef 44 79 56 ec 6b f0 fc 3d 09 e0 6b db 0e ae 3e d8 1a e2 60 26 dd dc 4d e0 cc 8e f0 f0 0a c1 b5 5b 46 42 74 0b 7a ef ba e7 ff 13 b4 13 00 21 db f9 f1 09 d6 52 f8 ef ff fd bf cb 5f 1e 58 9d c9 20 4c 03 42 76 29 c3 12 34 1f 58 42 c6 6e 4b f8 90 88 56 fd 32 b0 f9 da af fd 5a 01 46 3f fb 67 ff ec 62 b9 b9 eb 94 ef fd de ef 15 69 db 67 7c c6 67 f4 e2 7e f3 37 7f b3 80 c7 cb 02 42 0e 6c e3 c7 a7 a2 f9 34 f4 db df fe f6 a0 aa 65 75 2a 83 64 56 19 4f 0d 0c 82 59 fd cd 6a 58 06 9b 9c 96 db ce aa 74 b6 53 f4 92 39 06 7d ec
                                                                                                                                                                                                                        Data Ascii: xVt\FW-jU BB+m.;*81|M|f=#MB1)DyVk=k>`&M[FBtz!R_X LBv)4XBnKV2ZF?gbig|g~7Bl4eu*dVOYjXtS9}
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: 65 5f 99 8a 33 cd d0 d8 be bd 48 07 59 fd ed 40 a4 af af 01 e7 52 02 53 af f3 99 bd ab 12 77 13 29 04 47 e0 09 24 f5 e9 06 a4 79 82 60 00 cb 33 0c 4c 12 d4 7e bd 82 6d 7c 77 43 b1 ff c8 e0 ba 00 ac be 8e 00 06 e0 0b 5b c2 a8 82 e7 f3 65 23 0d dc bf 7d 07 cb ef 7e 57 40 77 6f 8e 23 3d 7b 41 db 86 2c c5 ee 0c 72 54 25 7f 27 fb 68 ea 3b 2f 8d 39 a8 fa 5e 43 01 f5 0b 91 b8 9a aa 9a 8f cb 8c f4 77 4b d2 58 aa 47 d7 5a c1 79 ee 61 cd 48 a5 9b b5 a7 e7 e7 3c da fb f0 e1 97 cc ef d6 ba f0 65 07 77 bf 2a 6d 52 78 fd 8e 7d 77 25 fa 4d 83 63 5b f2 bb 7e df d7 a7 cc a3 28 7a 4e a2 70 8a 65 a0 a3 95 f4 7e 27 e2 0e 38 27 d9 3b 41 86 b2 54 1f e0 c3 91 47 83 86 12 ed eb 8e ec 45 db e9 79 cb 85 83 28 49 c7 79 d3 12 55 a2 11 77 1c c8 fc 24 a5 c1 62 f8 94 7c c9 86 07 73 2f
                                                                                                                                                                                                                        Data Ascii: e_3HY@RSw)G$y`3L~m|wC[e#}~W@wo#={A,rT%'h;/9^CwKXGZyaH<ew*mRx}w%Mc[~(zNpe~'8';ATGEy(IyUw$b|s/


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        240192.168.2.74997320.114.59.183443
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=h7TpwPWTnx9b8Nd&MD=UGSOSwfe HTTP/1.1
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                                                                                                                        Host: slscr.update.microsoft.com
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC560INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                                                                                                                        ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                                                                                                                                                                                                        MS-CorrelationId: 8f9e07cd-f86b-4964-9d45-ce3475dd95a9
                                                                                                                                                                                                                        MS-RequestId: 2ffea8fc-5cd4-4819-ad44-4ab57d86b67a
                                                                                                                                                                                                                        MS-CV: awDuyDo23Eu/hGgD.0
                                                                                                                                                                                                                        X-Microsoft-SLSClientCache: 2160
                                                                                                                                                                                                                        Content-Disposition: attachment; filename=environment.cab
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:07 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Content-Length: 25457
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                                                                                                                                                                                                        Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                                                                                                                                                                                                        Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        241192.168.2.749974119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-12.963691a2.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC469INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 9900
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:07 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 1484690d-9e95-4165-bfec-029e464d2b0c
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC9900INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 44 00 00 01 2d 08 03 00 00 00 47 cf e9 66 00 00 01 56 50 4c 54 45 00 00 00 ff d1 e9 ff cd e8 ff cd e0 ff d1 ea ff d1 e9 ff d1 e9 ff d1 e8 ff d1 e9 ff d1 ea ff d1 e8 ff ce ec ff cf e8 ff d1 e8 ff d2 ea ff d1 ea ff d1 e9 ff d2 e9 ff d1 eb ff cd e8 ff d0 e6 ff d1 e7 ff cf e7 ff d1 ea ff d1 e9 ff fc e3 ff 97 c2 ff 49 96 ff 95 c0 ff fb e0 ff 8f bd ff 92 bf ff 4c 98 ff 8a b9 ff f9 de ff 8c bb ff f7 dc ff 86 b7 ff 83 b5 ff f5 d8 ff 55 9d ff f2 d6 ff 81 b4 ff 4f 9a ff 5b a0 ff 7f b2 ff 79 ae ff 71 a9 ff f0 d3 ff 7b b0 ff ee d1 ff 5f a2 ff f6 da ff 76 ae ff 74 ab ff 64 a5 ff 58 9f ff 51 9b ff ea cb ff 71 ab ff 87 b8 ff 7a b0 ff 6d a7 ff 69 a8 ff 7d b2 ff 66 a6 ff ed cf ff 6b a9 ff 6d aa ff ec ce ff 73 ad ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRD-GfVPLTEILUO[yq{_vtdXQqzmi}fkms


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        242192.168.2.749975203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC383OUTGET /im.qq.com_new/de9c920b/img/boy.c5ae9f89.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 78538
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:07 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 638e87a7-aa77-46d8-a02c-a1bb69316db7
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 97 00 00 03 a6 08 03 00 00 00 10 01 28 1e 00 00 03 00 50 4c 54 45 00 00 00 a2 94 93 cd c7 c9 5b 58 5a 63 96 89 86 72 71 dd bd aa b8 9e 9b c1 9b 88 ed c5 cc a7 cd d5 eb e7 e9 e2 da db cc b5 b2 ea e5 e7 3c 64 77 d3 c6 cc e2 df e2 dc ca cc d4 af a0 70 67 64 e1 b9 a9 a2 8a 8f aa 8f 91 ba ac b7 60 88 0d 92 6a 65 88 be c9 a6 d6 dc ae 65 58 8a bd c7 5b 53 58 35 2f 2c 88 ab 40 e7 df 6a 45 7f 7f 2d 2b 23 ee eb ee f1 ee f0 ea e6 eb f0 eb e8 ee e7 e3 ec e2 de e6 e2 e8 eb de d8 e2 dd e5 f3 b4 db d9 d4 de ea aa 9f de d9 e2 e8 b5 ab e5 c3 9b e7 de de e7 9e 95 9a d5 dc e9 a5 9b d4 ce db cf c9 d7 e8 b0 a6 ca c3 d3 e6 98 8d c4 be cf 32 2b 2c c2 e6 db e6 c7 a4 e2 be 91 5e cd d8 2b 1f 2d e2 d8 d9 e4 8f 86 da 8a 84 ec
                                                                                                                                                                                                                        Data Ascii: PNGIHDR(PLTE[XZcrq<dwpgd`jeeX[SX5/,@jE-+#2+,^+-
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: 3b 4a 70 29 2c a5 da 2e c2 44 9a 80 c1 bf d8 0a 32 44 05 38 88 07 89 46 34 ef 2c fd 4c fa b3 3a 3d 91 8b c3 06 2c d9 39 44 07 b6 79 6d cf 60 21 b0 8c a9 ec 1f a7 06 30 dc 80 66 44 c0 40 da 2f 86 5d 64 e0 9f 96 9c b2 5c b9 72 bf e6 22 68 34 95 99 cf 33 f7 9f 5c 5a 7a e3 83 e9 cf 97 96 96 3e a8 a6 82 e6 36 07 33 98 34 2f c1 56 a3 e5 58 4a 88 c9 36 a1 42 2a 12 2e 6c 17 81 a2 53 59 88 29 c7 14 88 78 a4 b9 b4 24 60 96 2c cb b9 64 d9 98 cb 16 ce 99 3d 2d 95 42 66 8c c1 40 4c 06 be a6 e2 fb b7 fc 8f 2b 63 fc 29 69 2b d9 da d3 03 09 5c b4 59 16 5f 3f 1d f9 73 7f 24 f3 cf 8c 3f ff cc cc dc bc 79 e9 f3 8f 8e 1c 39 47 58 84 0b 78 ac 06 04 85 45 72 46 cc c2 a3 49 c1 c2 99 4f 58 12 fc 02 61 9a 52 19 86 e7 16 8d 8c d1 e3 9a 37 00 06 68 fe 14 30 9a 8b 13 5c b2 f3 ec 56
                                                                                                                                                                                                                        Data Ascii: ;Jp),.D2D8F4,L:=,9Dym`!0fD@/]d\r"h43\Zz>634/VXJ6B*.lSY)x$`,d=-Bf@L+c)i+\Y_?s$?y9GXxErFIOXaR7h0\V
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: 60 aa 09 14 5c 52 b3 7c d0 f6 63 54 7b 1c 2c 22 e1 e2 76 d1 e2 2a ed aa 25 78 ac 01 ff 33 7f e1 77 f4 d8 1e 43 6d dd 36 7b 64 b9 e7 94 c1 85 16 c3 cc 07 b9 57 de 1e b5 9b 6d 2f 5a 0a 96 f3 80 b0 60 ac 6f 8a fc 9a 8f 25 41 1f 5f 00 45 4d c7 96 a6 8b 22 2f 54 0a b0 6e dc 1c bc 8f 8a 70 0c 2c cb 54 2f f5 02 d3 4a d4 52 ea 45 7f 92 13 7b 7c f4 27 42 03 cf 75 2e 29 ac 4d 9e 1c 23 b9 9c f2 f1 c5 8d 87 ca 2d da de de 35 47 e2 c6 60 4b c2 a2 7a 31 5c 56 86 2f ba a1 92 21 0c bd e5 d2 ef b3 5e 60 66 c1 65 c8 0b fb 2a 65 90 41 3f d7 79 b0 20 33 7e ac 8b aa d9 67 69 db 79 18 c5 1d 4a 08 68 59 c0 11 a5 5e 3a 8e 59 15 4f 61 1f f6 cc de e0 1d 17 ef 4c 6e 99 0b 3a ad 56 9a 95 dc fd e8 ae 0d 37 f6 b5 c8 c5 27 b5 08 16 b1 94 4a 1a 5f b4 60 59 0b 97 b2 0e 23 8a 19 93 ce bb
                                                                                                                                                                                                                        Data Ascii: `\R|cT{,"v*%x3wCm6{dWm/Z`o%A_EM"/Tnp,T/JRE{|'Bu.)M#-5G`Kz1\V/!^`fe*eA?y 3~giyJhY^:YOaLn:V7'J_`Y#
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC16384INData Raw: 82 99 09 86 09 d1 ec ec e3 f7 72 dc a5 58 ab d5 a7 56 36 96 af 39 70 00 0d 31 6d 63 65 0a 1a 1b 1b 3b 08 28 d0 47 ba 2e 86 46 bf 50 49 3d e6 41 cc 2e 72 89 d3 62 dc cd cf 04 23 b0 02 0a 2a f9 9e 8e 61 fe d5 4c 4c ca 65 68 e0 10 05 c3 50 26 60 38 ea 67 28 73 c3 a4 3b 63 84 cf 09 bb 8c 62 c0 a2 ba c4 a9 d0 2f 14 e9 ec d1 32 bd c3 23 f2 c4 31 9c 0b 5b 59 de ba e6 1a 80 11 2e 2b 24 33 25 66 b9 e5 a3 6b e6 89 a5 9e 91 8a c6 32 0d 64 f4 8b cf 57 fa b3 7b a5 1c 9b d0 22 d9 8f ee e3 87 aa e4 fd 2a 7c 42 87 a0 85 3f 35 57 8d 7b 24 a3 18 c9 fe f1 b9 31 e4 42 c3 48 42 66 59 46 cf 84 b9 32 82 e1 fe 18 f7 8b 73 d9 65 20 43 14 83 be 01 16 96 c7 df 9c 7f fe 37 e7 5f 22 7e 49 d3 3f 2d 73 e8 2e ed 22 61 4c 34 85 93 61 92 66 22 18 a0 01 97 2b 6f 7d 4c 9e 13 a3 5e c9 70 c5
                                                                                                                                                                                                                        Data Ascii: rXV69p1mce;(G.FPI=A.rb#*aLLehP&`8g(s;cb/2#1[Y.+$3%fk2dW{"*|B?5W{$1BHBfYF2se C7_"~I?-s."aL4af"+o}L^p
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC13535INData Raw: ee c4 64 2a cb c0 c4 88 f1 df 8f a2 17 f6 97 19 c5 50 cd 5f 84 cb a6 d9 a1 e2 cf cd 5e e8 12 c6 c6 d4 a5 70 f9 40 1c 13 2c a0 c2 64 4a 72 59 b7 c3 7c 42 e6 62 2c e5 40 06 32 16 ae bb 8c 5c 74 3e 86 48 46 6d 32 70 29 61 fc 94 90 05 30 fa de 0b c1 82 ad b1 d6 46 42 76 3f 0e d0 0b b8 7c a9 97 df ab 22 c6 1f 5b fd 3c 0c eb 54 20 bb a8 c5 ce 10 d9 8d 5e 1c e9 05 82 51 5c be 17 b9 ea 3c b4 94 75 27 26 d1 8b 4e 94 8d 6c c1 10 97 21 cc 8a d3 38 cc 9c f3 97 8a 63 ab fa 69 c7 5c 74 c5 af 13 32 23 b3 17 cc 05 9e fb 59 05 e3 c9 74 e0 b2 f0 b4 c5 09 1d b2 03 25 ca fb b9 40 66 e6 3c df 35 4f 7e 0f 8f c4 51 9f 1f 64 54 c5 df c1 79 17 19 cc 01 b3 17 99 ca 12 81 6c 14 c1 d8 98 bd 88 5c d8 f7 55 3a c6 7b 63 9d 17 55 91 07 b3 89 c7 f9 f2 7b fc 3a 90 85 65 60 cb 32 70 f9 48
                                                                                                                                                                                                                        Data Ascii: d*P_^p@,dJrY|Bb,@2\t>HFm2p)a0FBv?|"[<T ^Q\<u'&Nl!8ci\t2#Yt%@f<5O~QdTyl\U:{cU{:e`2pH


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        243192.168.2.749977119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-13.f040bb44.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC469INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8642
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:08 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 5ce51d65-326a-4e48-a053-56d1768c1d02
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC8642INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b7 00 00 00 b7 08 03 00 00 00 67 b0 3f ad 00 00 02 10 50 4c 54 45 00 00 00 dc ab 6d de ae 6f e5 b7 76 e3 b5 74 df b0 70 eb bb 78 e5 b8 77 de ac 6e f0 c4 7d e5 b5 75 e8 bb 78 eb bf 7c ef c1 7e e3 b0 72 e5 b5 75 f0 c1 7f e8 ad 78 f1 c4 80 e5 be 76 e6 b6 76 ea bb 79 f1 c4 80 ec bf 7b e8 ba 78 e4 b4 74 f1 c4 7f ee c1 7d eb bd 7b ea bc 7a ec be 7b e4 b5 75 ee c1 7d f0 c5 7f e5 b2 76 f1 c4 7f ef c3 7f e4 b2 74 e6 b6 75 db a9 6b e4 b2 73 f0 c3 7f e6 b5 76 e7 b7 76 ee c0 7c ea bc 7a e7 b7 77 f0 c4 7f e3 b3 74 e8 bb 79 e6 be 76 e3 ce 74 ec be 7c f1 c3 80 f3 c2 81 ed c0 7d ec c0 7d db aa 6d e2 b4 74 e1 b3 73 e0 b1 72 d5 a2 68 eb c0 7c df b0 71 d9 a7 6b e6 b9 77 dd ac 6e da a8 6c e3 b5 75 e7 ba 78 da a9 6b d6
                                                                                                                                                                                                                        Data Ascii: PNGIHDRg?PLTEmovtpxwn}ux|~ruxvvy{xt}{z{u}vtuksvv|zwtyvt|}}mtsrh|qkwnluxk


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        244192.168.2.749978129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:07 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069926627&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        245192.168.2.749979119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-14.6ebef64d.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:09 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 15463
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:09 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: e7ad3b3b-00ad-4e10-b401-8aa50e72b4d7
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC15463INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 4a 00 00 01 4a 08 03 00 00 00 4c f7 e6 37 00 00 02 f4 50 4c 54 45 00 00 00 6a aa 00 2c 89 00 30 86 00 89 c9 00 8c cc 00 90 ce 00 30 84 00 31 86 00 31 86 00 94 d1 00 2f 85 00 31 85 00 31 85 00 95 d1 00 37 8b 00 9b d6 00 8e cc 00 71 b9 00 30 86 00 86 c8 00 9d d6 00 33 87 00 8f cc 00 73 ba 00 98 d4 00 33 85 00 2f 86 00 6e b7 00 94 d1 00 31 85 00 91 cf 00 31 82 00 6d b8 00 7d c1 00 6d b6 00 80 c3 00 31 85 00 ff fe ce ff d7 45 31 85 00 5e 71 24 a0 d9 00 ff d7 47 a7 dd 00 a5 dc 00 96 d3 00 93 d1 00 a2 db 00 98 d5 00 9d d8 00 90 d1 00 9a d6 00 ff d6 47 8e cf 00 8c cd 00 ff d0 45 9b d7 00 ff fc cb e4 d2 42 c3 cd 3e ea d3 43 ff d4 46 ff cd 45 db d1 41 ff d2 45 ff cb 44 ff d4 45 f2 d4 43 93 d3 00 ff c8 44 89
                                                                                                                                                                                                                        Data Ascii: PNGIHDRJJL7PLTEj,0011/117q03s3/n11m}m1E1^q$GGEB>CFEAEDECD


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        246192.168.2.749980119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-17.ca026495.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 16911
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:08 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 412f546a-f3f3-48a4-bdce-8b36e5cba94c
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 76 00 00 01 76 08 03 00 00 00 4d 80 43 57 00 00 02 f7 50 4c 54 45 00 00 00 ff 23 43 ff 01 1a ff 00 12 ff 99 a2 ff 4d 67 ff c2 35 ff c1 00 ff 56 74 ff 08 47 ff 3b 68 ff be 00 ff c9 00 ff 00 0e ff 3c 69 ff e1 00 ff 00 12 ff 3c 69 ff 00 19 ff 00 11 ff a6 a9 ff 3d 64 ff bc 00 ff de 00 ff bf 00 ff e1 00 ff df 00 ff 0c 39 ff 00 15 ff 00 17 ff 00 0c ff e0 00 ff de 00 ff 00 12 ff ca 00 ff bf 00 ff 3a 67 ff 56 65 ff 00 38 ff 58 71 ff 01 25 ff bd 00 ff 0f 40 ff 37 60 ff c4 00 ff a1 a5 ff 4e 63 ff c1 00 ff bd 00 ff 38 60 ff e0 00 ff d1 00 ff bd 00 ff b0 b2 ff 9d a1 ff d5 00 ff 67 73 ff 00 06 ff 1e 49 ff 1e 53 ff 3c 63 ff c5 00 ff 62 6e ff df 00 ff bb 00 ff 62 6e ff a3 a6 ff 9f a4 ff 8a 90 ff 8f 93 ff 91 98 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRvvMCWPLTE#CMg5VtG;h<i<i=d9:gVe8Xq%@7`Nc8`gsIS<cbnbn
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC997INData Raw: 03 5e 4a ff 7c e2 f3 44 8a 8e d4 c5 2f 91 d3 7a 31 f1 c8 38 63 9e 89 e4 28 69 dc b3 f0 80 8f 1b c1 f7 16 33 0b 45 c7 e9 2e 98 e4 fe e3 3f f8 2f 18 ff 76 8c 0c f0 9d f8 7d 58 35 cc f1 c0 57 df 5c d9 73 71 24 de cc f7 b5 e3 c4 98 97 a6 c3 fc 74 9a ec e8 d8 cf ca fa 6e e4 87 1d 8f e5 2f e4 49 f4 d7 03 6b 4a ae 5f 59 92 cc ad e9 f8 e5 d8 06 75 b8 d3 f7 e0 2e 23 bc 0d f1 2e 1b 35 fd 67 5a 27 c0 92 f2 9a 4f 48 cb 47 98 53 f5 46 ba ee dc 7d eb a4 9b 27 c8 a3 1a ef bc 56 ff 72 4b d4 9f f9 4a c6 16 a0 33 bd 24 75 98 37 45 fd 31 f7 8e 95 b5 83 7b 21 0f 78 99 e4 31 bd 47 51 ab 58 46 8a 7e d3 4b 93 d4 1f f9 5d 45 63 6b 6b 1f fd 3d c2 3e 0e c4 71 c7 4d 63 d0 99 5e 8a 5f 5a a3 6e 7e bf 87 c2 47 a4 f1 3e d7 e8 22 8b f0 93 31 b0 9d 38 c8 61 9e 09 e6 57 ec 5d 63 d4 73 8e
                                                                                                                                                                                                                        Data Ascii: ^J|D/z18c(i3E.?/v}X5W\sq$tn/IkJ_Yu.#.5gZ'OHGSF}'VrKJ3$u7E1{!x1GQXF~K]Eckk=>qMc^_Zn~G>"18aW]cs


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        247192.168.2.749982203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-1.31d4bb78.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 13803
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:08 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 02a1dfee-bd9c-4143-a311-73b9946bd7e5
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC13803INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 6a 00 00 01 6a 08 03 00 00 00 04 06 e0 d1 00 00 01 ce 50 4c 54 45 00 00 00 ff c3 00 ff bf 00 ff c1 00 ff c5 07 ff d4 0b ff cb 04 ff ab 00 ff ab 00 ff ce 01 ff bc 00 ff cd 00 ff af 00 ff ad 00 ff be 00 ff b8 00 ff b5 00 ff b0 00 ff b1 00 ff bb 00 ff c7 00 ff b2 00 ff b0 00 ff cd 28 ff c2 00 ff c1 00 ff cb 00 ff d5 14 ff d1 03 ff d4 18 ff d3 03 ff ca 00 ff b0 00 ff d4 0d ff c0 00 ff b4 00 ff d4 13 ff cd 00 ff ad 00 ff d4 16 ff ce 00 ff c4 00 ff ce 00 ff af 00 ff d3 11 ff bf 00 ff bd 00 ff ae 00 ff bc 00 ff bb 00 ff d2 10 ff bb 00 ff b7 00 ff b4 00 ff b2 00 ff c5 00 ff c6 00 ff ad 00 ff d0 00 ff d4 13 ff b3 00 ff d4 17 ff bc 00 ff ae 00 ff d1 00 ff d0 01 ff bf 00 ff cf 00 ff b9 00 ff cb 00 ff d1 18 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRjjPLTE(


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        248192.168.2.749984119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-18.49af16e6.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 12985
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:08 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 7b2d20cf-36da-44e0-9313-e3d360b8e3b2
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC12985INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 01 18 08 03 00 00 00 b0 50 19 be 00 00 02 fa 50 4c 54 45 00 00 00 ff 80 00 ff 78 00 ff a8 00 ff ab 00 ff a8 00 ff a8 00 ff 73 00 ff aa 00 ff a8 00 ff a6 00 ff a5 00 ff ab 00 ff a9 00 ff a7 00 ff ac 00 ff a5 00 ff 9e 00 ff ac 00 ff 9f 00 ff a7 00 ff a0 00 ff ac 00 ff a1 00 ff a5 00 ff 9e 00 ff aa 00 ff a3 00 ff a8 00 ff a1 00 ff 94 00 ff 8a 00 ff 98 00 ff a6 00 ff 86 00 ff 8e 00 ff 9a 00 ff 96 00 ff 8c 00 ff 9e 00 ff 91 00 ff a0 00 ff 84 00 ff a4 00 ff a2 00 ff ce 5e ff a9 00 ff 80 00 ff ce 61 ff 82 00 ff d3 43 ff ac 00 ff 7c 00 ff d4 40 ff 9c 00 ff d3 47 ff 78 00 ff d3 45 ff d1 48 ff 7a 00 ff cf 5a ff cf 48 9e 47 00 ff cf 5d 9b 45 00 9a 44 00 ff cd 58 ff cc 55 ff 75 00 ff cf 57 e7 3f 0e ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRPPLTExs^aC|@GxEHzZHG]EDXUuW?


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        249192.168.2.749976203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-4.a0581c94.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10534
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:07 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: e62c0097-d873-477a-805f-e391da724697
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC10534INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 df 00 00 00 ce 08 03 00 00 00 89 ad 27 20 00 00 03 00 50 4c 54 45 00 00 00 f0 ef ed eb e8 e6 f2 f1 f0 e9 e8 e8 ee ed eb dc d8 d5 eb e9 e8 d7 d3 d0 e4 e4 e3 dc d6 ce e7 e4 e3 a8 a5 a2 d0 ce cc c4 c2 c0 cc ca c8 ee ee ee d1 cd ca c1 be bc bc ba b8 b4 b2 af d3 ce ca cc ba b0 cb c7 c4 b9 b6 b4 ef ef ee ad a9 a6 9b 9a 99 d4 d2 d0 b1 ae ab c5 c1 bd e1 df dc ad a9 a4 cd c8 c4 c8 c6 c4 dd db d9 a5 a3 a1 9f 9f 9f a9 a5 a0 9e 9d 9c ac ab a9 c0 ba b5 a9 a9 a9 b3 cc e8 d8 d4 d1 b1 b1 b0 bf bb b7 c9 c8 c7 b9 b5 b1 b9 b8 b7 d3 d1 cf c7 c2 bd a3 a2 a2 de de de c4 bd b5 b0 ac a8 b3 ae a9 c4 d2 e3 b8 b3 ae be be be 25 8d ff f3 f2 f1 c0 bf be f5 f4 f4 fa fa fa c7 c6 c5 de 33 3c b5 b5 b5 f2 f0 ee d3 cd c4 69 c5 ff e3
                                                                                                                                                                                                                        Data Ascii: PNGIHDR' PLTE%3<i


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        250192.168.2.749981203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC384OUTGET /im.qq.com_new/de9c920b/img/girl.031060e3.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 94725
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:07 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b708dca2-f8ae-4fb0-b9ec-ef8e85ec416e
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC15851INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 b0 00 00 03 a6 08 03 00 00 00 24 62 56 b6 00 00 03 00 50 4c 54 45 00 00 00 c0 c2 d6 5e 60 81 bc bf d5 56 5c 7d 86 8e b3 46 4a 6c a5 af ce de e0 ec f1 f4 fa f0 f0 f5 b3 c0 dc f2 f0 f4 ea ec f2 f0 f0 f5 81 8b b1 50 38 44 61 67 8b a1 a8 c9 43 42 61 f2 f4 f8 b3 bf dc 56 55 77 65 6a 91 9c a1 c1 8f 93 ba b2 c2 e0 b1 c0 de c0 d0 e8 e2 e7 f2 81 84 9a 3c 3e 63 4e 8e bf e9 a2 a6 34 32 50 cf 83 82 e0 e4 ee e3 e8 f1 dd e1 e9 e8 ec f4 d9 de ec da dd e5 c0 ca e4 b1 c5 e6 c3 cd e7 d6 db eb d7 d9 e1 d3 d5 df b6 c1 e0 bc c6 df b1 bb de bd c9 e7 b9 c5 e4 b6 c1 da d1 d3 db b6 ca e9 ce cf da cb cb d7 c9 d3 e9 d6 da e6 a3 a8 cc ab b6 dc ab c1 e4 b1 bb d6 a8 ac cf aa b2 d2 d1 d6 e7 f0 f0 f5 ad b7 d3 e3 e4 e9 7e 89 b5 c6
                                                                                                                                                                                                                        Data Ascii: PNGIHDR$bVPLTE^`V\}FJlP8DagCBaVUwej<>cN42P~
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: b1 10 9b 78 b1 45 59 f5 e0 b5 83 0e 64 8e bc f6 62 03 d8 3d b5 8e 55 b4 ba 4b 16 11 ac d2 ad 78 a9 d7 cb 0b af 1c 5f bb 6c 71 0f 76 9c 17 3c e3 4a 53 7a 95 82 15 b0 2f 0d ac 65 b9 61 b3 36 af cd 8a d8 04 2f 0f b6 83 7a d5 b1 e0 b7 8e 0d f7 88 5b cc 05 8c 92 55 b3 78 0b 57 f1 aa 60 a7 07 ba 04 4b b1 be 60 f3 09 4f fe e0 f5 1d 0b b6 b3 00 6b 3b b8 2d ab c0 4e dc 50 e0 e6 d8 04 29 ab 41 87 60 1b 5d 9f 03 cf 28 d6 91 3d 0e b1 c7 d8 b1 22 36 7a 08 a2 cc b3 e4 aa 1d 2b a1 d7 cb ce ab 8c 03 5d 06 56 83 d7 a2 e6 b5 a2 57 01 3b b2 47 72 58 02 58 48 1d 0e 87 72 de 95 b8 dd 04 e9 c3 24 c1 6b 84 65 25 82 95 8a 75 d3 e6 b7 b9 94 ac 27 ab 62 95 ac 3b f8 8a 1b 56 b8 22 97 e1 35 8c 03 02 96 71 5e ab bc 9c 70 80 1d 23 1c 08 6a 60 77 18 58 4b 0c 36 73 ef b7 09 87 82 b5 d6
                                                                                                                                                                                                                        Data Ascii: xEYdb=UKx_lqv<JSz/ea6/z[UxW`K`Ok;-NP)A`](="6z+]VW;GrXXHr$ke%u'b;V"5q^p#j`wXK6s
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: 0f 8e a6 b1 0d 38 99 a0 c9 61 0b da 60 a7 5a 80 a5 c1 0a b1 f8 e2 18 93 4d 18 c5 79 2a 3c 0d c1 63 f9 3b 4c ad c2 62 c9 ab 64 02 3f 52 6c 9f 0f c4 6a 58 f5 8e 70 a0 8b 1d b6 69 94 b2 ca f1 74 a5 98 28 28 7b 0d e7 58 a0 78 ea a9 29 24 bb 08 d9 cd e5 de 16 58 35 b1 0a d8 bb 3b 05 7e 90 68 32 aa fa d0 61 ce a2 72 e8 2a 3e 17 85 59 af 7a 53 b8 f5 6a 4b ba 41 d6 5c 9f 19 11 d6 4a 94 31 d5 a5 13 fe 4a 60 ed 46 a8 90 5d 32 16 7b 8f c7 83 fd 6b 0f 78 05 b0 d1 4c 09 16 5b b6 cb 81 60 a1 66 fe 4e 30 b4 30 18 3c be a5 7d ed ae c7 46 76 3d 4a 62 11 03 b2 b6 e0 ba 0c 54 33 54 8c b2 f2 04 16 c4 a2 f1 e3 f8 23 da 3a e2 c8 91 c5 de f1 dc c0 d0 d0 83 0f 8e ec 19 98 9d 64 8b 86 50 4b 31 ba 52 31 de 09 b2 00 cb ae 17 f0 4a 11 58 87 58 03 6c b6 ea b8 ac e3 b4 70 48 4e 95 28
                                                                                                                                                                                                                        Data Ascii: 8a`ZMy*<c;Lbd?RljXpit(({Xx)$X5;~h2ar*>YzSjKA\J1J`F]2{kxL[`fN00<}Fv=JbT3T#:dPK1R1JXXlpHN(
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: 5c c9 60 d9 5c b9 7d e2 0c d8 5f 5f fd a1 07 7b c9 10 b2 e7 01 bb ec ce 08 cb ca 66 2d e3 b0 f8 60 11 2e 27 94 a5 5e fb f7 dd d1 2d ac 09 a7 80 45 26 58 5d dd 0c 3d 29 86 a3 4c 20 2e dc 4b 32 41 7c a5 0d 36 7d 16 0a b4 95 9a f9 5a 00 16 47 ca 0c 19 40 ad 06 3b 00 5a 55 fb c4 df 4d c0 76 03 58 42 96 79 e5 3a ac 1a 39 70 c7 c9 61 e9 9d b0 66 95 7a ec 50 94 7a ad a9 da 96 01 16 99 e0 14 99 c0 15 96 ff 32 d5 09 7c 5b 62 ec e0 97 e4 dd ae 98 8a 12 ec 3d 29 25 63 ae fa 30 d2 2d 40 d6 6c ce a5 70 85 b4 bd a2 55 3b ac 01 b6 25 12 f4 45 0e 6b b3 c3 f6 b5 38 6c 0f 7a 5d 4e a9 c7 7a 7e bd b6 3e c2 c4 32 b0 b3 47 cb 98 00 e3 72 26 d8 a0 3a c1 8d 17 ef ee 25 a5 d8 98 ea 06 00 1b 55 61 b5 a1 1a 54 5b 70 4d eb d6 c8 5f f9 86 d3 88 9b 07 0c b0 83 1f 23 12 b0 5a 80 c5 50
                                                                                                                                                                                                                        Data Ascii: \`\}__{f-`.'^-E&X]=)L .K2A|6}ZG@;ZUMvXBy:9pafzPz2|[b=)%c0-@lpU;%Ek8lz]Nz~>2Gr&:%UaT[pM_#ZP
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: 55 76 60 dd c2 ee ef cb c0 2e 38 82 35 20 7b 27 c3 ab cd 1b e6 0a 0b 03 db 05 ae e0 15 e5 e2 2a f7 5b b2 18 16 0a 5b 6d 26 e3 8f 04 6c d2 d8 21 aa 02 b6 25 60 b5 ad 65 cc 12 d8 b4 77 96 fc 29 60 e1 09 a4 b0 4f 5c 61 b1 92 83 9a a4 47 1b f9 ca d6 0d ab b7 33 8e e0 bf 2c ac 8e 1f 06 62 57 cd c2 42 07 21 af 00 76 9a 38 b0 a6 af 77 78 ac d6 89 b5 54 4b c0 36 da 04 96 c8 d6 e3 6c 16 83 59 a6 5a e6 61 cb 9c 1b 50 61 c7 1b 38 21 93 8e aa 8d cd a6 f7 5c 71 bd 70 1e 6c 0d 70 6c f6 2c b9 3c 3e 3e 26 b0 df 86 ae 0b 25 60 cf 3e a3 5f 49 93 6e 29 f7 04 37 aa 28 b0 ba f4 b0 78 75 81 8d 8e 20 3a d8 c0 a0 04 b6 0d 0b 9b 02 d7 cf a6 fd fe 91 87 5a e6 09 ec 1c b8 a7 b0 44 56 cb 85 0d df 24 20 b4 24 36 58 02 73 04 36 1d 5b 95 25 68 f6 c7 6b 00 76 32 ea c2 12 b4 b2 c4 fa a0
                                                                                                                                                                                                                        Data Ascii: Uv`.85 {'*[[m&l!%`ew)`O\aG3,bWB!v8wxTK6lYZaPa8!\qplpl,<>>&%`>_In)7(xu :ZDV$ $6Xs6[%hkv2
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC13338INData Raw: 96 d4 8a d8 90 b1 15 4e 96 01 96 96 00 9e 00 c0 fa 6e 72 3c 07 76 88 27 f8 6c 30 b1 65 bb 8a f2 23 17 2f f2 6a bd 90 90 d8 76 a4 ab 67 4b 97 8e 8e 5d 07 a1 c9 65 9a 82 a7 24 86 5a 21 2b 5e f1 2a 3d b1 d9 e8 c6 40 81 d0 d2 d6 f6 7a 8b c1 2c bb 96 5c 73 05 36 cf 08 1f 2b 65 bb 33 6e c1 d6 b8 1b ee bc ea 96 93 b7 80 5e a4 07 1e 39 a9 b3 3e 8e 69 30 04 ae 67 9d 2f 9c 97 cd aa 06 f4 05 af a2 7f 5b 16 56 03 5d 79 92 c0 b2 b0 56 96 c8 e2 29 1a 79 4f 60 17 1c 2c 01 b8 61 73 21 e5 05 ea 88 b5 08 9b b9 01 be c3 c2 ae 4b 5b 11 b2 1f 06 ac 59 02 f3 04 83 32 4f 90 4f 79 5b 8e c0 1c 2c 90 65 ce 2d 46 a2 e0 85 76 59 21 76 34 3d 7b 30 9a 5a 5e b8 97 e5 ae 7c 33 8f 62 ac 99 83 fc 05 b1 66 73 b9 d6 e5 3c 1f 22 2b 38 15 3c 8b 14 b6 67 58 90 b5 31 03 2a eb a0 c5 4a d8 1b ae
                                                                                                                                                                                                                        Data Ascii: Nnr<v'l0e#/jvgK]e$Z!+^*=@z,\s6+e3n^9>i0g/[V]yV)yO`,as!K[Y2OOy[,e-FvY!v4={0Z^|3bfs<"+8<gX1*J


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        251192.168.2.749983203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC391OUTGET /im.qq.com_new/de9c920b/img/preview-all.ad0b1649.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC627INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:08 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 458472
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:07 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 7162e1b428a9ac84116a98f08de7bc80
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ba4bb702-6c9e-45af-bd3d-3c34727c0f1b
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC15757INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 19 0a 00 00 04 10 08 03 00 00 00 39 55 c0 2f 00 00 03 00 50 4c 54 45 00 00 00 e7 e2 e2 68 66 5b 0e 08 09 0e 0e 0e ce c7 c7 12 12 12 a8 a7 aa 9c 95 98 bb b5 b4 3f 38 3f 9b 76 9c 14 11 12 90 8f 91 0e 0c 0d 85 7d 80 7f 34 1b 70 68 6f 99 8f 92 7c 6c a4 69 72 58 8d 61 51 71 d1 31 c4 b7 b7 59 4d 3f 4c 47 48 9d 8d 98 cb c4 c7 aa a4 ae 5e 56 5f d1 7c 3c 92 90 9a 95 89 92 62 59 5a 98 37 1f cb c0 c1 ca b2 9e df d8 de 16 78 06 aa 97 b0 87 76 7f 72 3e 30 4d 36 2b db d0 d9 8b 7c 78 a1 55 35 bc 6f 39 73 9e c6 93 8c 8c 41 83 16 b2 55 48 a7 98 a7 4e b1 23 bd b7 ba 99 dd db 6e 3d 33 8b de 45 bb 72 43 a5 87 78 f8 f7 f6 e5 e0 e0 95 42 1d d3 bb 95 7c d2 b7 2e 85 1a e2 dc de 2d 87 17 b1 91 6c ff fd fd 6f c4 40 5c c0 a0 54
                                                                                                                                                                                                                        Data Ascii: PNGIHDR9U/PLTEhf[?8?v}4pho|lirXaQq1YM?LGH^V_|<bYZ7xvr>0M6+|xU5o9sAUHN#n=3ErCxB|.-lo@\T
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: 34 c8 7e 9c b7 5b 99 9f c6 41 20 cf da 3d 8b 2a c8 1f 26 77 22 75 d6 7b ad 5a 6a ac ba ea df a1 42 92 8c fe 8f 24 43 d3 e1 c1 04 7d 4d c8 c7 3e e0 f3 3e 5d fc 62 43 ab 8a 6f b4 fd a0 c3 62 d3 18 3d 40 6e ef c8 83 dc 3a d5 1b 40 2c c4 48 85 10 da 84 68 e7 82 7f 4c 60 91 2c 7f 7d 93 5d 08 53 55 01 dc 95 1a 84 36 e2 06 89 10 b9 e3 81 a8 88 dc 4c 0b 62 fa 90 d3 ae be 0e 3d d7 05 18 f4 83 be c0 4d 85 04 61 51 e6 22 91 f6 16 bb f0 1c 5a b8 d2 a6 c1 21 cf 78 19 66 3a 11 8e d4 df 9a a0 4d 08 4a 60 8e b1 36 d6 5d 5d d3 41 1a 45 81 ad eb 39 b0 97 af c4 f8 79 4c f0 47 a7 86 af d6 12 75 55 7a 03 d4 da d9 1f ea 8b 33 5c 01 69 75 2c e9 41 a4 b2 d8 21 0a 19 42 8b 64 69 17 d2 78 e4 ee 42 bc 2d b2 1e 72 23 e8 aa 64 41 90 0a 91 06 44 a2 7b a9 9f 98 2e 44 db 10 c9 05 a5 42
                                                                                                                                                                                                                        Data Ascii: 4~[A =*&w"u{ZjB$C}M>>]bCob=@n:@,HhL`,}]SU6Lb=MaQ"Z!xf:MJ`6]]AE9yLGuUz3\iu,A!BdixB-r#dAD{.DB
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: 5a 0e 44 b6 fa e2 ee eb e7 97 59 83 58 d7 26 d9 ca 3a 9a 12 99 98 97 fe 4f 61 b2 ac e6 7b 90 3a 8d 5a 8d bf 4f 5f 7d f9 ec d9 b3 cf e7 b9 40 16 4f 53 21 a5 f5 f8 da 0a 00 00 00 80 7f 4a 79 66 8c 45 48 2f ab b1 ca 82 1a 83 c2 23 24 43 5c 5f 91 39 7b 36 ec c5 d9 9f 6a 63 6d d9 ca 22 24 58 49 0a 85 5d e4 42 ae 5f 27 17 42 22 84 e1 ed fe fd 08 86 00 b0 6c 19 52 1f a9 2f bc 00 00 f0 27 65 48 fd e7 44 c8 df 13 21 a6 42 34 15 e2 ff 58 57 35 07 62 88 eb 88 d4 81 e8 a4 97 a1 4b 85 d0 be 3c 29 2a 3b 74 ea 25 5c 22 ab 16 c6 69 33 e6 a3 26 4a ac 44 96 8b 85 f8 26 e4 85 a6 42 5a a5 2e c5 42 b4 40 96 35 0b b1 06 ea ce 85 ec a9 94 37 2c 95 28 17 72 a7 b4 36 00 00 8c 19 47 47 ed be b0 d2 48 39 09 42 0a 42 45 88 2d a3 3a ac 4b 88 6c b2 58 df 13 13 92 34 e9 58 d2 ee de 60
                                                                                                                                                                                                                        Data Ascii: ZDYX&:Oa{:ZO_}@OS!JyfEH/#$C\_9{6jcm"$XI]B_'B"lR/'eHD!B4XW5bK<)*;t%\"i3&JD&BZ.B@57,(r6GGH9BBE-:KlX4X`
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: b4 0b 31 26 84 c8 b4 85 20 16 02 00 00 00 80 c1 61 ab 10 67 7b b5 6a 54 88 7c 97 c6 e8 2f e6 5c 4f b9 90 52 78 9b 61 13 32 bb f9 da b5 6b b7 1e 3d ba b6 99 98 7d 5d 4b b9 0b e4 b2 c7 b9 90 0b 06 6d 42 4c 2a e4 5e fc ad 39 d3 6e b7 49 85 5c ba 74 85 91 f9 58 cd 9b 37 5c 97 54 08 b9 10 b6 21 b4 09 b6 0a a9 b0 0a 99 e8 53 21 1e ab 10 61 52 ea 42 48 85 e4 37 38 a4 42 a8 2c 64 05 00 00 0c 94 55 07 cb 61 a3 d9 cc 97 25 14 e2 b1 45 ee ef 0a 31 8a 99 8f 29 41 c7 50 94 4e 4e 8f e9 a5 b5 08 1f c9 71 b6 29 84 ae f8 4d 55 9f 37 b6 c4 c0 e7 2d 09 a3 5d 48 45 b8 4f 22 c4 e7 11 59 9e cb 78 74 5f 5f 2a 84 b8 ae c8 e3 f7 78 00 00 00 00 18 6e 46 f6 b2 0a c9 56 a6 ab 2b ed 42 14 2a 14 02 15 f2 c7 38 e2 42 b2 32 e4 89 09 86 b0 0a 19 c5 7f 26 00 00 00 00 06 c7 ee 46 43 ab 90
                                                                                                                                                                                                                        Data Ascii: 1& ag{jT|/\ORxa2k=}]KmBL*^9nI\tX7\T!S!aRBH78B,dUa%E1)APNNq)MU7-]HEO"Yxt__*xnFV+B*8B2&FC
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: 90 0b 41 8f c9 34 c6 fb c1 a6 42 26 36 0b f1 5c 88 e3 38 ce c1 a9 3d 97 c6 5a 1f 8b b6 10 a4 42 32 8d 85 e0 a3 10 e7 59 89 f6 1c 9d 32 c9 b2 ec da b5 6b 1b dc c6 d7 9e d0 d9 82 b3 4a 43 76 4d 4e 84 f4 7a 5b 5b 57 af 7e ff 6b 9f be 40 73 21 50 1d 38 84 0a 21 07 de 8d b4 9a 7e 83 a0 8f 64 41 5a 69 9e 66 f2 43 da 83 2c c9 24 2a 98 20 16 32 82 0d c8 ed ce 6d 51 21 08 0e fa c3 3d c7 71 0e d7 38 fd b1 3c 8a 23 30 cc 83 60 ea a6 44 ac 3d b0 0a 7a 60 f7 d5 28 21 e9 90 74 11 0a 21 ba fc 3d 79 17 8e 45 6a 69 c5 59 4e 2a 64 53 25 46 73 2d cf af d1 58 93 be 20 96 bb 7b 47 16 e1 b4 0e 6c cd a6 e4 49 ae b3 48 c1 b1 82 43 ce e2 81 ad 01 4c 08 97 c7 6a a1 f5 9e a2 47 27 1f f6 5f 09 1d c7 71 1c c7 99 51 8e 3d ad 1e 04 db fc 0f 12 08 51 13 32 39 12 32 41 7f 2c d0 98 6c 43
                                                                                                                                                                                                                        Data Ascii: A4B&6\8=ZB2Y2kJCvMNz[[W~k@s!P8!~dAZifC,$* 2mQ!=q8<#0`D=z`(!t!=yEjiYN*dS%Fs-X {GlIHCLjG'_qQ=Q292A,lC
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: d9 cf 65 49 ae 7f f2 78 fd 68 4b 8b d1 21 1a 0f 51 94 cd c2 7b 75 a9 11 3d 3e 92 9d 3b 93 88 2a 84 2e c4 dc c2 73 0a a4 f6 80 b9 a6 6f ba df eb 3b 15 22 a9 10 6c 8e c0 3c a1 70 52 ca 70 f1 27 60 87 29 cc 22 0f d2 cf 81 63 e0 63 e0 d5 56 ae f7 32 ec 74 2e 04 12 85 77 11 2b 74 1e d5 fb 78 89 1d c3 90 21 a2 42 b4 44 96 a2 6c 12 ac 11 8c cf 7e fd cf fa 4e 64 76 f7 10 5e a4 fc a2 d4 c6 f2 05 97 a0 16 e4 4a 16 45 31 92 21 a6 ab c7 5f b0 14 a6 3a 16 1e a2 3a 96 88 91 99 71 28 8c 81 49 14 c9 6a 80 03 49 73 9e 12 04 13 bb 2b f5 94 1f 80 bb c9 b1 b1 01 53 28 ab 74 65 71 11 2a a4 12 47 78 85 21 6e 63 a5 4a 59 6a 63 25 bc 4e 3a 10 0c b1 8f 46 98 0a a9 68 df 74 45 51 14 45 51 1e 41 bc e6 97 5f 87 3b f8 1a 6d c6 5f 48 d3 dd fd d3 72 77 37 ef f5 a7 cb 66 79 77 39 9a da
                                                                                                                                                                                                                        Data Ascii: eIxhK!Q{u=>;*.so;"l<pRp'`)"ccV2t.w+tx!BDl~Ndv^JE1!_::q(IjIs+S(teq*Gx!ncJYjc%N:FhtEQEQA_;m_Hrw7fyw9
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: 71 33 f8 73 73 ec 1a a7 53 85 20 16 d2 95 d5 7c b3 10 b5 0a e9 e7 73 3e e3 f0 f4 4b 85 00 a7 42 a6 a6 ea 5e 85 68 24 dc 0e 0e 56 ab 85 0a c1 81 a1 11 57 4a ab 0b a8 5b c8 48 97 c5 42 0c c3 30 0c c3 38 44 1c 79 2e 42 21 27 32 14 82 54 88 8a 63 89 d5 ad fd 47 48 a8 42 b6 f0 1e 5b a9 90 d6 5e 21 7a 84 a8 55 c8 86 a6 e9 1b fb a5 8b e0 f9 95 3f cb 84 78 15 02 a6 97 78 82 32 84 ed d3 4b 1f b9 40 08 66 09 03 7f a5 3f 4c 4e fe f4 d3 81 af 31 30 79 84 0b 71 2a a4 55 67 70 af 15 87 e0 94 b8 d0 9b 10 a6 42 fc 17 f2 a8 03 26 2f 9a de 42 84 70 bc 83 44 08 71 ef e1 4c 88 54 c8 ec 5b 9f c2 56 c1 84 f8 da 58 45 28 a4 2d 4c 08 9b 85 1c 2c 15 72 8e a9 10 e3 df aa 10 3e bc f1 08 8f 42 67 8a a2 c7 6a e2 c1 54 08 b7 ae 00 fc ab b3 50 21 41 2c e4 c7 cf 50 01 3e 92 05 b9 49 ad
                                                                                                                                                                                                                        Data Ascii: q3ssS |s>KB^h$VWJ[HB08Dy.B!'2TcGHB[^!zU?xx2K@f?LN10yq*UgpB&/BpDqLT[VXE(-L,r>BgjTP!A,P>I
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: 40 96 6f 42 e2 e2 e0 00 94 44 a1 bf d0 df 5f 62 2c ae 28 50 25 b0 88 7d 92 c7 cd c8 81 8f 2d e6 f1 46 c9 b0 06 98 2b a5 89 6c 1b 1b 89 47 f8 e9 f4 ce 7b f5 95 b9 91 81 b7 a8 42 26 27 df 42 2e c4 53 21 1e d7 d9 0f 25 54 1f 54 21 b7 e0 c0 d7 d0 6b e1 2d be 2b 1b 5f 2d 17 c2 54 08 a4 4e 72 4a db 74 0b c9 68 71 53 97 6e 09 36 24 10 08 04 02 81 6d 4e e6 b4 89 89 4e 05 3e 90 ef c0 e1 aa 5f 19 13 b2 42 ee 13 32 04 be 10 91 25 81 08 e1 c7 53 82 98 43 4a 05 1b fe d0 9e 35 b2 6c 36 e2 26 e0 69 0f 0d 6f 4b 74 d6 92 6a 0d a9 90 c3 ac 02 71 ac 73 21 54 21 0d 46 dd d7 d9 68 2a 64 45 15 b2 bc 54 08 5d 08 db c0 3f f4 cf 63 21 2d 99 10 9d 5c 2c c4 0f 85 bc 77 fb 3a 17 32 d1 69 52 21 c3 fd 56 85 b4 6b ab 10 a5 42 5c 7d ac 8b 2f 6c a7 df ed 09 6c 1f 76 77 2a 84 1b d1 e5 ed
                                                                                                                                                                                                                        Data Ascii: @oBD_b,(P%}-F+lG{B&'B.S!%TT!k-+_-TNrJthqSn6$mNN>_B2%SCJ5l6&ioKtjqs!T!Fh*dET]?c!-\,w:2iR!VkB\}/llvw*
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: f3 6a 3c 43 c5 b2 d4 19 44 b1 10 d6 c7 c2 5f 03 ff 10 3a 7d 48 9f 6c 7a 0d c4 42 76 1b b1 1c c4 1e d8 49 8b 9d c2 ad bf 1f 43 22 91 48 24 12 89 ac 21 26 64 42 34 b1 7c 7a cc bb 63 05 b2 02 cc 88 20 17 12 a0 07 10 21 4a 85 04 05 b2 2c 16 f2 10 46 ed 42 8c 15 d1 8d 71 37 12 62 96 64 e5 ed 4f 01 56 bb 18 1a 90 f0 c2 ca 54 c8 7b 68 17 f2 d7 54 88 b7 21 f7 50 85 30 16 42 15 f2 97 5d c8 8d de 85 cc 5b e7 74 7e 65 07 c1 84 54 dd 81 eb 90 ce 03 b8 48 c8 ad ce 84 74 b3 2c ab a6 f9 19 9c a7 f1 11 9c ce 24 e8 1c 76 54 ac 90 15 d9 d1 f1 2a 24 4d 5a e3 2a c4 d0 8d 54 3e c4 ff 80 97 16 88 85 24 aa 16 30 7c e8 7d 17 0b 71 2a 64 6a a4 1e b2 fd ca 2a 29 32 aa 10 7b 41 2b 44 4f f8 e2 5e 85 6c bc 12 22 64 b0 85 12 a3 bd 0c 20 32 8a 16 ee a6 f6 d3 62 4b 83 28 17 42 15 02 eb
                                                                                                                                                                                                                        Data Ascii: j<CD_:}HlzBvIC"H$!&dB4|zc !J,FBq7bdOVT{hT!P0B][t~eTHt,$vT*$MZ*T>$0|}q*dj*)2{A+DO^l"d 2bK(B
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC16384INData Raw: 36 16 1b c7 2c 76 77 89 ac 23 7c 28 64 4c f2 23 90 22 66 45 08 03 1b 16 0b 91 04 61 12 a4 d5 46 5d 2f f0 fe 75 56 37 2b 48 86 10 ee 74 b6 70 88 b6 3a 0b 59 99 ab 2d 97 12 c4 41 38 f8 2b ba 3d fe a4 77 a4 3b d9 b6 83 61 09 d7 2b a4 3a 0e 15 52 ad 32 b5 31 3f 31 0d 60 1c e6 83 46 21 9c 66 43 4c 84 e0 90 08 b1 40 08 12 21 9c 8b 8b b3 07 61 42 5e dc be 7d 3b 5d 08 ce 87 96 50 22 6b 7e a4 d5 a0 89 26 c4 63 3b e3 86 f6 1a 86 fc 8a 64 74 24 9f 9f 9f e7 af aa 58 44 e4 e4 e0 12 60 2c 84 7a 23 4c 85 58 e4 c3 0f eb 16 92 16 a0 9a 28 59 b8 2a 95 9a a2 bd 78 0f 07 5a cd 42 4e 6c 14 29 2e 76 44 6d 1a 89 6c 98 53 2f bf c5 2a 64 79 17 82 61 58 26 24 28 90 d5 11 0b c1 a6 23 15 82 eb cd 8f 85 9c 38 36 94 64 93 b7 19 67 29 fc 70 e4 89 f8 ed d3 df 9a 74 71 09 7d 48 a3 0a 01
                                                                                                                                                                                                                        Data Ascii: 6,vw#|(dL#"fEaF]/uV7+Htp:Y-A8+=w;a+:R21?1`F!fCL@!aB^};]P"k~&c;dt$XD`,z#LX(Y*xZBNl).vDmlS/*dyaX&$(#86dg)ptq}H


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        252192.168.2.749985119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:08 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-22.77473c1b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:09 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 11002
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:09 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:32 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 901aef6d-4a0a-421e-a457-0a29f7dda9ff
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC11002INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6c 00 00 00 6c 08 06 00 00 00 8f 66 57 cd 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRllfWpHYseiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        253192.168.2.749986119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-23.132fbdba.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:09 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10656
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:09 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: cf465a09-4b75-4889-ba25-5941b1372fc9
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC10656INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 39 00 00 01 39 08 03 00 00 00 dc 3f a7 c3 00 00 03 00 50 4c 54 45 00 00 00 ba f1 f7 8f e5 f9 ba f1 f5 bb f1 f5 9f e9 f7 af ee f6 95 e7 f8 ab e8 fe 97 e8 fa a9 ec f6 ae ee f5 a9 ed f9 b5 ee f6 8f e6 f8 a2 ea f6 bb f1 f7 af ec f6 9e e9 f6 90 e6 f9 ba f1 f6 b8 f1 f5 96 e7 f7 8f e7 f9 9a e8 f6 bb f1 f7 8f e7 f9 ba f1 f5 8f e7 f7 b8 f1 f5 94 e7 f8 bc ee f5 97 e8 f8 92 e6 f8 ba f1 f6 c1 d8 76 c1 d6 76 73 db e7 98 e8 f7 95 e7 f7 84 da e3 b4 d3 77 c2 d4 77 b9 d4 77 c4 c9 79 c3 ce 77 45 7c 83 92 e6 f9 b2 d2 77 ba d5 77 56 cb d7 ad d0 78 72 c9 b6 9c e9 f8 e2 f9 fd c5 c7 78 c2 d1 77 c4 ca 78 af ee f8 de f8 fc af d2 78 dc f8 fc ab cf 78 b7 d3 77 8d e5 f9 67 d0 dd a5 eb f8 ab ed f8 bf d5 76 ae d0 78 a1 ea f8 bc
                                                                                                                                                                                                                        Data Ascii: PNGIHDR99?PLTEvvswwwywE|wwVxrxwxxxwgvx


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        254192.168.2.749987119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-26.3e460242.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC469INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:09 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8768
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:09 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 3bdc94eb-9c29-49a8-9b17-3e2429b60e34
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC8768INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 ae 08 03 00 00 00 44 2b b2 eb 00 00 02 f7 50 4c 54 45 00 00 00 c5 d0 fc c5 d0 fc d1 d8 f8 c3 ce fa c3 ce fb cc d6 fe bc c8 fa c9 d3 fd bf d6 fe bf ca f9 bc c9 f9 d3 dd fe bc c8 f9 bc c7 f8 cd d7 fe ca d4 fd ba c8 fa cd d7 ff bc c8 fa bb c9 f9 cd d9 fe ce d8 fe d3 db fe bc c8 f8 ca d3 fd c2 cb fa ca d4 fd ba c7 fa c9 c9 f4 d4 de ff c8 d3 fd d3 dd fd bc c9 f7 d3 de fe d4 dc fd 00 b0 ff 00 af ff 2a b4 ff 00 b0 ff 00 af ff 00 b4 ff ff d4 00 dc e6 ff ff cf 00 dd e8 ff ff d8 00 ff c7 00 e0 e8 ff ff cb 00 ff c3 00 da e4 ff ff bf 00 d6 e0 ff d9 e3 ff ff bb 00 ff af 00 00 d1 ff 00 cd ff 00 c9 ff 00 c5 ff ff b2 00 d5 df ff ff 9f 00 ff b5 00 00 c1 ff ff a5 00 cd d7 fd ff aa 00 d2 dd fe ff 98 00 00
                                                                                                                                                                                                                        Data Ascii: PNGIHDRD+PLTE*


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        255192.168.2.749988203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-5.587b1e5e.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:09 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10726
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:08 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 66d16666-afe0-4620-be15-3485571b6258
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC10726INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 92 00 00 00 aa 08 03 00 00 00 71 8c e6 7c 00 00 02 fd 50 4c 54 45 00 00 00 77 78 6f 66 64 5c 7f 7e 75 4b 4b 46 bd c5 bf 66 67 60 41 42 3b 54 55 4f c9 d0 cc 5c 5d 55 87 89 81 59 59 52 59 59 54 5a 5a 54 6f 6f 68 5d 5d 56 5e 5e 58 b0 ba b4 74 74 6c 5e 5f 58 b2 b3 b1 4b 4c 46 5d 5d 57 50 51 4b c3 ca c5 5e 5e 58 5f 5e 59 af b7 b2 5e 5e 58 64 65 5e 7c 7c 74 89 8a 83 96 99 95 64 64 5d 65 65 5e 6b 6b 64 c2 ca c3 b5 b9 b5 74 73 6b 54 54 4e ba c3 bb 84 85 7d 81 81 7a 9e a4 a0 68 69 62 77 78 70 79 7a 72 8f 90 8a 77 7a 73 81 84 7d ae b7 b0 81 81 79 98 9c 96 b8 bc b7 a9 ab a8 6d 6e 66 a5 ad a9 87 87 7f a6 ac a5 bf c8 c0 96 99 92 bd c5 bd c3 cc c4 93 9c 98 92 94 8c 96 9d 97 8a 8d 87 4d 50 4a 9a a2 9e c5 ce c6 60
                                                                                                                                                                                                                        Data Ascii: PNGIHDRq|PLTEwxofd\~uKKFfg`AB;TUO\]UYYRYYTZZTooh]]V^^Xttl^_XKLF]]WPQK^^X_^Y^^Xde^||tdd]ee^kkdtskTTN}zhibwxpyzrwzs}ymnfMPJ`


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        256192.168.2.749991119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:09 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-28.cf48975b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC469INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:10 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8656
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:09 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b4b21f4a-5db5-45f7-9894-cf0fae724151
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC8656INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c0 00 00 00 c0 08 03 00 00 00 65 02 9c 35 00 00 02 fa 50 4c 54 45 00 00 00 45 88 ee 43 84 eb de 7e 61 e2 8b 71 41 80 df 43 84 ea f9 a5 8b e7 94 7c db 83 6d 42 80 e7 43 7e e0 43 7c e1 43 7e e2 e1 93 7b de 88 73 41 7f e7 e6 97 80 4f 7d dc 41 7e e5 de 8c 76 e7 96 7e 42 7e e4 44 86 ec 43 84 ea 4f 7b d8 42 7f de 4e 81 da 42 80 e5 45 81 e2 f8 a3 88 dc 71 4d f7 a1 87 42 7e e2 47 7c e2 f1 a5 8c ef 9d 83 42 80 e6 ed 9d 83 44 7c e2 f6 a9 91 43 82 e9 ed 9c 83 43 7d e0 ec 9b 80 ea 9a 80 e7 98 7e db 8d 76 f0 a3 8a ef 9f 85 42 7e e3 42 7f e2 f4 a0 85 ee 9f 86 43 7d e4 42 7d e3 43 7c e1 eb 9c 82 43 7f e5 42 7d e2 40 7c e2 ec 9b 81 42 7f e5 e9 99 80 e6 98 7f ef a1 88 43 83 e9 42 82 e8 42 7a e4 40 7d e2 ea 99 7f f0
                                                                                                                                                                                                                        Data Ascii: PNGIHDRe5PLTEEC~aqAC|mBC~C|C~{sAO}A~v~B~DCO{BNBEqMB~G|BD|CC}~vB~BC}B}C|CB}@|BCBBz@}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        257192.168.2.749993203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-7.17756db7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:10 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 11943
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:09 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: cd8e6453-0460-466b-a8d1-2efcd619a580
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC11943INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 1f 00 00 01 1f 08 03 00 00 00 4f 89 32 7f 00 00 02 f7 50 4c 54 45 00 00 00 ff b5 00 ff 4f 01 fd 63 00 ff 55 0c f3 9c 02 ff 58 00 ff 54 00 ff 59 00 ff 60 00 ff 98 00 ff 9b 00 ff 58 03 ff 58 03 ff b9 01 ff c8 2b ff b7 01 ff 5a 06 ff ca 27 ff af 00 ff b0 00 ff b3 00 ff af 00 ff b1 00 ff d3 2a ff b0 00 ff dc 51 ff d7 3f ff 32 65 ff da 4f ff d8 4c ff da 4f ff b7 01 ff c6 00 ff 35 60 ff aa 00 ff d1 21 ff dc 52 ff b2 02 ff 34 61 ff b2 00 ff db 52 ff d3 36 ff 36 60 ff d7 49 ff d3 37 ff dd 52 ff c9 0f ff dd 53 ff d1 24 ff cd 06 ff d9 5b ff d8 3f ff ac 00 ff de 54 ff a7 00 ff c5 4f ff ce 0a ff 8f 00 ff d7 3c ff c3 00 ff ca 00 ff 37 60 ff d2 33 ff c7 01 ff 37 60 ff d4 32 ff 35 60 ff cf 19 ff 35 61 ff c1 00 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRO2PLTEOcUXTY`XX+Z'*Q?2eOLO5`!R4aR66`I7RS$[?TO<7`37`25`5a


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        258192.168.2.749989203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-9.39b61a69.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC572INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:10 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8337
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 4b4fc17e-7d82-4c77-8176-ef2e959503a9
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=4
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC8337INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 d0 00 00 00 d0 08 03 00 00 00 41 7a 1f 46 00 00 02 fa 50 4c 54 45 00 00 00 f8 52 0d fb 51 10 fb 4b 0d 75 a6 f4 85 af f4 82 b4 f7 ff db 29 86 b7 fd 89 b8 fc fc db 25 7a b2 ff ff dc 2c ff df 34 fe dd 2a cc de ed 7f b4 ff 7a b3 ff 84 b4 ff ff df 2d 84 b7 ff 7d b3 ff a5 cd fe ff c0 18 fe d1 22 a8 cb fa ff ce 1d a6 cd fe 79 b1 ff ff b0 12 ff de 35 77 b1 ff 85 b5 ff a6 c6 f8 ff e2 28 ff d7 26 ff dc 30 fb b1 16 88 b4 ff ff dc 26 fe 95 0e dd d7 b6 ff d2 12 a5 cd ff fe da 37 ca a4 b4 ff c6 1d 69 af ff 9d ca ff 82 b2 ff ff d1 2e ff dd 1d ff bb 13 69 ae ff fe d7 2d fa c2 21 7d b4 ff ff b4 11 c0 c1 dd ff df 1d ff ca 1d ff ce 1f ff b7 12 af d0 fb ff c0 17 c2 d7 f2 a8 ca fa ae c1 d3 bf d8 f8 ff c2 16 c8 dd f8 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRAzFPLTERQKu)%z,4*z-}"y5w(&0&7i.i-!}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        259192.168.2.749990203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-10.4f6a1e0d.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC665INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:10 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 17747
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:09 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: c3ad5c70eef5c644e26faca655106534
                                                                                                                                                                                                                        X-NWS-LOG-UUID: e16e606e-7d14-47bb-a405-c50d391c7391
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC15719INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 37 00 00 01 37 08 03 00 00 00 f8 fc f6 00 00 00 02 fd 50 4c 54 45 00 00 00 ff 79 7a ff b3 b4 ff aa ab ff 68 6a 03 86 31 00 7e 22 00 7f 22 ff c8 ca 00 7f 1e ff c9 cb 00 81 25 00 83 29 00 81 27 ff b6 b8 ff d0 d1 ff d2 d4 ff 9f 9f ff c2 c5 ff c6 c9 00 7e 20 ff c5 c7 ff c1 c3 ff c1 c4 ff a7 a8 00 7f 25 ff c8 c9 00 82 24 ff a9 a9 ff 8e 8e 00 80 24 ff a7 a8 ff a2 a0 ff be c1 ff ba bc ff b9 bb 0f a1 57 ff 8a 8c ff b4 b6 ff d0 d1 ff a9 aa ff b2 b4 01 7f 24 ff a5 a5 ff b4 b5 0c a1 54 ff b3 b4 ff c9 cb 12 a1 55 ff d0 d1 ff c4 c6 00 7d 20 10 a1 55 ff 8b 8c ff a4 a5 ff c5 c7 0a a0 53 ff a9 aa ff 8b 8d ff 8c 8d ff cd ce 7e a4 70 ff 95 96 ff b5 b7 0b a1 53 00 86 2f ff 8c 8a ff 95 95 ff 86 87 ff e6 e6 ff a1 a3 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDR77PLTEyzhj1~""%)'~ %$$W$TU} US~pS/
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC2028INData Raw: fb 05 ce a6 cc 9b 5e b7 c1 45 70 ab 1c 3b dd 2f d3 b4 48 ad 42 b6 cb 8c e0 98 60 30 98 c7 22 61 c5 95 4a 29 b6 93 27 4f e6 4f 76 bc ef 02 dd 92 6d 5b f0 90 7d 9f 7f 3b 0c 8b 49 1c 0a 54 66 5b ec db f1 d9 7a 8d 68 58 8c d4 fc 3c 0d f7 37 df a8 b6 4d dd 34 25 9b f9 2d a8 da 2a af 6f 9d 6f 22 dc 80 31 af 2b 70 c3 48 d0 cf 89 a8 da bc 9b 22 32 e7 e6 07 2a 5e 8c 87 53 3a 6a f5 2c ed fc fb 62 c8 26 c5 7d 84 4d ef 0f 90 8c 75 56 ff d0 a8 9c 31 31 6a 56 ce b1 29 a9 72 a3 9a 39 a0 d2 8d f5 46 37 e1 b1 da 0e bf be 75 e1 ea c5 26 3d 3b ef 35 b0 f7 f9 5b af 2b 4f e0 16 5d 4e 14 5c 6a 30 50 8e 6c 56 ae 24 b7 12 16 37 b8 24 9c b5 cb 7f ac d5 df 65 fd df 80 30 71 1f 5e 00 d8 0c 91 75 bd ff d0 fd ed f4 e9 d3 67 b0 a8 e6 d8 64 a6 33 96 53 c3 4a 1d ea 59 6c ee 68 ca 79 8a
                                                                                                                                                                                                                        Data Ascii: ^Ep;/HB`0"aJ)'OOvm[};ITf[zhX<7M4%-*oo"1+pH"2*^S:j,b&}MuV11jV)r9F7u&=;5[+O]N\j0PlV$7$e0q^ugd3SJYlhy


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        260192.168.2.749994119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC669OUTGET /im.qq.com_new/de9c920b/img/ornament-29.bf39516b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:10 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 16731
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:32 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: c1f2d1ad-f371-4503-949f-880ac898ebc8
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 71 00 00 01 71 08 03 00 00 00 b2 59 68 96 00 00 02 fa 50 4c 54 45 00 00 00 79 4d 10 ff c2 00 78 48 00 77 4a 08 77 48 04 77 4a 01 77 48 01 ff de 24 ff c6 00 ff e0 23 77 77 77 6d 6d 6d ff ba 00 ff dd 09 ff bb 00 ff db 03 ff d4 00 ff d1 00 ff ba 00 ff d7 04 fd b7 00 6a b9 ff ff db 03 ff d7 00 ff d7 00 ff da 05 ff bd 00 ff da 04 ff d9 03 6c b4 f7 ff d9 00 ff dc 17 69 b9 ff ff bd 00 e4 9a 00 ff d8 00 68 b8 ff 69 b9 ff ff b4 00 ff df 19 d3 be aa ff da 00 6b 60 56 ff b1 00 f9 cf 90 2a 93 de ff d1 8e ff d3 00 ff d5 92 7c 75 6d ff bd 00 af 72 0f f8 b1 00 ff bd 00 e0 91 00 69 b9 ff eb 99 00 71 71 70 ff de 14 86 80 77 e4 a5 49 91 8a 83 fb b7 50 69 b9 ff 5f 5d 5b ff d4 92 ff c2 63 ff d4 92 f3 b5 5f 9f c2 e0 f7
                                                                                                                                                                                                                        Data Ascii: PNGIHDRqqYhPLTEyMxHwJwHwJwH$#wwwmmmjlihik`V*|umriqqpwIPi_][c_
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC818INData Raw: 1c 77 59 64 19 fa 14 2f 14 0a 25 cf 8d d3 32 34 a9 2e c9 2a bb 55 85 f3 cf 40 e2 1c 79 6f 8f af 2c 6f c8 4e f1 2f 43 07 8a 33 e2 a5 62 a7 1e cb 63 53 af ba 24 2e 29 67 69 ab e0 26 cb 37 56 ee ae 2c 2f a5 d3 6b be 4e 81 e2 00 ce 88 17 cb ed 9f 31 5b 86 46 d5 41 1b 82 93 75 c8 90 ab 5a e1 b4 45 d6 06 1d 9b 8e 04 ce 88 97 bd 76 a2 78 9f ea 12 31 70 fb 1d e7 92 2b e2 7b 0c 77 26 93 96 59 f2 29 2e 3a 25 40 f1 72 a5 62 7b 6e 0c 97 a1 51 75 44 e7 f8 ec f2 a3 cc 54 26 03 e2 5a c5 01 5c 12 b7 6b e7 6e 9c 8f 4d 83 ea 84 38 67 fe e1 de 9d 5b 93 93 53 53 20 ce f2 0c 8a 57 a8 e2 00 ce 88 d7 72 9d 98 2e c3 21 54 a7 5b 65 96 bd e4 75 62 62 52 11 4f 2b e4 1b 46 c5 01 9c cd c7 fe 3a 7f 62 25 b9 50 1d c4 6f 33 b9 ad 54 2a 05 e2 70 fc b9 61 19 4a e2 02 b8 88 e7 26 c7 a6 56
                                                                                                                                                                                                                        Data Ascii: wYd/%24.*U@yo,oN/C3bcS$.)gi&7V,/kN1[FAuZEvx1p+{w&Y).:%@rb{nQuDT&Z\knM8g[SS Wr.!T[eubbRO+F:b%Po3T*paJ&V


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        261192.168.2.749995119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC664OUTGET /im.qq.com_new/de9c920b/img/page-1.e3569743.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:10 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 117721
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: e6095615-c4e8-47c3-a4f8-bcac8a2d74ee
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 5a 00 00 06 69 08 03 00 00 00 77 aa 97 08 00 00 02 fa 50 4c 54 45 00 00 00 0f 40 75 0e 2f 6b 0d 34 7a 0a 34 79 02 3f 78 12 3f 7e 01 39 7b 00 3a 7a 01 3b 7c 00 3a 79 01 3c 80 02 3d 7f 00 3d 80 eb ed ef f5 f5 f5 cd d5 e0 c0 cc dd d2 d8 e3 f7 f7 f7 b0 be d2 f2 f3 f4 e3 e7 ed f5 f5 f6 8a a0 be e9 ec f0 f0 f1 f3 ed ef f1 e8 eb ef d4 db e4 e4 e8 ec f4 f4 f4 f6 f6 f6 ff ff ff 00 9c ff fb fb fb ef ef ef f1 f1 f1 00 00 00 ec ec eb 8c 8c 8c 4d 4d 4d e7 e7 e7 e1 e1 e1 e5 e5 e5 e9 e9 e9 cd cd cd db db db d1 d1 d1 93 93 93 dd dd dd 96 96 96 b4 b4 b4 99 99 99 90 90 90 d8 d8 d8 b8 b8 b8 d5 d5 d5 9c 9c 9c a4 a4 a4 c7 c7 c7 ac ac ac 9f 9f 9f 28 bf ff a9 a9 a9 00 e6 ff bc bc bc c3 c3 c3 ca ca ca 00 d0 ff a6 a6 a6 00
                                                                                                                                                                                                                        Data Ascii: PNGIHDRZiwPLTE@u/k4z4y?x?~9{:z;|:y<==MMM(
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC16384INData Raw: 47 ce 9a 78 0f 01 65 09 8b 34 1f bf b1 c7 7f 3c d8 2a d6 a2 4c 9d 28 b8 6c 68 d5 05 ee 87 56 f3 d2 ef ab d0 7e 06 6c 39 cc 71 ae c5 dc d2 89 4e a0 56 89 bc d3 4b 5c 88 f0 24 5c 1d c5 60 6e fd 7a 9b 54 92 34 83 d3 83 2d 7c 67 a1 a8 a1 14 13 5a 75 6c f9 a1 d5 b4 ba d6 85 58 33 60 6b 7c 2d d8 d9 18 a5 eb 0c 49 0b cd d2 ce 5b 3a 89 ed 20 6b 2b b0 c5 a7 3e 32 a6 87 21 68 39 7b 63 64 c6 96 82 56 0b 5b 30 bb 6b 9f 71 93 13 5a 7e ff 5f bc 64 c0 96 cb 3a 7d 2d 60 4b 96 6b 9d ba a5 e9 41 25 c5 a0 ac 80 12 fe af e7 b3 8c c5 c0 55 e1 6b 5d 0d b6 a4 fe dc 1d 5d f5 7b f6 4d 7e 68 39 57 24 d4 95 01 5b 23 6b c1 8e 10 a2 c5 a7 e8 e8 a4 ea b5 64 63 ea 22 ae 08 6a c9 02 7e 75 ae 55 32 df b3 96 cb 2d c6 96 fc d2 df 0f 59 bf 67 dd 74 59 68 4d f2 4c 2b 03 b6 9c d6 e9 6b e1 cc
                                                                                                                                                                                                                        Data Ascii: Gxe4<*L(lhV~l9qNVK\$\`nzT4-|gZulX3`k|-I[: k+>2!h9{cdV[0kqZ~_d:}-`KkA%Uk]]{M~h9W$[#kdc"j~uU2-YgtYhML+k
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC16384INData Raw: 06 52 cc 8e 00 55 b1 44 95 59 52 4a 86 62 f4 05 db 33 04 c8 f4 44 6d 2b a7 05 60 5a 89 48 8d 28 b8 43 44 38 4c 6c f5 a6 16 ee d7 c2 32 86 2e fb bc 96 f5 62 6a d3 5c 3c a8 65 1d e0 b7 9d 6b 39 76 be f7 01 2d 6e b9 d6 e5 ab 9b b3 d4 5a 88 2c 5d ab eb ab ab eb d7 2e f6 b2 96 32 23 08 0b 8a 20 ec 96 87 84 45 fc c2 15 8a 99 78 27 46 d3 c2 44 04 df 72 00 40 cd 83 2e 32 97 cf e7 5b cb bb f9 bc 27 bd 45 80 ea 81 7a 78 7c 61 61 61 da 53 9a 8e 4e 48 00 20 0e 25 b4 a0 37 54 5b 91 43 d9 18 80 94 39 3d 56 1a 6d 8c 4b 13 da e4 70 db 5a 64 50 49 52 fc 65 aa 86 2d 7d e1 f1 2e 7e 86 d7 80 44 9a 4b 65 ca 44 39 1d 4a 68 fe 11 5f 33 38 a6 85 87 c0 15 da 4f ad 43 c7 16 bb 3d 17 03 42 ac 10 f6 2e 63 60 9b 13 d7 5c 8b b9 cb 32 09 79 33 0d 07 ad 6b c2 dd 03 ad 83 a9 f5 e8 55 03
                                                                                                                                                                                                                        Data Ascii: RUDYRJb3Dm+`ZH(CD8Ll2.bj\<ek9v-nZ,].2# Ex'FDr@.2['Ezx|aaaSNH %7T[C9=VmKpZdPIRe-}.~DKeD9Jh_38OC=B.c`\2y3kU
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 30 76 6d 06 52 92 ea e8 c4 27 c6 f8 d3 75 ac c5 66 c5 34 22 34 33 70 35 9a 5c c7 51 4b a9 21 34 39 a9 64 e7 03 57 4f 6d b6 a7 92 fc 32 7f 4f 18 b2 2e 5c f8 e1 87 9f d5 8a 5c 12 8b 89 6f 8c 41 a1 aa b4 8e 6a 91 1b 05 72 64 b2 42 ad 06 ab 95 06 be 8a 15 77 1c 24 07 5c 8a 54 8e 37 4d 7f b3 ec c4 a2 0d 90 77 67 2c 00 d1 aa 90 67 63 25 52 cf 6a 56 f2 d0 c6 5a 9f 83 94 a4 e6 6b 29 bd 31 b4 e4 bb d6 87 90 63 16 45 2d 43 d9 77 de 6b 29 66 b5 cb 73 f1 27 c1 bd 96 0c 5b c7 64 d4 fa e3 f6 47 ff bc 80 56 55 7f fe ee af 73 28 56 18 b3 02 b5 96 3a cc 3a 72 c3 ea 07 02 e2 c8 55 66 96 7d 52 cb 2a 93 28 a4 4d 13 40 b8 eb 72 f2 0f 09 43 88 6a 8d 3e 28 b8 45 20 aa a5 1c ba 58 5a 06 64 a8 dc c2 d7 1a 3a 87 8c 94 38 ce 81 e5 a5 0b c2 9d 67 08 6d 43 1d 9d f4 ca 77 2e 7d 57 6f
                                                                                                                                                                                                                        Data Ascii: 0vmR'uf4"43p5\QK!49dWOm2O.\\oAjrdBw$\T7Mwg,gc%RjVZk)1cE-Cwk)fs'[dGVUs(V::rUf}R*(M@rCj>(E XZd:8gmCw.}Wo
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 80 1f e3 a2 55 6b 94 b1 1a ae b5 17 98 9a 64 5c d5 a9 eb f6 5a 5b cf 98 90 2d 75 75 1a 86 f0 79 22 5a 06 de 6b d5 62 53 00 2b 02 4c 5c 2a 0f 38 ee 86 ab 66 84 63 77 a4 72 c5 1f 80 6f 67 37 e6 1b 38 27 c0 31 63 0f c6 65 4b 6f b9 8f 7f f0 70 c5 d5 9c 6a 41 8d b6 96 26 eb ae 34 e1 db ec 5a ba f3 bb b1 a1 90 cf ea 24 40 08 16 4b b8 ba 4d a7 f0 68 44 ab 54 2d d6 46 47 63 45 8f 0b c8 c1 7e 72 87 1c f0 70 ac 33 04 99 d8 a1 44 36 c8 83 1d f7 1c 80 c5 af c9 7f e1 51 86 b9 b6 f3 df 7f e0 c4 ea ff 64 60 b0 ad 55 43 b5 10 2e 9d ba 0e 55 4b 0f 85 e4 e9 b5 94 6c 99 18 be 4f 43 63 e8 e0 b9 c4 45 68 a4 ad 55 9f 4d 69 16 33 d6 ce f9 ec 93 b7 3e fa e4 33 bd f3 a8 3a 54 57 d3 f8 82 ec 24 c6 a4 85 11 c0 80 a7 6b 47 4a 38 df 76 97 27 10 98 00 1d 97 2d 20 ab 95 bf b9 86 6a 19
                                                                                                                                                                                                                        Data Ascii: Ukd\Z[-uuy"ZkbS+L\*8fcwrog78'1ceKopjA&4Z$@KMhDT-FGcE~rp3D6Qd`UC.UKlOCcEhUMi3>3:TW$kGJ8v'- j
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: c9 4f 88 50 06 df 9f cb fc 5c d4 f4 7c ad e5 60 6b e6 13 87 ed c1 7d 78 b7 d6 40 0e e1 66 d8 5a b4 7b dc 5a 14 96 70 35 e0 92 63 93 eb 5b 0e 61 b2 0b 6a 6c 14 56 dd 8b f4 91 63 2c 47 dc 95 c4 dd 43 59 5b b8 ff d8 ab c7 16 4d e0 07 0d cc 29 41 c9 d2 75 de 43 84 f6 b8 16 e7 39 3d 47 5f 71 83 f0 ed 58 5f 6b 31 d8 9a f9 bc 61 14 e3 63 1a 76 0d c2 ca b6 d6 e6 d7 a8 95 02 87 4e 4e 27 7c d0 aa 93 e9 1a 8f 19 c6 29 f1 97 82 18 4a 6a 0f fa 73 d4 5b ab 32 3a 2e b3 c8 f1 87 59 17 b6 c6 fb 5a b2 41 68 97 d7 c2 71 2d b1 10 21 c9 8f b3 44 32 86 0d ad 97 13 7d ad c5 60 6b 0e c9 c3 15 15 66 fa 9d f3 3c 37 03 d4 aa 76 2c cc b7 d8 b1 12 8b 5a f1 67 90 51 2a c7 6d 8b 01 44 70 89 93 5a 2d 5a 4b 6f 69 64 fa 68 14 c6 e9 41 b5 51 a6 ea 27 47 6a d8 9b f4 d6 da 2b 90 ce 8f e9 e0
                                                                                                                                                                                                                        Data Ascii: OP\|`k}x@fZ{Zp5c[ajlVc,GCY[M)AuC9=G_qX_k1acvNN'|)Jjs[2:.YZAhq-!D2}`kf<7v,ZgQ*mDpZ-ZKoidhAQ'Gj+
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 86 5f 3b b3 b6 9d ef eb 1e 6a a9 e5 7d 1e b4 2c 04 ad f0 90 e3 7b 08 bf 16 5d 59 38 68 ad 5c c5 78 81 7e 0c 48 2b a7 87 d0 15 b6 a6 4d 19 0b 5a 73 a1 55 0b 5a d3 0e c9 81 6e 8c af 60 96 9b d7 72 d4 02 b0 60 0a 99 a5 ad 62 c0 df 6d 22 f4 4e 25 82 56 1a b4 d4 3d 18 1f 72 ca bc 16 53 ab 93 22 e4 6e 8c a4 f6 5c 9f 21 b4 ce 77 2c 9d 29 af 1e 6a 69 4e 4b d0 ba 0c 68 b9 e4 3b 1c f8 0f da 73 57 68 cf bd 41 ee 1d f3 fb b9 75 ad bb bd b6 7a 1b 9d 38 34 a7 25 68 65 04 1f 32 a6 96 5b f1 69 53 c6 0d b5 78 39 86 85 63 56 5e 8a 90 bb 31 30 0b 19 75 be 0b 5a 82 d6 49 a1 15 fb 6b a1 ac 05 07 7e c3 16 12 84 b9 db 31 30 53 02 1b a0 1b 5f d7 32 e3 ba 92 7c 17 b4 04 ad f4 88 0f 19 4f 19 a3 ac e5 9a 08 7d cd d8 f7 62 2c 52 90 f5 09 09 42 de e8 64 d2 ea a9 6b 69 b8 f8 2f 7b 67
                                                                                                                                                                                                                        Data Ascii: _;j},{]Y8h\x~H+MZsUZn`r`bm"N%V=rS"n\!w,)jiNKh;sWhAuz84%he2[iSx9cV^10uZIk~10S_2|O}b,RBdki/{g
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC3504INData Raw: 4d 2b 7c 99 09 17 c5 15 4b 67 f4 f2 f0 be 28 7e d9 b1 5a 3c 9e 38 37 5e f8 0a 6f 23 96 a4 66 88 91 0d 83 55 17 cc 85 3c f5 3d 1f b3 34 e7 18 63 46 18 e1 0d 74 97 ad 39 dd ec 5a 99 25 17 10 a9 c6 49 17 af 72 3e c9 75 62 8c 02 bd 1f ec b0 67 d2 09 97 67 64 b9 8b f8 53 ce 79 64 1d 4f 33 0b 7c 60 74 d3 84 53 b4 f6 17 fd cc 59 c7 d8 08 01 15 43 da 5d 31 e5 a4 74 56 19 38 9a 73 61 ad c7 81 33 f0 c2 a9 43 ce ad 0b 7f f9 5e d3 e7 df 0b 0e 79 26 51 14 28 1c eb 76 95 e4 62 ad 06 56 ef 30 b4 aa 3d 7e 68 60 69 78 d3 7c 73 8a f7 61 6a 7d 88 e6 56 f6 6e b1 9f b8 91 26 0d f7 73 a1 be 9a 5b 3b fe 2e 33 26 a1 5a dd e9 0e aa 8e df 48 97 bb 1c 8a 15 f2 86 5b f1 48 4f de 44 d3 2d 1e bd 84 c2 ed 37 b3 6f dc 5f d3 e1 b5 33 b2 83 85 b6 76 2e 15 7e da fc 57 e1 35 f4 1e 09 09 43
                                                                                                                                                                                                                        Data Ascii: M+|Kg(~Z<87^o#fU<=4cFt9Z%Ir>ubggdSydO3|`tSYC]1tV8sa3C^y&Q(vbV0=~h`ix|saj}Vn&s[;.3&ZH[HOD-7o_3v.~W5C


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        262192.168.2.749992203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-12.963691a2.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC624INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:10 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 9900
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 0eb2596b176345487496880fc2b46ff7
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 2a5a4a7c-ac72-4517-9ba1-e8be1bdb11d6
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC9900INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 44 00 00 01 2d 08 03 00 00 00 47 cf e9 66 00 00 01 56 50 4c 54 45 00 00 00 ff d1 e9 ff cd e8 ff cd e0 ff d1 ea ff d1 e9 ff d1 e9 ff d1 e8 ff d1 e9 ff d1 ea ff d1 e8 ff ce ec ff cf e8 ff d1 e8 ff d2 ea ff d1 ea ff d1 e9 ff d2 e9 ff d1 eb ff cd e8 ff d0 e6 ff d1 e7 ff cf e7 ff d1 ea ff d1 e9 ff fc e3 ff 97 c2 ff 49 96 ff 95 c0 ff fb e0 ff 8f bd ff 92 bf ff 4c 98 ff 8a b9 ff f9 de ff 8c bb ff f7 dc ff 86 b7 ff 83 b5 ff f5 d8 ff 55 9d ff f2 d6 ff 81 b4 ff 4f 9a ff 5b a0 ff 7f b2 ff 79 ae ff 71 a9 ff f0 d3 ff 7b b0 ff ee d1 ff 5f a2 ff f6 da ff 76 ae ff 74 ab ff 64 a5 ff 58 9f ff 51 9b ff ea cb ff 71 ab ff 87 b8 ff 7a b0 ff 6d a7 ff 69 a8 ff 7d b2 ff 66 a6 ff ed cf ff 6b a9 ff 6d aa ff ec ce ff 73 ad ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRD-GfVPLTEILUO[yq{_vtdXQqzmi}fkms


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        263192.168.2.749996119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC664OUTGET /im.qq.com_new/de9c920b/img/page-2.9a3b1afa.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC472INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:10 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 542510
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: bbe10f6e-947c-4de0-a352-8944f1159f7b
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC15912INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 1b 00 00 06 01 08 06 00 00 00 d5 ab 86 93 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC16384INData Raw: f1 9b c6 46 da 97 b8 3f a0 75 0a df 86 b8 5f f3 f8 0f cf 30 3d 9f c7 ff d3 37 fe 21 d1 12 09 9b 48 b6 06 a5 28 4d 12 9f 38 4d ea b7 af de 1e 94 fb d4 6d c2 dc 77 d3 02 ad d8 c5 38 6c 53 55 ab a0 2d 70 b0 ce f3 60 3d 87 de 9a d8 0e 05 91 07 db 8a 18 a7 01 40 6a a4 1e 39 b7 18 35 f3 3f d4 a5 b1 20 19 19 a0 cf fa 98 58 a9 33 19 b5 f7 c0 29 8d 35 a2 36 a3 22 d5 50 e9 85 d0 3c 22 d5 e8 18 ed 8d 6e 24 ed e8 2a bd e4 54 af d8 a8 dc 71 15 f5 df c8 96 9c db 0a 3a ac 2b 41 91 d9 c6 63 3a 30 18 38 af 6e 72 83 73 1f 51 c3 0a 0c 09 8e a7 ab 38 60 60 70 10 04 18 2d 98 74 fc 5c 97 81 ff ae 17 66 03 ed f4 1c 87 0b c4 57 0c 11 75 79 1d 3e 65 32 e2 08 92 b6 dc d8 bb 81 15 c3 85 40 7c d3 a4 5c f5 81 03 fb 57 38 48 5f fd 7a 97 de 87 5b 88 92 e9 7d 52 9b 01 d3 ab a5 4f c2 d5
                                                                                                                                                                                                                        Data Ascii: F?u_0=7!H(M8Mmw8lSU-p`=@j95? X3)56"P<"n$*Tq:+Ac:08nrsQ8``p-t\fWuy>e2@|\W8H_z[}RO
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC16384INData Raw: fa f3 f1 2f fd d1 17 8f ac 7d b4 a6 01 b7 11 84 1c 27 4e 3f 16 49 37 8e d6 8c c6 8e 5b c5 68 1c ea 54 1c f8 0f d1 c6 e7 83 d1 f8 ce 89 9a 25 39 76 aa 52 66 03 d7 1f aa ff ed c1 8a 32 f6 9d 74 83 01 c9 06 22 8d df 1f 82 ff 8d 3a 86 03 50 a6 63 cc 18 89 83 c1 68 b7 5c ac 37 6f 1a 0e 74 7d 64 f1 b2 96 6c 94 8e e1 e8 4f d6 12 8d b9 b9 88 f9 50 a8 d6 4f ac 15 04 06 22 b6 8b b6 61 25 ea 1f 6b 12 69 ec 0d 2d eb 72 30 1e 97 dd f5 2d 90 44 35 24 eb a6 4b d3 d1 76 a3 2e 55 48 bf cc 90 75 79 db 75 7e 88 d9 4e c3 33 1a 7d 8e b3 a1 c7 78 90 60 34 68 41 22 87 43 c2 01 15 2a 00 86 3b 78 11 f4 a5 58 9c 9a 2f 58 24 56 ff e0 e2 16 69 f0 b3 dc af 5f a8 e5 dd 2f 29 38 ce 0b 4b 33 c4 35 1a ff 0e 05 15 aa 17 bd 40 18 8d 83 bd 9f 78 d3 33 c1 68 e0 03 87 41 0f 80 89 50 c9 84 02
                                                                                                                                                                                                                        Data Ascii: /}'N?I7[hT%9vRf2t":Pch\7ot}dlOPO"a%ki-r0-D5$Kv.UHuyu~N3}x`4hA"C*;xX/X$Vi_/)8K35@x3hAP
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 4a 38 20 57 41 d5 e8 a1 d5 ed e1 a1 aa 01 43 8f a9 1a 06 83 c1 60 30 18 0c d7 0f ea 7c 02 15 b0 bd b9 21 59 17 82 68 80 70 68 42 15 22 70 5b b7 2f 45 f1 f9 26 be cf cc dc 62 0c 65 23 7c 2e 4d 34 85 77 e3 b4 f7 01 43 d9 c0 a9 6d f6 6d 8c 8c 50 5d bd 4c da ec e9 d9 11 14 fb 01 fb 92 bd 5a aa 86 fa 95 31 ed a3 3d 1b 0a 90 8c 1c 6e eb 3a 94 a4 51 e5 31 46 45 32 35 84 51 aa fe c0 33 4d 3c 2e 15 25 35 1b e8 de d0 9b 06 06 28 e8 f3 5b cd 29 36 a2 6a 00 9b f5 6c 24 7e 0d dd c7 3c 17 ae 6a e5 39 fb 35 70 73 60 0e bf ed d6 5b 57 74 1f e8 77 6c 0b 8c 2b 5f c8 c6 85 35 5e 28 e7 2f 30 c1 14 29 55 35 f0 c5 ab 4b 3f 1c a7 52 46 88 bf 3c 30 44 9d 8b 53 73 b8 e2 c2 72 75 bf c6 2e 2f 79 5d 5d 38 79 f2 24 fd d1 1f fd 11 dd 79 e7 9d 64 30 18 0c 06 83 c1 60 d8 18 56 02 e5 62
                                                                                                                                                                                                                        Data Ascii: J8 WAC`0|!YhphB"p[/E&be#|.M4wCmmP]LZ1=n:Q1FE25Q3M<.%5([)6jl$~<j95ps`[Wtwl+_5^(/0)U5K?RF<0DSsru./y]]8y$yd0`Vb
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: b1 b7 9d b4 72 de 37 89 4f cf c5 48 42 c5 48 3f 7a 36 2e f8 e6 f0 11 90 8c de 5e 56 37 70 3d ed da 38 96 bc 5a f1 4b b4 22 69 54 a9 39 5c cb ae 97 3c e1 40 a4 2b 52 a8 ca 7e 8c aa a8 8f 25 59 5f 43 d9 d0 93 fc fd f0 6c 38 55 23 8c bf 05 50 c4 8d ad 8e 52 01 58 db 83 68 20 0a 77 23 dd 1a 21 36 ab 6c c4 51 3a c0 15 8c 54 45 15 6c 28 ef de d8 60 32 4a 35 28 a5 7e 87 82 0f 16 78 37 78 96 cc 7d 11 20 1a fb df f1 89 15 82 aa e1 7d 1b 00 b6 ca e8 c2 31 aa 63 27 45 d9 50 85 03 8c 10 d1 b7 d8 ef e9 ed a9 50 37 76 76 b4 04 46 9d 96 68 6a 36 95 b0 ea 66 dd 7f 14 53 d5 0c d4 60 30 18 0c 06 83 c1 70 2d 03 7e 8d 05 8d be 75 d0 34 2a f5 6c 90 26 55 39 92 51 d9 24 4e e2 d9 08 20 9e 8d a6 78 e5 3c cc e1 69 22 15 52 50 bb ba 90 48 b5 8b d0 b3 a1 f7 bf 7f 66 4b 1d 3c 1b b8
                                                                                                                                                                                                                        Data Ascii: r7OHBH?z6.^V7p=8ZK"iT9\<@+R~%Y_Cl8U#PRXh w#!6lQ:TEl(`2J5(~x7x} }1c'EPP7vvFhj6fS`0p-~u4*l&U9Q$N x<i"RPHfK<
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: f3 25 04 22 79 ab 1b c7 ab 81 d7 0e 5f ef 4a 02 23 62 20 57 9f fd ec 67 e9 2d 6f 79 0b 3d e0 01 0f a8 30 b5 57 a3 d6 88 15 80 cf a4 cd eb 06 c3 5d 01 8c d4 7f f8 10 b7 0c 98 95 28 db 87 bb cb bd 5a 25 19 09 24 01 0b e7 f7 3e 71 b5 b9 1a 71 b4 bf f1 05 31 47 03 e8 8b 40 07 47 b5 f1 1b b7 df 76 67 1a 91 8b 45 36 7c 22 cf bf 31 bd cf 8b ff 4b d2 9a 80 4f 38 65 7f f0 2b b5 df 2b 54 14 34 9c 87 78 68 d7 fa c8 c6 fd 1d d1 78 7c 2f 6d 18 77 96 85 34 d4 ad e3 37 2a 16 0f 1f 74 9f f5 8e 69 69 61 ff af 9f 24 7a c1 a7 2f fe 98 0f 1f 93 4b 35 fe f4 91 32 62 65 30 ac 17 50 36 a2 96 96 54 d9 58 5c ae b8 5d 0d e2 88 be 95 06 71 a8 1b e2 db e0 52 bf f6 46 f1 6d 38 20 fa 76 76 91 e2 29 7f 16 5b 63 6f 91 44 85 67 df da d0 ec 4e 7a b7 50 77 f7 76 2e f5 ab 7e 2f 69 a9 5f 25
                                                                                                                                                                                                                        Data Ascii: %"y_J#b Wg-oy=0W](Z%$>qq1G@GvgE6|"1KO8e++T4xhx|/mw47*tiia$z/K52be0P6TX\]qRFm8 vv)[coDgNzPwv.~/i_%
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: fc bc 6b d7 37 46 49 46 3e 0e 7d 4c 82 78 c1 89 0a c2 41 0b 55 a3 66 83 ea c6 75 a3 8e 54 4a 32 70 a4 32 9d 41 55 83 f6 29 df 42 55 46 28 5e 76 6d 54 2c a1 ed ad 68 37 fc 7b 56 2a ea 44 35 6e 08 f5 53 47 2a c6 f2 3a a6 a7 a0 a0 ee b3 81 0b 6d cb 03 e5 c3 b6 51 d1 3a 95 e4 69 82 f2 af bc af db a8 71 69 9f 72 fe bc 26 4b 10 af 1a c4 28 8e 49 69 b0 5f e6 fd 6b bf 88 ba 09 42 fd 2c 46 bd 1d d5 c4 84 13 88 53 33 42 10 43 65 e3 ca 2b e7 b2 56 2a fe 18 9a b3 c1 75 97 b5 d1 88 61 fb 1f 98 ff 9a ab 66 50 d5 08 83 fd c0 e2 e2 82 89 88 88 88 88 88 88 88 88 38 5a 50 c2 41 65 83 85 cb 68 36 70 a4 72 a1 7e ee 71 da 4a d5 73 ca b5 50 a1 db 58 41 bb 61 54 b3 31 60 96 56 4f 66 6b aa 1b b9 4e b8 71 c2 9b 36 aa e9 f9 e5 34 b3 c0 35 aa 3b b6 e3 e1 cf 35 8a c3 6f f8 9c 0d 25
                                                                                                                                                                                                                        Data Ascii: k7FIF>}LxAUfuTJ2p2AU)BUF(^vmT,h7{V*D5nSG*:mQ:iqir&K(Ii_kB,FS3BCe+V*uafP8ZPAeh6pr~qJsPXAaT1`VOfkNq645;5o%
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 07 46 74 1a 43 fd b0 4c 27 10 ef 3b 79 b6 4d ad c9 b0 2b 4b 2d e1 88 d6 b7 8d 60 b6 05 81 f5 61 5a ac 18 a0 93 3c 7e 90 70 25 aa 0a 3c 67 bf 10 40 08 02 b3 41 3a 43 d5 4c 37 c2 09 0f 7d 85 26 a5 03 4e 5c 95 4a 45 d2 c7 69 a1 62 66 4c 35 15 9c d8 e8 57 0d 7f 44 cc cc 71 1d d2 b0 d7 77 c0 fd b4 a4 21 70 54 87 2f 48 0f df dd f3 12 21 46 44 44 44 bc 28 70 0c a5 7a cc 6c 3d c7 cc c3 82 e3 26 c7 51 aa c7 0c c8 9f 55 b5 fd b0 a0 7a 4e 8b ec db 69 ef c2 09 8b 16 df 30 a0 8f b6 5d 26 bb 9a bd 2e 8f e5 1c fc b4 f3 37 38 2f 3f 0f db df 77 3a 5c ce 46 7b 6a 2c e1 30 73 76 22 db 4e 1e e2 50 35 7b 6f 35 b3 be 45 1c ee 44 e1 96 7c 78 82 c1 5a d2 c3 99 a4 b4 c4 d7 85 fa 49 75 23 21 d8 6f 51 83 a2 4d ae db c0 f6 56 6f a3 26 a7 9e 63 b3 b6 b2 41 c6 c6 cc dc 2d bb 5c 4a 6f
                                                                                                                                                                                                                        Data Ascii: FtCL';yM+K-`aZ<~p%<g@A:CL7}&N\JEibfL5WDqw!pT/H!FDDD(pzl=&QUzNi0]&.78/?w:\F{j,0sv"NP5{o5ED|xZIu#!oQMVo&cA-\Jo
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: e4 38 cf 6b b2 5f f3 7b f9 b1 1f fb b1 86 e7 72 6e 60 42 a6 55 f2 1d 82 fe fc 7f f1 2f fe 45 4b 8f e5 77 cc 36 f1 fb fe e0 07 3f 28 c7 ef 56 c0 77 c4 84 01 bf 07 7e db cd c0 31 9e fd ff ca 95 2b e6 20 e0 3c c4 76 e9 79 a9 19 5e 7d f5 55 39 ef 2a 98 a8 e3 39 e1 31 2b 42 d3 c3 1f a4 a6 bb 5d 5a a8 a8 6c 60 7b cb 7d ea 48 d5 d3 dd 99 20 0e b7 47 e1 c6 e7 da db 97 97 96 d2 62 c2 06 93 d7 74 cb 30 99 4d 45 03 db db f4 a1 49 86 cf 9b 74 de ff b9 34 45 bc cd 13 0d 32 36 66 76 1f a6 4d 2e 10 5f b4 d5 0c f7 b7 63 78 3c ea dd a8 f4 ba 08 9f ed 58 a2 67 e2 4d 5b c9 38 6f ea 90 8f 32 4a 85 3c 41 dc 11 8e 1a b3 ff ae 08 50 9d 4a 75 77 70 6d 53 3a 8e 4f 7d 01 41 a2 2d d0 6b 27 61 1b 95 39 40 ce c6 61 c8 46 12 ae 5d cb 54 22 55 0d 27 0a 1f 4b 1b 1e c8 86 fb 5e af d7 5f
                                                                                                                                                                                                                        Data Ascii: 8k_{rn`BU/EKw6?(Vw~1+ <vy^}U9*91+B]Zl`{}H Gbt0MEIt4E26fvM._cx<XgM[8o2J<APJuwpmS:O}A-k'a9@aF]T"U'K^_
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 83 71 2a 17 5f 1c 90 76 c3 9a 2b 8c e2 95 78 3d aa 86 4a 40 40 7b 36 20 1a 7a 1d 2e fd cd 46 a8 42 6c 58 c0 d4 cc 42 8e 41 bc cf f5 b9 ab 91 4d 6a 22 95 8e 52 a1 6c 70 3c 50 4c 3c dd 3d ae f3 ce 5a 66 ca c6 e6 60 d4 89 c5 0e 7f 20 36 5b b0 e8 6d fe dd bf fb 77 ee db be ed db 64 81 d3 88 1f fb b1 1f 73 ff e0 1f fc 83 4d 89 06 e0 0f 12 8b aa 6f fa a6 6f aa 5b cc 29 fe f7 ff fe df 42 54 36 23 1a 80 5f 4e ff f3 7f fe 4f b9 3f e7 1b f1 47 7f f4 47 ee ef fe dd bf 7b 4f a2 01 7e fa a7 7f 5a f6 71 76 76 d6 6d 19 3c d7 bf f5 32 de 17 7c 8e 73 3f fb 33 e1 b2 e1 91 c2 af fe ea af ba cf f8 8c cf 70 6f 7f fb db 37 fd 6c de 2f f0 33 01 81 ff be ef fb be 4d 89 06 b8 7c f9 b2 7c ae 59 f8 6d 86 ef fa ae ef 92 9f ab 7b fd dc ae ac ac b8 7f f5 af fe 95 fc ec f0 7c 5b c6 b4
                                                                                                                                                                                                                        Data Ascii: q*_v+x=J@@{6 z.FBlXBAMj"Rlp<PL<=Zf` 6[mwdsMoo[)BT6#_NO?GG{O~Zqvvm<2|s?3po7l/3M||Ym{|[


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        264192.168.2.749997119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC664OUTGET /im.qq.com_new/de9c920b/img/page-3.f961bc34.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:10 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 103063
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 77af3f3f-da7c-4482-b53b-25372c3fb3dd
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 2e 00 00 06 13 08 03 00 00 00 22 b1 9c 4d 00 00 02 fa 50 4c 54 45 00 00 00 18 43 85 0d 3e 7c 02 3d 75 03 3f 80 03 3d 84 d4 dc e4 d9 de e9 bf cb dc b6 c3 d5 dc e2 eb f5 f5 f5 f2 f3 f4 86 9f bd ee f0 f2 ed ee f1 e7 ea ef ef f0 f2 f0 f1 f2 ec ee f1 e3 e6 ed e8 eb ef e6 e9 ee e3 e7 eb f5 f5 f5 ff ff ff f7 f7 f7 00 9c ff fa fa fa f1 f1 f1 c9 e9 ff cc e8 ff 00 00 00 c7 e7 ff ef ef ef ec ec ec c4 e9 ff 8e 8e 8e cd ea ff ff 61 39 4d 4d 4e e9 e9 e9 fb fc fc d1 e9 ff df e0 e0 e5 e4 e4 9c 9c 9c da db db d5 eb ff 95 95 95 e5 e6 e7 c9 e4 ff 00 b5 ff d9 ed ff a2 a2 a2 ce ce ce a8 a8 a8 d2 d2 d2 c1 c1 c1 cb cb cb c6 c6 c7 e4 d5 f9 db e5 fa d6 d6 d6 d3 de fe e4 ed e9 bb bb bb e2 d7 fc da e9 fc e2 de f4 7f af e1 e3
                                                                                                                                                                                                                        Data Ascii: PNGIHDR."MPLTEC>|=u?=a9MMN
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 90 45 73 3d 6c 51 04 a3 32 df 36 a2 ac d9 05 4b 71 48 62 d8 d5 2f f1 72 d9 1c db 1d 95 7e e7 bf 8f 66 0c a2 18 b7 29 f5 18 eb 2f b9 96 ec 62 97 f1 73 f9 18 92 f8 2d f5 c5 72 76 b1 06 4b 8d 14 5c 2c 21 8d d9 23 f9 ce f4 f5 eb 0c a3 90 6b 2f 85 73 b0 02 a2 28 c6 49 af ef 5e c0 5f cf b8 ee 56 c5 98 12 0c a5 3e 04 a1 da 65 de 0f 6b f4 fb ca 2e be ce 18 e7 90 7e d8 3b a3 dc c6 61 18 88 56 46 80 bd 82 22 84 3f d9 3f df ff 80 ab 18 46 69 63 58 ae 16 66 21 76 33 4f 49 1a 18 45 d2 8f 0e 68 4a e4 90 64 06 72 17 08 2f 4e d1 58 dc 29 65 b1 6a f8 17 1e 53 92 5c 68 74 f1 cf 5d 6c a9 68 e6 11 20 19 1a 27 91 ec 58 3e 63 37 db c3 d2 92 4c 90 54 f6 87 11 5c d8 ef 42 12 31 3a f9 b8 18 44 f7 87 19 d1 85 37 63 24 13 56 01 bf 39 6c 4f 4b f8 51 2b 25 a2 5e 8c bd fa 24 3d 7b af
                                                                                                                                                                                                                        Data Ascii: Es=lQ26KqHb/r~f)/bs-rvK\,!#k/s(I^_V>ek.~;aVF"??FicXf!v3OIEhJdr/NX)ejS\ht]lh 'X>c7LT\B1:D7c$V9lOKQ+%^$={
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 4d 0a 69 72 52 9f 14 f5 5d b1 cb 89 f6 42 ab 9e 2e a6 8c 2d 62 97 e9 7c 2e 2d 6e 59 6c 1c c7 6e 0c 6e ec cf 0b 8e f1 1b c9 d3 2e 3f d8 3b 83 d6 56 aa 30 0c 2b f8 23 c6 e1 04 21 59 45 27 1d 0d a4 4d da 62 30 e8 6d 40 68 09 25 a4 08 96 92 6e d4 de a2 2e 84 2e ba 30 37 9b 69 90 16 5d 05 53 21 70 03 dd 04 b1 3f e2 6e 4a ff 88 ff c2 f7 3d 67 ce 3d 39 33 d3 24 f5 8e 75 02 f7 fd be f3 cd d4 4a 71 e1 c3 fb 7d 33 67 66 ec d9 65 f9 0f 56 a0 a4 41 0c 33 b9 19 cb ec 9e b1 eb 67 f3 f5 bd 08 e5 78 65 1e fc 2a b5 85 33 37 8f e5 95 5c fc aa 53 a5 6a 42 94 1a 4a 45 51 ac b6 3a 5b 2d f9 4f 95 0a 79 7e b1 0f b8 68 7f 39 27 2c 48 a8 48 5a 60 2f c9 bc 18 64 f4 0c 43 48 42 56 f4 02 20 5c c6 5e b8 14 2f 7f 85 bc a8 8e 6c 00 83 39 45 28 5b 91 15 f7 5c 4e d1 88 c1 63 c0 0c 69 41
                                                                                                                                                                                                                        Data Ascii: MirR]B.-b|.-nYlnn.?;V0+#!YE'Mb0m@h%n..07i]S!p?nJ=g=93$uJq}3gfeVA3gxe*37\SjBJEQ:[-Oy~h9',HHZ`/dCHBV \^/l9E([\NciA
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 73 0c 87 6f d2 a8 1e 9c 38 91 e0 c2 60 61 fe 52 8a 8b 56 a8 5e 98 c3 20 2d 49 a4 c4 1c 64 d9 18 a3 05 a2 40 0b e2 02 7a ff 2f 3e c3 f4 33 18 1f ab 5a 45 77 e9 33 5c 1e cb d5 2e f3 ae b1 2c c2 c2 80 a9 66 09 7f 91 97 fe af 5d f8 3b 48 4a 7a 15 70 91 03 c7 d4 24 e2 3a b6 80 52 1c 87 c2 8d 9a 14 e4 c8 42 22 e2 b9 58 b0 38 26 f4 22 75 45 c0 09 2e 41 32 e1 a1 c2 0b ae ac e8 d2 89 13 27 80 93 32 60 0a b4 e4 4b fd 32 60 80 13 40 06 ba 6d d0 00 18 96 8d f5 10 53 b0 97 04 17 d4 ce 5e e5 68 a9 1e 97 a9 be af 5d e6 75 97 82 2a 99 a4 64 3d d2 b7 5c 4e e0 ef c1 e5 ca dd bb e7 ef 5e b9 72 e9 ee 95 f3 0c 97 aa df ab 0f b8 94 c2 02 2d cf 4a 11 98 32 ed c9 84 b9 18 13 73 17 c6 cb 5a a4 05 ae 25 ec d5 7f 0b e2 f2 ae d2 73 f9 ca 4f 82 c1 0e 1a bb fe 5f 72 18 2f e9 df d6 bf
                                                                                                                                                                                                                        Data Ascii: so8`aRV^ -Id@z/>3ZEw3\.,f];HJzp$:RB"X8&"uE.A2'2`K2`@mS^h]u*d=\N^r-J2sZ%sO_r/
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 8b e1 e8 fd a7 24 fc 14 5e 3c 1f c6 ef d6 61 f2 76 5d 9c 3f 5d bc 0b 0f 27 6f 0f 81 e2 6d 7c 78 b8 70 3f 85 87 87 e1 bb 4f eb 62 bd 9e e0 e1 c7 ef 92 c3 3f 85 74 bf a0 95 28 7b b1 bd a4 8b f4 e5 57 5f 48 96 c2 ec ec ea e5 3f 5e ea 1f 83 a6 f8 82 94 be 48 a8 a6 71 04 45 12 77 7f 4e c4 2b 3c 17 fa 90 f0 7e af fc f9 5c 9c 9b 03 c6 06 94 5b 26 07 0e fa 30 b8 06 3e ad c1 78 df 70 0d 57 ef db 06 45 53 47 e6 b0 67 69 ae 69 0e 34 ea 7a 05 2b 18 c3 c1 71 ca a1 28 2c 4b eb 9e 99 3e 2f 79 86 ed 59 0b 33 85 47 b3 99 5f 33 c3 6a e5 11 34 2c 68 d8 1b 9e fa 57 ba 5a 92 24 93 9a 77 ef 5f bc 79 f3 22 4b 70 f5 3e 4e 70 91 64 79 32 11 71 b6 5e 2c a2 ad f0 c5 d6 07 36 79 e4 fb 71 96 c1 52 64 e9 46 44 59 ec e3 7a 0b d3 af 33 ab 1a 14 c0 28 a0 7d 45 6d 8b 72 e9 f2 9f 3f ab df
                                                                                                                                                                                                                        Data Ascii: $^<av]?]'om|xp?Ob?t({W_H?^HqEwN+<~\[&0>xpWESGgii4z+q(,K>/yY3G_3j4,hWZ$w_y"Kp>Npdy2q^,6yqRdFDYz3(}Emr?
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 94 53 70 76 76 9b be 4a 05 37 b9 14 5e 3f 12 e1 7d 61 b9 bc dc c2 7f 3c 33 76 69 e4 72 32 35 76 a9 5c 8c 0f f8 40 42 de 5b 5b 4f b8 aa 32 af d9 47 9d 6d 04 20 28 97 bc c9 ca 34 7e b1 4e de 38 19 8c 4d 73 a6 07 f8 aa 5c 44 b0 76 e8 51 90 81 76 a3 6c 72 f1 a1 80 f4 d8 72 52 fe 56 df c5 2e bd 4e b4 aa 5f 7b 8f 5a 45 00 c9 72 31 9b 5c 60 d2 cf a7 61 7a ad 27 05 1b 62 90 ab 5c ba b8 32 a3 5c 0a 72 94 7c aa cf a2 8b fc ae b4 aa 3f e9 8d 00 90 6d 70 81 20 b9 18 1b 4a 40 48 2e a2 d7 a9 b0 b3 98 6d 09 04 ca 45 b8 ff 5a ef f2 eb b3 58 98 57 33 63 97 89 e5 c7 93 2d 30 d7 0e c6 a4 01 99 d7 de c4 52 83 69 6c 5e f9 9b ea 0a d4 e2 04 06 9c 05 20 3c 96 6e f5 e8 2c af 50 18 05 87 50 7b 23 be 2a 17 f4 4f 69 b3 5c 9a 27 b9 88 56 87 e2 69 c8 48 db 00 76 72 19 74 41 72 a9 8a
                                                                                                                                                                                                                        Data Ascii: SpvvJ7^?}a<3vir25v\@B[[O2Gm (4~N8Ms\DvQvlrrRV.N_{ZEr1\`az'b\2\r|?mp J@H.mEZXW3c-0Ril^ <n,PP{#*Oi\'ViHvrtAr
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC5230INData Raw: d6 d3 80 96 b7 69 6b 00 bb d7 d1 10 1a 29 15 3f f1 6f 46 5a bd 7d 78 aa f2 fc be 92 30 63 c5 3e 47 9c 6a 32 00 fb 3c 2e de c1 62 59 8b 1f bb 39 1c 24 0c b1 ba 98 05 05 2d 92 2d 2e 2f 36 c0 6f c1 cd 5f 4c e3 6f c0 7a ea e5 5c ae 6e 33 f5 6e 5a b2 1b a2 44 e3 f8 c8 7e 34 4c d6 0c 9d 24 ac 39 71 6d 79 34 ef fd 77 1f 1f 9e a2 bc 7f 7e bf ae 59 ce 45 62 81 8d 99 7a 0d 09 08 1b 47 60 c0 4d a6 3e 04 cf 2a 75 98 73 2a 5d cc 42 aa 25 b5 4b 1d 70 f9 fd 7c 21 c5 66 3a a9 29 d3 c9 4d 6e b2 b9 4e b6 46 7a 27 08 7c e2 02 3a bd 9b a5 0c ed 8b 1b b2 c4 38 b7 ea f3 3d 7a f6 ec d9 79 dc 6e fa 3b bd 26 61 f1 d5 f4 d6 de bf ec f3 aa 6d 65 4d 5b 9e 36 4c ff da 32 3b b5 83 d8 af ad 99 bf 89 33 ce 5f f6 0a 2c 6c 9e 04 40 ed 9b 27 61 35 80 be ec d6 03 f4 88 18 a2 86 57 c4 e5 f6
                                                                                                                                                                                                                        Data Ascii: ik)?oFZ}x0c>Gj2<.bY9$--./6o_Loz\n3nZD~4L$9qmy4w~YEbzG`M>*us*]B%Kp|!f:)MnNFz'|:8=zyn;&ameM[6L2;3_,l@'a5W


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        265192.168.2.749998119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC668OUTGET /im.qq.com_new/de9c920b/img/brand-text.561ce6a3.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC469INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:11 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 9809
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:05 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 257d394b-fe38-4c3b-b607-ccfcaf132305
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC9809INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 cc 00 00 00 6e 08 06 00 00 00 33 9a 45 d6 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRn3EpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        266192.168.2.749999203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-13.f040bb44.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC532INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:11 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8642
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 6ae85156-eeef-49d1-8611-1aad2c4f3f67
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC8642INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b7 00 00 00 b7 08 03 00 00 00 67 b0 3f ad 00 00 02 10 50 4c 54 45 00 00 00 dc ab 6d de ae 6f e5 b7 76 e3 b5 74 df b0 70 eb bb 78 e5 b8 77 de ac 6e f0 c4 7d e5 b5 75 e8 bb 78 eb bf 7c ef c1 7e e3 b0 72 e5 b5 75 f0 c1 7f e8 ad 78 f1 c4 80 e5 be 76 e6 b6 76 ea bb 79 f1 c4 80 ec bf 7b e8 ba 78 e4 b4 74 f1 c4 7f ee c1 7d eb bd 7b ea bc 7a ec be 7b e4 b5 75 ee c1 7d f0 c5 7f e5 b2 76 f1 c4 7f ef c3 7f e4 b2 74 e6 b6 75 db a9 6b e4 b2 73 f0 c3 7f e6 b5 76 e7 b7 76 ee c0 7c ea bc 7a e7 b7 77 f0 c4 7f e3 b3 74 e8 bb 79 e6 be 76 e3 ce 74 ec be 7c f1 c3 80 f3 c2 81 ed c0 7d ec c0 7d db aa 6d e2 b4 74 e1 b3 73 e0 b1 72 d5 a2 68 eb c0 7c df b0 71 d9 a7 6b e6 b9 77 dd ac 6e da a8 6c e3 b5 75 e7 ba 78 da a9 6b d6
                                                                                                                                                                                                                        Data Ascii: PNGIHDRg?PLTEmovtpxwn}ux|~ruxvvy{xt}{z{u}vtuksvv|zwtyvt|}}mtsrh|qkwnluxk


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        267192.168.2.750000203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-17.ca026495.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:11 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 16911
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 72fab65f7d0c74675ecd255046e83032
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 516b0121-6eb0-4f6d-8774-3e8ddfd4e342
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC15758INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 76 00 00 01 76 08 03 00 00 00 4d 80 43 57 00 00 02 f7 50 4c 54 45 00 00 00 ff 23 43 ff 01 1a ff 00 12 ff 99 a2 ff 4d 67 ff c2 35 ff c1 00 ff 56 74 ff 08 47 ff 3b 68 ff be 00 ff c9 00 ff 00 0e ff 3c 69 ff e1 00 ff 00 12 ff 3c 69 ff 00 19 ff 00 11 ff a6 a9 ff 3d 64 ff bc 00 ff de 00 ff bf 00 ff e1 00 ff df 00 ff 0c 39 ff 00 15 ff 00 17 ff 00 0c ff e0 00 ff de 00 ff 00 12 ff ca 00 ff bf 00 ff 3a 67 ff 56 65 ff 00 38 ff 58 71 ff 01 25 ff bd 00 ff 0f 40 ff 37 60 ff c4 00 ff a1 a5 ff 4e 63 ff c1 00 ff bd 00 ff 38 60 ff e0 00 ff d1 00 ff bd 00 ff b0 b2 ff 9d a1 ff d5 00 ff 67 73 ff 00 06 ff 1e 49 ff 1e 53 ff 3c 63 ff c5 00 ff 62 6e ff df 00 ff bb 00 ff 62 6e ff a3 a6 ff 9f a4 ff 8a 90 ff 8f 93 ff 91 98 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRvvMCWPLTE#CMg5VtG;h<i<i=d9:gVe8Xq%@7`Nc8`gsIS<cbnbn
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC1153INData Raw: 48 9d 01 46 a8 4f 50 ec 25 3b a1 ee 27 0a 5c 34 5c 66 2d d8 59 5e 35 50 45 fc ee 71 4e 74 91 20 1e f7 c2 9c a5 94 f3 8d 91 f8 b7 38 55 ea 8b b7 ad f5 1d ee 26 78 c0 d3 78 5c a3 e4 af 9e be f1 a5 d9 e5 29 5f 0a 72 d9 1a a1 17 6f fa 6d 31 9d e4 72 fa 68 59 3d c0 1d d5 38 78 73 0d 03 25 a5 37 ed 5c 7f 11 f9 ce 30 71 b7 0b 45 97 ae 4f 74 39 bd 73 df 98 67 e0 0e 76 2f bc 5b de 75 e3 81 b6 db 1c e4 c1 bc 5c b6 f3 a5 b4 50 3f 1d 7f 2f 26 9d ef 70 d7 7d 93 7f f3 c6 23 c7 03 5e 4a ff 7c e2 f3 44 8a 8e d4 c5 2f 91 d3 7a 31 f1 c8 38 63 9e 89 e4 28 69 dc b3 f0 80 8f 1b c1 f7 16 33 0b 45 c7 e9 2e 98 e4 fe e3 3f f8 2f 18 ff 76 8c 0c f0 9d f8 7d 58 35 cc f1 c0 57 df 5c d9 73 71 24 de cc f7 b5 e3 c4 98 97 a6 c3 fc 74 9a ec e8 d8 cf ca fa 6e e4 87 1d 8f e5 2f e4 49 f4 d7
                                                                                                                                                                                                                        Data Ascii: HFOP%;'\4\f-Y^5PEqNt 8U&xx\)_rom1rhY=8xs%7\0qEOt9sgv/[u\P?/&p}#^J|D/z18c(i3E.?/v}X5W\sq$tn/I


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        268192.168.2.750002129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069929617&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:11 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        269192.168.2.750001119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:10 UTC664OUTGET /im.qq.com_new/de9c920b/img/page-1.5a6a85fe.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC472INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:11 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 200887
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:11 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 493c00d1-9bc5-4fd8-a299-6a77c7b09d28
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC15912INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 f8 00 00 03 c7 08 03 00 00 00 82 12 07 5e 00 00 02 fa 50 4c 54 45 00 00 00 1c 1c 1c fe fe fe f0 f0 f0 f1 f1 f1 b3 d5 ed fe fe fe a9 d2 f4 fb fb fb 7a c4 fa f7 ce ad e0 e0 df f9 da c2 5b d6 f3 15 bd ff fa d0 7e ca cf d0 a9 aa af ba bb c2 83 e0 ac 8a 8c 98 f9 f9 f9 1e 1e 1e 46 47 47 8f 8c 9a f4 f4 f4 c0 bf ca ff ff ff f6 f6 f6 f4 f4 f4 f1 f1 f1 f0 ee ee ec eb eb f8 f7 f8 e8 e8 ea fa fa fb f1 f4 f8 0a 0d 14 a0 a0 a0 ce cd ce d9 d8 d9 05 05 07 b0 b0 b1 a9 a9 a8 e0 df df bf bf bf c6 c6 c6 e5 e3 e4 99 99 99 8d 8c 8c 92 92 93 b8 b8 b8 12 12 12 7e 7e 7f 00 9d ff eb ed f5 20 21 24 d3 d2 d3 85 84 85 41 40 41 39 37 3d 32 32 32 1c 1a 1a 10 14 1d ba cd e2 de e7 f2 c9 d8 eb 9e b9 d7 d1 dd ec 51 51 51 c2 d3 e6 d6
                                                                                                                                                                                                                        Data Ascii: PNGIHDR^PLTEz[~FGG~~ !$A@A97=222QQQ
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: c7 4d 9f d0 ec 1a 62 b9 d7 77 ec f1 d0 ee 68 d7 02 26 4c 7f fc e7 ce ce ce 86 3d 18 b4 fc 84 2f 45 7f d7 1e 64 09 5b 42 41 fb c8 45 9a 7c 77 f7 eb 9f 5e 4a 93 0f fa b2 a1 08 dc bb 7e 7d 75 6b 72 72 cb f8 fe 7b ef bc 63 a0 18 ae 81 61 af e1 c3 7a 50 8e 8e 9a fa 98 cb d6 1b ef 32 4d d2 13 dc 12 0f e1 03 c5 ca 0d 71 88 dc a3 f9 d6 a3 27 c4 f2 e5 8c 22 b9 37 7c d9 83 7c c7 ef e5 f3 64 f8 04 e7 b2 c3 b8 c2 de 89 39 cb 28 dc d8 31 d4 89 91 3d 34 e4 e7 ec 54 10 10 d3 63 81 1c 90 37 1d b9 18 e3 03 f7 f2 90 96 aa ce 1a 8d 46 5d d2 a8 a9 07 3b d6 c6 aa 4a 4a d2 e0 1b 95 a4 90 89 c0 17 f0 1b 9b 9b 9a ac 7e bf c5 6a 36 5a 81 49 2f c3 1e 14 5e f7 01 7c d2 68 32 d9 8e 29 2c 2a a0 4f a7 ad 04 f7 9e 21 ee 55 81 7c e5 4b 4a 9d 2f 60 5b e6 86 2f f9 d6 04 c8 47 4b cf 28 9e
                                                                                                                                                                                                                        Data Ascii: Mbwh&L=/Ed[BAE|w^J~}ukrr{cazP2Mq'"7||d9(1=4Tc7F];JJ~j6ZI/^|h2),*O!U|KJ/`[/GK(
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 5b be 91 03 08 a3 4c 30 89 79 fa 77 d7 7f 97 e3 1b eb 9f 2c fe 5b a9 ed 72 ea fc f2 ad 5e a9 15 40 cf 62 0f ad 35 7d e2 fa c4 ef 91 6c 9f 1b c3 3c fe 31 cb 3a 35 c9 a7 f7 ea 8e 9a 88 d4 ed f8 a0 6f 4e e0 f8 90 93 ca 66 e0 03 f5 c8 f3 4d 19 c3 77 70 f0 f9 e0 16 0d 3e a8 62 d9 47 b2 2d 80 d2 e7 07 e1 f6 eb be 09 ea e6 c1 3e 1c 88 7b be e7 43 9e 87 a6 80 f7 0a 05 3f e0 1e 79 3b 72 82 3e b6 e8 22 5a e1 19 bf e7 03 7b f0 7b 85 66 a1 d9 2c d0 e3 6d 77 10 cc c5 ec 1e 6a 9b b8 b7 b7 d7 ed 22 4d 41 dd 04 77 41 3e b3 6b 18 01 0e c6 9e ac e1 5b 03 f8 5a 2d cb bd 2a 10 c7 e0 83 e1 23 ee f5 0c f7 70 d5 92 0f 73 7c c6 f2 31 f6 ba 7c 4d b0 47 aa a0 52 c3 47 7f fa bc d4 bd 42 3a ed f6 c2 e1 5d 79 43 99 3d f5 d1 da c7 4c 72 a0 69 7f c3 3f 3a d4 fd 3f 39 be 09 fc 73 d1 ff
                                                                                                                                                                                                                        Data Ascii: [L0yw,[r^@b5}l<1:5oNfMwp>bG->{C?y;r>"Z{{f,mwj"MAwA>k[Z-*#ps|1|MGRGB:]yC=Lri?:?9s
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 16 3c 27 7d 7f fd 0f 88 7d df 9a 7b 00 f0 bd 5a 8e 6f fb 03 37 f0 58 d3 f1 55 f7 f1 89 b8 f9 d4 85 2c 10 b0 9b 0b cd 86 94 be da 73 7c db 77 7c d4 cf b7 5b 8e 4f 90 4c 4d 51 02 4b 71 65 18 76 3f a7 ba 22 f9 2b 0e 3e dd c3 3e 02 86 ac 6b b1 a6 73 31 11 10 28 7a 26 29 84 5d 09 f2 46 8e c0 e7 e1 52 b1 ac 45 7a 1c ea 76 1e 01 61 a8 1b a6 0c e5 08 7c 45 53 f5 24 fd 45 f0 59 b1 54 b6 7c 3b aa 73 54 01 7e ca d2 75 cb b0 69 52 b0 7c d1 30 8c 20 46 03 9e 19 b1 e7 6b 4e d1 03 4a 14 d7 50 75 8a b9 b5 80 10 ae f8 46 18 46 86 67 5a e4 41 15 c7 77 99 41 f6 4d f4 44 31 10 04 cd 20 f0 29 41 e8 70 01 95 b1 16 86 76 91 1a 83 85 65 cf b0 8c c8 50 73 b8 96 8f cf 70 4d 58 cc 20 64 fc 5a 79 4f 93 43 fa ea aa 6b d8 91 29 db 16 ef 11 50 4c 35 28 c3 26 e2 33 02 c9 8a 2d 45 f3 5c
                                                                                                                                                                                                                        Data Ascii: <'}}{Zo7XU,s|w|[OLMQKqev?"+>>ks1(z&)]FREzva|ES$EYT|;sT~uiR|0 FkNJPuFFgZAwAMD1 )ApvePspMX dZyOCk)PL5(&3-E\
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 70 84 f0 3b 3c b9 c1 11 d6 d9 92 1b 5d f0 ed d5 7f 27 d4 55 99 d8 9e 61 2b ef 5a 1a 1b 92 b3 9d 92 ca fe 8c 24 56 2c 64 ab 80 cb ed 6b 8a c2 ef 56 2d 57 45 26 db b2 e7 e5 9f e0 84 b6 8a 38 f3 20 e5 77 a3 b0 fd 45 b7 7d b8 54 71 d7 a5 8a 07 2d af 9e 2f 85 0e 89 ea 59 77 a8 0a 07 2e 74 2e a8 6c 1f 15 7f 37 4f 43 f9 23 f0 55 a0 f1 f1 91 6a 15 55 2d 84 37 e2 de 32 15 b7 2c 4f 65 d8 23 26 92 26 00 bb 06 a9 d9 43 d8 e3 a2 4e 55 f8 2d ed b4 f7 29 4c 1d 71 ef 91 67 1e 41 6b 52 cc 5e 43 f9 f2 33 0f 3c 02 e3 07 ee 51 4a 97 63 ef 1e 70 6f b8 89 ab ac 60 8c 8f 9b 37 0a 5d 9f 7f 62 6d 78 11 5f 57 e3 ad fd 16 e9 26 78 7c 0b bd 94 06 bb b3 f3 cb 2f 51 83 fc 47 0f 06 1f a1 af 70 64 e8 db eb f8 fe 96 d5 86 ba c9 8d bd fa 8f 38 3e d1 8b 4d 5f f4 45 2d 56 89 56 78 53 a4 e2
                                                                                                                                                                                                                        Data Ascii: p;<]'Ua+Z$V,dkV-WE&8 wE}Tq-/Yw.t.l7OC#UjU-72,Oe#&&CNU-)LqgAkR^C3<QJcpo`7]bmx_W&x|/QGpd8>M_E-VVxS
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC16384INData Raw: 11 9e 80 00 64 b6 95 ec 30 59 54 44 91 52 b8 67 b9 65 a4 53 61 0e 63 2d 84 32 42 d4 0b fc e6 23 74 7c 41 1c 37 b4 7b 38 cb 1d 75 7c 38 cb 8d 94 d6 f5 8b 0d c1 76 34 f3 46 52 cf 23 fc 5c 9b 98 e5 5e 5b c0 37 28 1e a9 af e6 63 2b 8a bf 49 1c 8e 39 3e 14 dd bc d8 5f ec 7e fc 78 bd ff 7e 79 d9 b0 ed d7 cb 4b c0 5e b3 bd b1 4d f1 1e a3 c8 4a 6c e0 a8 14 94 52 61 09 61 4a 90 42 59 6b 12 42 25 05 95 82 38 59 46 25 e1 46 13 26 a5 da 48 50 c9 0b 21 44 5e 42 97 10 5d aa ba 50 65 b1 80 6f 3e a2 08 bd d0 f1 05 21 5d d7 23 fc 26 1d 1f 2a 8c ea 9e 9e 9f c5 d1 72 64 aa db 81 0d 5b bf f5 ac eb 8e 16 c7 37 22 bf da 06 5a be 20 05 29 f2 2d 7a 25 6e fb d0 f2 ad e3 dc ad eb 32 b7 ca 3c 78 f7 f2 f2 31 e8 ed c7 67 ce f0 dd c7 3b a4 cd 89 35 07 f0 31 c6 4a 4b b2 5c 96 7d 9e 29
                                                                                                                                                                                                                        Data Ascii: d0YTDRgeSac-2B#t|A7{8u|8v4FR#\^[7(c+I9>_~x~yK^MJlRaaJBYkB%8YF%F&HP!D^B]Peo>!]#&*rd[7"Z )-z%n2<x1g;51JK\})
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: 73 ce 5b a2 b8 e2 37 85 9f 58 f9 32 51 0c da 42 a7 20 5e 67 0a 08 7f 8c 18 5e b8 e2 8f 3c 58 30 c5 a1 b2 fe d5 e8 6f e0 2c ab 3c e0 47 84 42 bf 13 82 ef 89 52 68 e3 d5 9b 23 b3 55 9b 9f 7a ee 60 c3 b5 2c 35 35 3c fb b5 17 9f 7f b6 72 60 4e 17 84 1d 35 db 2b 9a 9b 9b f7 f4 df bc 89 64 ee 48 eb d8 d8 14 b6 73 73 3b 9f de 71 e4 c8 99 66 51 dc 71 ed e0 17 3e 5f 7b ad 79 3c 39 3e 3e 18 e8 ca 52 67 2a b9 94 5a ca af f1 e0 91 11 dd cb bc 91 3e 99 5c 5a a8 0b d4 3a 36 3a d6 fb f9 b6 02 e0 cb 5a 48 28 ab 40 55 4e 7c 9b f3 c8 1d d1 92 eb f8 b2 0c c1 7d 8e 6f b5 f0 a3 9f fc ef 80 8f 72 ef 83 7f f8 a0 c0 04 62 cb 01 be 4d b2 1b df 55 66 55 eb 4c 74 d3 36 53 34 37 6e 8b 60 3a 4f 42 64 a9 ef a8 2e 95 c8 c6 10 19 a5 7c c3 f1 5d a5 65 c7 8f 6f d8 c7 23 b4 3a bc 2f 22 ad
                                                                                                                                                                                                                        Data Ascii: s[7X2QB ^g^<X0o,<GBRh#Uz`,55<r`N5+dHss;qfQq>_{y<9>>Rg*Z>\Z:6:ZH(@UN|}orbMUfULt6S47n`:OBd.|]eo#:/"
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: bf b9 ae 2e 37 8a b9 73 75 a1 7a 1f ef e3 4b 06 09 19 49 42 96 d0 0d 86 07 aa 75 93 8a e7 75 c1 3d 86 bd dc ac 6e 31 3a 7c a5 8f 25 56 39 a6 91 ac 02 f0 95 27 a8 fa 18 f8 92 09 b5 03 3e 7b a2 da 0f 55 b1 d7 a4 ff b6 b4 e3 16 59 cb 63 5e 36 ad 91 a1 1e 4e bb 0c 1f 76 61 f9 8e 05 5f 21 70 25 4e 3f 03 60 08 09 1a 03 17 78 0b 49 ed 4c 85 d0 bc a0 a8 f1 19 6c 1c 7c 92 56 2c 45 51 45 32 54 1d c0 c0 6d 7d 45 f1 55 55 e6 93 29 0c a2 44 7c 0a 56 9d 78 ec d6 61 11 1c 33 18 f8 a2 22 7d 22 b6 ec 74 99 1e 89 18 ac 34 41 97 22 3f a8 87 7e 58 0b f1 b6 e8 f1 88 48 e0 40 14 ca 49 21 ad 73 2c 62 d4 00 8d 61 75 e4 b0 0f 65 39 0e d1 2b 51 02 9c 39 4e 5d a6 b5 57 12 5d f2 0c c3 24 06 95 ad aa 56 14 f9 49 14 e1 e6 f8 58 9a 2c 7b 01 fe 81 35 7c 58 3f 49 42 97 24 60 f3 bf 16 ec
                                                                                                                                                                                                                        Data Ascii: .7suzKIBuu=n1:|%V9'>{UYc^6Nva_!p%N?`xILl|V,EQE2Tm}EUU)D|Vxa3"}"t4A"?~XH@I!s,baue9+Q9N]W]$VIX,{5|X?IB$`
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: eb 60 3b da f1 bd f7 e3 ec d3 81 de fb 71 f4 de 57 01 f9 0c 43 d7 f5 9a a5 83 8c 1c 4a 37 d4 ae a1 d5 8d 6e bb 32 97 bb 0c 3e cd 6e d5 1d d5 c6 08 6b d6 45 84 b2 0d bc d3 a0 06 63 1a 7f 59 44 be 32 96 26 d4 55 75 6e 6e ae 64 cf 99 73 73 76 5c ae 36 d5 76 b5 5a ad d4 ca 2e f8 50 a6 88 e5 81 4f e9 35 d4 7e b5 d0 49 c5 eb 77 09 3e 62 f9 e8 23 d7 c2 29 8f 9b ac f1 81 82 df 31 1c 9f b1 f3 de ec ec f8 fc e9 13 ac f1 f9 e1 fe c9 c9 d9 db df 0c 1e 3f 3e 7c 7a 1f c0 97 42 9e c4 4e 3f 81 2c d5 34 4d 15 c0 a7 cf 95 f4 ae d9 4a 16 5b 56 17 61 09 f5 9a d9 11 3d 44 76 d5 2c 8a 35 1c 57 96 8e 14 53 75 3c 99 8e 82 b8 ee a3 84 8b 5e 6f 22 f2 e8 63 25 53 64 89 cf 45 5f 20 82 3d 62 f8 28 cb 47 ed dc 98 be 25 15 63 8d ef a9 79 38 5f 68 19 04 dc 83 17 08 d0 b7 b6 b2 06 23 50
                                                                                                                                                                                                                        Data Ascii: `;qWCJ7n2>nkEcYD2&Uunndssv\6vZ.PO5~Iw>b#)1?>|zBN?,4MJ[Va=Dv,5WSu<^o"c%SdE_ =b(G%cy8_h#P
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: 93 54 46 96 42 0d fd db 5f 44 bc 35 31 53 b0 94 09 6c 27 f0 99 dc 33 f7 96 b2 ba a1 cd 9d db 4d 67 8d d3 1a fd 75 75 7d b5 41 ad 39 3e e7 61 7c a1 2d 1d 1f 3f 94 8f 03 9f 37 b3 c7 6b c7 66 f2 bd ee ef 4f d3 c3 3c 80 ef c5 e1 ae be ae ee 3e 8c db ec 3a 32 fa 0a dc 4b f7 43 cf 53 c4 3d 5c ec 05 7c 45 a3 4a 5a 9c d7 04 68 81 c0 a7 eb b9 aa 01 69 b2 92 cb 29 0b b9 86 c0 82 19 50 58 a0 fc 79 e0 b1 12 20 15 6a 99 8c 05 3b f8 3f a6 7a 01 ef 53 be a3 5e 5b 5b ab b5 17 7c c4 3c cf cb 4a f2 8e cf 3e 6b 82 a0 ef f8 7c b5 41 b6 e3 73 57 23 fa b8 ca 54 dc d4 0d ce f0 39 56 67 41 eb b5 20 1f 76 87 e4 06 91 af a3 27 3b 97 3e 01 4d 63 b2 5a df dc a7 ec dc bd 67 cf 3f 65 7b a6 f7 83 7b cf e7 5e 7f da 6b fa 3d ec 1e ba ba f9 62 89 60 36 3f af a9 a4 05 7d f9 68 59 57 4b 48
                                                                                                                                                                                                                        Data Ascii: TFB_D51Sl'3Mguu}A9>a|-?7kfO<>:2KCS=\|EJZhi)PXy j;?zS^[[|<J>k|AsW#T9VgA v';>McZg?e{{^k=b`6?}hYWKH


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        270192.168.2.750006119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC664OUTGET /im.qq.com_new/de9c920b/img/page-2.5d02382f.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC470INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:12 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 73028
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:11 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 7ee5a693-a7a0-4046-859a-705c1cde7a42
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC15914INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 97 00 00 04 d5 08 03 00 00 00 c1 f2 0f fe 00 00 02 f4 50 4c 54 45 00 00 00 10 10 10 0a 0a 0a 07 07 07 df df e0 ec ec ec e3 e6 ec f0 f3 fa c8 cc d3 ee f1 fa 9e a2 a9 ea ed f6 ec f3 fe cc cc d0 ed ef f6 e7 e7 eb eb eb ef ec f2 fe e8 f0 fb ff ff ff ee f4 ff f2 f2 f7 f4 f4 f8 f3 f7 fe fa fa fa f2 f2 f2 1b 1c 1e ee ee f6 f8 fa fe ee ee ef e5 e4 e5 d9 d8 d9 e9 e9 ea ff 36 18 99 99 9c 30 30 33 dd dc dd e1 e0 e2 c7 c7 c9 d4 d4 d6 23 24 26 bf bf c1 94 94 98 9c 9c a0 36 36 39 cc cc ce ac ac af 2a 2a 2d a9 a9 ab eb eb f4 9f 9f a3 b3 b4 b6 cf cf d1 b0 b0 b3 a5 a5 a8 ba bb be 3d 3d 40 c3 c3 c5 91 91 95 e7 c4 c1 b7 b7 ba e3 ba b9 e4 e5 f0 ff dd bb ff c5 c3 eb cc c7 55 55 58 6a 6c 6e ff d4 b6 46 47 4a 4e 4e 51 8f
                                                                                                                                                                                                                        Data Ascii: PNGIHDRPLTE6003#$&669**-==@UUXjlnFGJNNQ
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: a5 e0 42 c3 bb 78 4b 52 2f 38 63 12 40 34 0a c4 4b 31 ec 0b 85 c7 ed 66 9e 56 cf ad 5f 16 5b d1 e0 11 08 49 fe 81 f3 b0 f1 f2 dd 46 15 b9 79 b3 6a b2 b3 83 c3 c2 f6 62 07 69 97 2b 35 b2 1d c7 b9 dc aa d7 eb 0b 0b 0b a5 33 c6 cb 80 cf 60 26 cb aa 63 c6 99 4c b2 b0 93 10 74 cb 64 8a 6a e8 e5 c4 58 46 8b 8d 05 e4 a0 8f 76 e6 42 40 f9 79 22 f5 84 92 b0 fc 97 d4 bc 0c 88 9c 54 39 2e c2 0a 2a 21 92 57 f0 22 ed 70 45 1c d2 33 e1 25 2d 85 bd 40 70 f8 42 34 d0 3c 0d 62 80 36 bc 74 92 46 99 5e 7b 32 3f e5 b9 e0 9e 24 a3 f9 1a d2 72 7d 40 65 d6 21 e2 e5 da cf 3f e3 9a b2 7a f3 25 a2 26 ae 2f 3f ff bc 7e 7b 7f 9b 80 62 ee b5 51 4f 72 77 dd d0 12 69 be 07 27 10 4b 13 54 c5 98 b2 0c 58 50 33 11 a5 c0 c1 21 85 14 10 42 82 04 08 4f bc cc aa 5a 52 49 16 61 4e f3 fb d3 49
                                                                                                                                                                                                                        Data Ascii: BxKR/8c@4K1fV_[IFyjbi+53`&cLtdjXFvB@y"T9.*!W"pE3%-@pB4<b6tF^{2?$r}@e!?z%&/?~{bQOrwi'KTXP3!BOZRIaNI
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: db 61 e9 e5 ea de 3a a0 96 9c 54 bd 3c a1 2d 16 df 1b 31 df 83 7d 6c de 03 30 ee 5f 92 97 49 11 fb 45 11 6b 2f 53 cf 23 2f d9 22 25 2f e9 89 99 e0 be 88 18 80 9b bb 00 b6 7f e9 78 45 52 28 20 50 d6 b1 aa 88 30 c9 2b 0e 10 16 7e 5c 24 b1 4b 5e 82 db 23 0c 58 2f ed ff 80 33 55 46 f3 2c 4a 0b 04 51 1b e2 85 79 69 c0 10 14 28 7c 17 06 ba 96 82 69 35 73 88 52 01 78 4d 93 19 2f f3 d4 78 6e 19 7b 79 6c 1b 88 c9 cb 1b 27 c8 6d b4 b4 c7 c1 e6 7b ac ec d7 13 f2 37 5e b1 ee 3f f5 2d 8d 96 17 bf ff 78 f1 95 3a 3f 3d a7 83 42 e5 bd f5 d5 d5 d5 e5 66 b9 3a 95 eb f5 e7 9f 87 77 bf b9 a9 15 1f 79 99 33 02 ad 97 8c b9 fe 2c 64 0c b6 79 0f 99 e7 7b 50 56 a0 15 f4 d2 c8 d3 44 36 1f 67 01 62 36 2f 8c da 98 d5 5e 1c a6 61 98 a6 59 3d 2f 04 30 a7 0e 1d 91 18 2f 81 84 d2 8c bd
                                                                                                                                                                                                                        Data Ascii: a:T<-1}l0_IEk/S#/"%/xER( P0+~\$K^#X/3UF,JQyi(|i5sRxM/xn{yl'm{7^?-x:?=Bf:wy3,dy{PVD6gb6/^aY=/0/
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: 26 af 27 bf 90 c2 6e c7 97 99 7f d9 3b 9b db 86 61 18 0a 0b 01 3c 81 0d e4 92 21 7a eb 08 9e a2 f5 4d b3 79 cc da 2d 8b be 8a a6 1c 03 22 10 81 ef 13 e2 24 a7 e4 40 50 e2 8f 1e 07 33 ec 01 5f e6 13 f7 e8 01 e4 55 c5 0d da 65 24 c4 5f 9a 01 39 9a a4 5b 97 9b d8 66 a1 09 8b dc e8 2f 63 71 e0 2f 93 a9 cd 2a 6f ed c2 71 79 18 f1 78 e2 f9 32 2c 27 ba 06 fb c3 4d 5d 5d 0b 67 a1 da 06 fd 65 64 40 67 d0 2a 45 ca 02 fb 71 88 ca b5 cb 4c 8c c7 03 03 fe d2 0e 7b 1c 13 97 ba 2b 98 79 75 52 99 5b 9a ca 12 b9 bc 1c 94 ac cb a5 b8 71 1f 8f c6 60 f5 b7 41 92 c8 4d 5c 1d a3 7c a9 79 b2 3e 4e 24 1e df 56 4d 5f 1d 6c d3 2b ad 5e aa ab 4b ce 88 75 c8 b8 80 bf d4 89 22 df 9e 60 3c c0 ca 8f 19 ba ac 3c 5f 86 c3 e8 57 47 61 03 59 0e f3 28 b4 0e 0c cc 87 64 ff 65 64 86 ea 05 dd
                                                                                                                                                                                                                        Data Ascii: &'n;a<!zMy-"$@P3_Ue$_9[f/cq/*oqyx2,'M]]ged@g*EqL{+yuR[q`AM\|y>N$VM_l+^Ku"`<<_WGaY(ded
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC7962INData Raw: ac 69 cd 5e 34 ba f1 17 fa a3 47 44 c1 6f bd 24 38 60 53 8d a3 9e b0 c2 bb 6e 28 8a d6 cd dd c8 b3 f9 e7 78 bc db 99 97 0c 3f d1 1f af af 36 2b ce e4 9c 85 f9 e2 63 15 a7 46 ca e5 03 65 d9 3a 5b 7f 5b 12 6d 7e 3c 14 50 eb 25 9c c2 65 08 13 29 ec 4b d7 88 5a 7a 68 18 76 68 12 4d 84 fe c8 4b 5d 74 e7 f3 28 19 0f 1d d1 02 f5 55 e8 e5 11 eb e3 f8 94 ee dd 46 ae 69 f8 5f 0d 53 a3 1b 91 88 bb af 2d 19 d9 b4 3e 8f 25 29 88 1e 2f 1d f0 df 69 3f 10 0a 6b f0 04 84 86 e7 89 30 84 ea 5c e6 e8 eb 0b b7 95 f3 d2 ec dd ad 68 18 4d 74 02 52 ca 3f 04 a7 24 df 08 43 7c 60 7e 77 1c f3 c8 4b 2e ca a9 8d 4b 39 12 6f 60 be dc ee 5e 57 d6 4b 4a 37 94 2d d3 34 cd 0a 5e 66 9b 02 0a bd 04 5f 43 91 4d c4 da 97 ab 59 d7 1f 84 a6 69 7a 26 39 dd 0b 8a 9c a8 d0 4b dd bc bd 31 e3 f6 e2
                                                                                                                                                                                                                        Data Ascii: i^4GDo$8`Sn(x?6+cFe:[[m~<P%e)KZzhvhMK]t(UFi_S->%)/i?k0\hMtR?$C|`~wK.K9o`^WKJ7-4^f_CMYiz&9K1


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        271192.168.2.750003203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-18.49af16e6.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:11 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 12985
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:10 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: ff49db07-6fbd-4896-8145-9686bf9dcb28
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC12985INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 18 00 00 01 18 08 03 00 00 00 b0 50 19 be 00 00 02 fa 50 4c 54 45 00 00 00 ff 80 00 ff 78 00 ff a8 00 ff ab 00 ff a8 00 ff a8 00 ff 73 00 ff aa 00 ff a8 00 ff a6 00 ff a5 00 ff ab 00 ff a9 00 ff a7 00 ff ac 00 ff a5 00 ff 9e 00 ff ac 00 ff 9f 00 ff a7 00 ff a0 00 ff ac 00 ff a1 00 ff a5 00 ff 9e 00 ff aa 00 ff a3 00 ff a8 00 ff a1 00 ff 94 00 ff 8a 00 ff 98 00 ff a6 00 ff 86 00 ff 8e 00 ff 9a 00 ff 96 00 ff 8c 00 ff 9e 00 ff 91 00 ff a0 00 ff 84 00 ff a4 00 ff a2 00 ff ce 5e ff a9 00 ff 80 00 ff ce 61 ff 82 00 ff d3 43 ff ac 00 ff 7c 00 ff d4 40 ff 9c 00 ff d3 47 ff 78 00 ff d3 45 ff d1 48 ff 7a 00 ff cf 5a ff cf 48 9e 47 00 ff cf 5d 9b 45 00 9a 44 00 ff cd 58 ff cc 55 ff 75 00 ff cf 57 e7 3f 0e ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRPPLTExs^aC|@GxEHzZHG]EDXUuW?


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        272192.168.2.750004203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-22.77473c1b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:12 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 11002
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:11 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: fae8ce40-451b-42ba-a531-c8119d5abf0f
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC11002INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 6c 00 00 00 6c 08 06 00 00 00 8f 66 57 cd 00 00 00 09 70 48 59 73 00 00 0b 13 00 00 0b 13 01 00 9a 9c 18 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRllfWpHYseiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        273192.168.2.750005203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC390OUTGET /im.qq.com_new/de9c920b/img/ornament-8.18097ed7.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC572INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:12 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8670
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:11 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: eb91b6f2-2fc2-4d3d-b8d0-c9237afd4248
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC8670INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 f3 00 00 00 f3 08 03 00 00 00 64 28 d0 0d 00 00 02 eb 50 4c 54 45 00 00 00 ff da 00 ff c6 00 ff a5 00 ff a9 00 ff a9 00 ff cc 00 ff be 00 ff ad 00 ff a9 00 ff a7 00 ff ac 00 ff a9 00 ff ca 00 ff ab 00 ff b2 00 ff cf 00 ff ba 00 ff a4 00 ff a5 00 ff c7 00 ff c9 00 ff a6 00 ff ce 00 ff ab 00 ff a8 00 ff ac 00 ff bf 00 ff b4 00 ff a7 00 ff c4 00 ff af 00 ff ce 00 ff c9 00 ff c3 00 ff ce 00 ff bc 00 ff b0 00 ff cc 00 ff bc 00 ff cd 00 ff a9 00 ff a2 00 ff b1 00 ff cd 00 ff c8 00 ff c0 00 ff be 00 ff a5 00 ff a8 00 ff c0 00 ff bc 00 ff b6 00 ff ab 00 ff c8 00 ff be 00 ff af 00 ff b9 00 ff ad 00 ff b1 00 ff ab 00 ff b3 00 ff ce 00 ff ad 00 ff ac 00 ff b4 00 ff b6 00 ff b4 00 ff ab 00 ff c5 00 ff ab 00 ff
                                                                                                                                                                                                                        Data Ascii: PNGIHDRd(PLTE


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        274192.168.2.750008203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-14.6ebef64d.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC533INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:12 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 15463
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:12 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 56963ec7-eeae-43f3-ad9c-66c775e529ff
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC15463INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 4a 00 00 01 4a 08 03 00 00 00 4c f7 e6 37 00 00 02 f4 50 4c 54 45 00 00 00 6a aa 00 2c 89 00 30 86 00 89 c9 00 8c cc 00 90 ce 00 30 84 00 31 86 00 31 86 00 94 d1 00 2f 85 00 31 85 00 31 85 00 95 d1 00 37 8b 00 9b d6 00 8e cc 00 71 b9 00 30 86 00 86 c8 00 9d d6 00 33 87 00 8f cc 00 73 ba 00 98 d4 00 33 85 00 2f 86 00 6e b7 00 94 d1 00 31 85 00 91 cf 00 31 82 00 6d b8 00 7d c1 00 6d b6 00 80 c3 00 31 85 00 ff fe ce ff d7 45 31 85 00 5e 71 24 a0 d9 00 ff d7 47 a7 dd 00 a5 dc 00 96 d3 00 93 d1 00 a2 db 00 98 d5 00 9d d8 00 90 d1 00 9a d6 00 ff d6 47 8e cf 00 8c cd 00 ff d0 45 9b d7 00 ff fc cb e4 d2 42 c3 cd 3e ea d3 43 ff d4 46 ff cd 45 db d1 41 ff d2 45 ff cb 44 ff d4 45 f2 d4 43 93 d3 00 ff c8 44 89
                                                                                                                                                                                                                        Data Ascii: PNGIHDRJJL7PLTEj,0011/117q03s3/n11m}m1E1^q$GGEB>CFEAEDECD


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        275192.168.2.750009119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:11 UTC664OUTGET /im.qq.com_new/de9c920b/img/page-3.88e518ac.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://qq-web.cdn-go.cn/im.qq.com_new/de9c920b/css/pc.de353407.css
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC471INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:12 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 199208
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:12 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: d664e00b-8bfc-4358-8366-e2bc2dc8e5ef
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC15913INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 06 22 00 00 04 d3 08 03 00 00 00 cf ad df 1c 00 00 02 fd 50 4c 54 45 00 00 00 10 11 14 0b 12 18 06 17 29 f4 f4 f4 fa fa fa f8 f8 f8 fb fb fb fe fe fe fd fd fd db dc dd ea ea eb c2 c5 c7 d2 d3 d5 ca cc ce e3 e4 e4 ff ff ff ff ff ff ff ff ff e7 ed f8 ff ff ff d2 c9 d8 ff ff ff ff ff ff f2 f2 f2 a8 d3 f2 b7 d9 f3 cb e2 f2 b4 d7 e7 f3 f3 f3 c9 ca cb e1 e1 e2 db d5 d9 ec f2 fe f5 f5 f5 ff ff ff ed f3 ff e8 ef fe f5 f5 fe fa f5 f9 00 9c ff e6 f0 ff e3 ec f9 e0 ee fe de e9 f9 e5 eb ff c1 d6 fa a9 d8 f7 c8 cf f7 dd eb fd d0 cf f1 d8 e9 fa e3 cc df d1 e6 f9 d9 cf e9 d5 cb ef ea df fc d3 e9 fa b1 e2 f9 e8 e7 fe ca d4 f5 f9 c7 c8 f1 d5 fb a8 d5 f6 f4 c8 c9 b2 d8 fb be d4 fc d1 ca f3 b5 da fd e5 e3 fe f6 c4 cd df
                                                                                                                                                                                                                        Data Ascii: PNGIHDR"PLTE)
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: c4 57 fb aa ad 2b 10 31 0c 34 88 05 16 42 21 e0 1f 2e fd 52 44 9f 3d 50 a6 7f 40 28 50 06 c2 cf 70 13 8e 94 93 f7 02 1f 11 1c 2e 82 5b 11 5e 62 89 03 fc 0c 76 c3 3d 4c 17 01 b0 13 f1 0e da a8 68 1d 5b dc c4 14 88 64 80 40 a4 c3 2b f0 1b 11 45 40 d7 a6 d4 65 1c 80 da 04 c9 c0 44 28 5c c2 bc 6b e2 d0 2b 52 00 69 12 95 18 56 db 45 84 de a8 84 14 81 c6 f9 1c 40 00 6d bb 4c 58 18 28 1d e8 c4 7e 52 0d 0b 43 1e 12 9b 83 4c 0e 3e ba 01 f7 2e 82 1e ff 40 29 0c cb 30 d4 e2 ce a3 4c 64 2b 82 43 8c 22 b8 96 ab 00 68 86 c0 01 26 51 95 82 3c 60 1d f2 9e 29 c0 3f ac 2c 04 28 17 41 63 96 8b 60 8d f3 ad 13 f5 6d 26 6a bb 5d 1d 62 21 98 47 6c 3e f5 5a 27 9a 16 2e e2 27 1a 58 0f 56 2b 89 78 d3 0f 34 b1 05 25 15 16 04 ef 85 e4 a8 83 89 0c 84 7e 13 85 69 c8 73 a3 e6 0b 94 66
                                                                                                                                                                                                                        Data Ascii: W+14B!.RD=P@(Pp.[^bv=Lh[d@+E@eD(\k+RiVE@mLX(~RCL>.@)0Ld+C"h&Q<`)?,(Ac`m&j]b!Gl>Z'.'XV+x4%~isf
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: 06 ba 90 c0 69 e9 9b 6a f8 35 43 78 4a 8d 8a 50 3d ec 08 34 2a ec 2c b1 41 71 41 ff 7f bf 58 42 f1 7b 2f fe 18 87 1d 04 8b 0b 15 69 c4 10 77 fd cf 10 ff 53 c4 4f ec 9d cd ee 4d 41 10 c4 e3 55 24 22 ae 95 37 b0 b1 f6 0c 12 ab 1b b9 6f 60 63 6d 7b 13 1f 1b 61 27 91 88 08 21 c1 d6 63 a9 fe cd 94 1e ed b8 39 3e 0e 7f 4c f5 4c 75 cf f8 5c a9 d4 f4 cc 31 f1 57 00 8d c0 3e 5c d6 74 68 d5 33 b4 2b fd 6a b1 0d 85 b7 30 10 1a 94 8c ea 22 ca b7 5e d3 45 30 d2 45 8c fa b0 42 22 ca b7 c0 cb 4b 85 5f 2d 14 e3 37 02 21 56 84 b5 aa dc 68 2a f7 97 58 67 36 aa 8b 38 e5 1e b2 cc 0e b5 07 51 54 e2 10 53 ee 41 02 21 8e b6 43 6c b3 50 59 f5 00 ee 85 17 36 0a ae 98 48 83 25 c0 47 4c 1d 21 07 da 76 eb 41 55 ab 3b ee 36 0f f1 f1 db 93 94 a3 cf 7f 52 23 ce 4f 4c 9c 65 dc 44 04 1c
                                                                                                                                                                                                                        Data Ascii: ij5CxJP=4*,AqAXB{/iwSOMAU$"7o`cm{a'!c9>LLu\1W>\th3+j0"^E0EB"K_-7!Vh*Xg68QTSA!ClPY6H%GL!vAU;6R#OLeD
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: 90 92 00 f0 0b 89 29 57 63 82 a5 88 b1 9c e6 1b 4d 53 d8 7f 82 4b 30 2b a0 48 53 0e bd c6 30 22 38 f4 9a e0 2f 72 44 30 b0 46 5d 72 11 09 de 8f 2e c2 a8 55 4c dc a1 6a e6 2e 22 1d e0 22 6e 5d 81 8d a8 2f 2d 2c c2 42 18 46 2c 6f ec ec 6c 6f b4 7f 74 6f 34 49 fb b7 40 04 f1 11 88 16 21 78 9a 49 58 e1 f2 0f e5 9d a6 81 b5 6a 03 07 1d d2 28 4e b6 ec 5a 04 ba 36 fb f3 fb b2 cb b5 c9 c4 c9 ed 22 84 07 da 65 48 17 17 21 b5 06 99 e8 22 f4 fc 12 23 af a5 50 2d c7 9d 78 2b 7b 41 09 e1 83 90 40 57 c8 00 35 11 ba 4a 16 90 0d 4f c9 05 86 7a 06 69 ca 09 61 02 a3 74 95 5c 5a 04 19 58 8b a8 56 aa 6e e1 85 a1 88 b8 6e e5 f0 af d9 ad ad ad b5 b5 b5 cd a5 e5 e5 8d b3 6b 6b fb 7b fb 17 d7 bb 9e de 69 3e c2 db a8 2d d4 89 88 a0 4d 44 a8 1a dc 68 6a 78 13 7e 60 36 9a 02 94 a0
                                                                                                                                                                                                                        Data Ascii: )WcMSK0+HS0"8/rD0F]r.ULj.""n]/-,BF,oloto4I@!xIXj(NZ6"eH!"#P-x+{A@W5JOziat\ZXVnnkk{i>-MDhjx~`6
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: 5d 04 43 ad 12 b5 ea 76 34 22 d5 22 32 27 dc 41 44 a6 44 2e 5c 93 30 ad a1 00 e1 34 f0 40 44 45 2d 62 6a f5 07 66 28 11 54 20 2b 35 75 2d 3a 4f 51 8b 88 e7 ae 38 01 13 82 3e b0 20 ef 6e 32 29 32 20 a2 0e 71 32 7a 00 82 f0 5b 3a 41 7b f5 4b 74 20 a3 0f 17 31 f4 af ab 21 42 50 00 0f 92 00 d1 3e 4c fa f4 d6 fb 37 f9 68 35 0b 4d f2 11 dc d2 24 71 db eb 7c b8 1a 13 a1 a1 46 08 6d dc bf fb eb b5 88 5d 89 10 be 12 3c 11 82 e9 a0 5d 44 2a 46 a4 65 a6 d6 08 a1 e0 83 e6 4c 08 97 22 d4 d5 0a 30 30 b2 8b 48 57 e7 85 73 d0 14 d9 1f 96 c9 e0 98 3c 4c 85 08 1f 8b b0 0d 30 03 22 cb 60 98 88 09 12 ce 03 13 be 72 43 13 c5 06 45 8d a5 61 23 d4 a7 04 88 78 02 0c 55 a5 5a c7 9f 4f 4e 1a da d3 c4 50 da 14 b3 de fe 14 0e 88 34 7a 6b 27 0a 44 7c 1f 14 c3 45 0c fd 47 12 21 5a 05
                                                                                                                                                                                                                        Data Ascii: ]Cv4""2'ADD.\04@DE-bjf(T +5u-:OQ8> n2)2 q2z[:A{Kt 1!BP>L7h5M$q|Fm]<]D*FeL"00HWs<L0"`rCEa#xUZONP4zk'D|EG!Z
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC16384INData Raw: 17 7a 3b be 98 54 b5 88 43 76 8a 7c d8 b0 bd 5a c5 08 a2 a1 3c c2 0f 32 94 70 45 13 c1 e0 dd 5e 4d 40 f0 92 c4 85 ad df 5d ed 6e 8b 60 aa b0 07 48 d8 5c 7f dd ef ba 08 6b 21 ea a9 5f fa 48 2e a2 03 db e0 62 82 3e 62 ad d9 42 04 bf 4e 40 10 17 6c 2a 47 80 10 55 ac cf 2e d1 44 08 09 ce a0 ef 31 63 53 8e 48 46 e0 42 52 e5 92 63 23 fe 70 45 93 50 11 a6 69 3a 3b 9e 23 26 c5 f1 bc 38 cf d2 f2 fc 8d 0d 2e a2 1d 84 f7 86 f7 46 c9 e5 fb 97 97 6f bf f3 c4 a3 4f 3c f1 ec e5 e5 fb 9f de fc f4 fd 38 05 22 ee bd 25 de 1c 11 34 6a b4 8e 08 12 81 33 4d 28 58 97 8b 9a fa 48 0c 34 cc 40 db 30 24 27 a0 11 da 18 61 4a 34 8c 41 08 43 87 29 cc 38 6e 81 04 50 02 84 98 8e 38 c9 34 52 2d 62 f7 17 93 d6 0e e1 38 24 25 36 4d 34 a1 eb a8 57 00 02 f2 cf 32 b9 d3 4c 0a 96 10 04 c4 b6
                                                                                                                                                                                                                        Data Ascii: z;TCv|Z<2pE^M@]n`H\k!_H.b>bBN@l*GU.D1cSHFBRc#pEPi:;#&8.FoO<8"%4j3M(XH4@0$'aJ4AC)8nP84R-b8$%6M4W2L
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC16384INData Raw: be 5f b1 ef b9 88 dd a6 b4 95 7a 12 38 01 a1 37 0a 91 0e f6 c2 39 f5 66 23 dc 63 5e 7b 66 21 3c 25 d2 9b 5e 9f 60 20 46 38 1b 81 60 7d 56 c2 bf 97 74 75 44 08 14 37 4b 5b 5c 13 81 79 8a 2c b6 0c 83 d9 06 a8 99 65 a4 02 2b ad 83 5f 51 52 60 97 04 08 f1 c1 4b 44 48 a4 23 50 35 3a 17 e1 e9 c0 11 79 ea c3 9f 16 20 c4 f7 87 87 71 d3 eb fc f8 f0 e8 ea 33 4b 6c 0f 88 18 b4 81 aa 46 b7 49 96 b0 9e f2 15 bb 58 65 5a 20 1e c3 4a cc e6 e3 b4 8b 48 9c 8a a0 8d e8 10 22 fd 9c 57 b9 08 3b 55 ed 8e ce f9 7c 35 9a e8 80 11 b5 2f 1d a4 a4 8b 60 80 c1 32 05 d6 ad 21 59 dd 4d 8b 33 54 c2 7a 55 44 64 3e f6 e6 21 53 f0 8e 02 01 42 55 25 8b 5d d7 45 70 ce 66 9b 95 98 b8 b6 a4 84 49 39 0a 33 0a 69 4a 70 ee d5 3a 48 67 1f ef c9 46 b0 bd db 59 62 d2 b0 6c d3 ab ee 1b 36 bd 0e da
                                                                                                                                                                                                                        Data Ascii: _z879f#c^{f!<%^` F8`}VtuD7K[\y,e+_QR`KDH#P5:y q3KlFIXeZ JH"W;U|5/`2!YM3TzUDd>!SBU%]EpfI93iJp:HgFYbl6
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC16384INData Raw: 0e 88 26 fb 58 e2 c7 d2 cd 9a 26 c2 5a 07 64 8a 0e 66 42 8e 69 11 b5 88 56 1c b4 c7 3a 12 44 f8 89 e9 e1 c9 de de de 3e 10 b1 41 44 38 6e ab d1 ec bb 95 cd a6 63 5e 29 6a ec b4 aa e6 d5 d3 ea 66 3f 3d c7 56 e9 ee 6c 42 3b 20 c6 e2 35 1d 11 cb cf 1f 1e 7e dc f8 e9 a7 47 83 c1 e0 f1 c5 9f 5f 9e 9f ff ee 96 88 28 75 4d 5a b6 b5 08 2d 83 07 1c 9e 13 52 18 40 7c 38 3e 37 87 81 4f 93 da b3 d5 00 84 44 16 22 78 15 b8 6e e8 cc 9e ac 08 c1 07 ba 16 c1 96 ad 0d d8 99 61 11 5f 26 b5 2e 62 e2 57 e7 2c 21 72 8d a8 b0 73 ea 17 74 cb a7 10 c2 ec 0e 02 06 21 2d 42 a0 e3 09 5f 71 45 7b 21 c7 04 04 f6 7c 0a 2c 08 25 b8 a8 e7 8f 54 5b e7 a0 b2 14 0d 6c 70 11 f3 61 44 33 6c 53 47 7f 8d 02 91 20 e2 87 e1 c9 a3 b5 54 1b b7 e1 3a bf 82 ff 6b 7b f3 f0 f0 f0 05 cf 75 c5 33 b9 1f
                                                                                                                                                                                                                        Data Ascii: &X&ZdfBiV:D>AD8nc^)jf?=VlB; 5~G_(uMZ-R@|8>7OD"xna_&.bW,!rst!-B_qE{!|,%T[lpaD3lSG T:k{u3
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC16384INData Raw: d4 56 af 30 28 ad 5d 84 03 22 24 42 50 7a 59 03 02 51 5d 15 07 74 2d 36 29 44 63 b0 c7 db 74 11 e4 02 67 45 db c4 84 50 a3 40 78 a8 66 e6 48 11 7f 2f 3a a0 2b 08 0f 52 75 b2 3a 0a 11 94 8e 49 f8 a6 57 77 07 9e bb 6e 15 44 14 15 fd 07 12 22 ec 63 11 42 05 9a b4 5e 87 28 56 2f 94 d2 c1 cf 57 df 8a 2d 4d 81 05 3d b5 d3 93 2d 3e 4c 6a cb 4c f1 18 e3 ea ef 65 82 04 05 25 82 95 21 c2 3f 4b cd 88 ae 59 8c 08 c5 2a 53 a2 97 d3 ca 82 4a d6 5e 73 70 4a d4 7c 80 cc 42 84 f8 20 f7 a0 35 25 fd 31 e6 c4 03 30 81 4e 26 78 1d 42 9b 9a 60 15 d8 65 25 d2 ed 4c 04 05 f9 82 a8 73 11 8c 92 e7 4a ca 8e a6 a2 a2 ff 54 fd e4 d4 5c bd be 44 3e 08 0e af 0a 0f 56 89 50 31 82 51 74 20 2f ec ab 42 b7 14 b3 97 80 b7 f4 11 ea 42 84 cb 28 01 ad 6c 99 29 40 a1 44 b5 ea 46 17 f1 0e 7b c6
                                                                                                                                                                                                                        Data Ascii: V0(]"$BPzYQ]t-6)DctgEP@xfH/:+Ru:IWwnD"cB^(V/W-M=->LjLe%!?KY*SJ^spJ|B 5%10N&xB`e%LsJT\D>VP1Qt /BB(l)@DF{
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC16384INData Raw: b8 8b 60 64 66 6d 4d f7 bd 7a 36 b8 ef 56 33 f3 2e 42 68 60 ae e6 45 a7 c0 b0 31 e0 40 36 62 30 0e 9c d4 e0 1f 10 55 8b c0 17 e8 80 05 76 9e a0 93 87 88 e2 41 5e 42 80 f0 7c d0 61 39 4c 48 11 69 26 64 24 c6 b6 2e 85 b5 6a 57 a0 0e 69 81 e7 7b ec 74 35 5b 10 bc 44 92 c9 45 4c 9a f4 5f a9 88 58 87 f8 a6 26 77 91 df 95 cb 2b 38 82 7b 9a 0c 0d c8 d0 3c 1d 34 56 ff a6 90 3d 8c 5f c0 81 ee 2e e8 5e d3 96 26 76 7b b2 16 77 11 fe 38 c4 b8 96 5c 10 33 e8 22 f0 24 3e 18 47 b0 a1 c9 8a 11 03 12 18 38 31 8e 97 ab 1f 1e ff 42 84 cc 44 4f 05 c1 02 b2 4a 84 d8 f0 b0 5b 65 f2 fe c1 ff c1 33 8c b6 e9 d5 ae 5f e2 43 a4 e9 4f 35 2e 1e 23 92 49 93 ce b4 c6 16 9a fc c7 ab 23 02 16 e8 23 9c 85 40 37 11 0a ae 62 4d ad be d4 34 7a ba 5a cd 6e df 58 a3 83 10 27 0c 46 ec 36 8f b9
                                                                                                                                                                                                                        Data Ascii: `dfmMz6V3.Bh`E1@6b0UvA^B|a9LHi&d$.jWi{t5[DEL_X&w+8{<4V=_.^&v{w8\3"$>G81BDOJ[e3_CO5.#I##@7bM4zZnX'F6


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        276192.168.2.750007203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-23.132fbdba.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC625INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:12 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 10656
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:11 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:32 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 796ceb3a22bf8e3da46ba289913fc7c2
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 3d1dd039-ad8b-4f39-b9d0-08999d127b3b
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC10656INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 39 00 00 01 39 08 03 00 00 00 dc 3f a7 c3 00 00 03 00 50 4c 54 45 00 00 00 ba f1 f7 8f e5 f9 ba f1 f5 bb f1 f5 9f e9 f7 af ee f6 95 e7 f8 ab e8 fe 97 e8 fa a9 ec f6 ae ee f5 a9 ed f9 b5 ee f6 8f e6 f8 a2 ea f6 bb f1 f7 af ec f6 9e e9 f6 90 e6 f9 ba f1 f6 b8 f1 f5 96 e7 f7 8f e7 f9 9a e8 f6 bb f1 f7 8f e7 f9 ba f1 f5 8f e7 f7 b8 f1 f5 94 e7 f8 bc ee f5 97 e8 f8 92 e6 f8 ba f1 f6 c1 d8 76 c1 d6 76 73 db e7 98 e8 f7 95 e7 f7 84 da e3 b4 d3 77 c2 d4 77 b9 d4 77 c4 c9 79 c3 ce 77 45 7c 83 92 e6 f9 b2 d2 77 ba d5 77 56 cb d7 ad d0 78 72 c9 b6 9c e9 f8 e2 f9 fd c5 c7 78 c2 d1 77 c4 ca 78 af ee f8 de f8 fc af d2 78 dc f8 fc ab cf 78 b7 d3 77 8d e5 f9 67 d0 dd a5 eb f8 ab ed f8 bf d5 76 ae d0 78 a1 ea f8 bc
                                                                                                                                                                                                                        Data Ascii: PNGIHDR99?PLTEvvswwwywE|wwVxrxwxxxwgvx


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        277192.168.2.750010203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-26.3e460242.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC532INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:12 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8768
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:11 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: a749c5e4-e379-4465-9d0a-6d52bf5867f0
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC8768INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 ae 08 03 00 00 00 44 2b b2 eb 00 00 02 f7 50 4c 54 45 00 00 00 c5 d0 fc c5 d0 fc d1 d8 f8 c3 ce fa c3 ce fb cc d6 fe bc c8 fa c9 d3 fd bf d6 fe bf ca f9 bc c9 f9 d3 dd fe bc c8 f9 bc c7 f8 cd d7 fe ca d4 fd ba c8 fa cd d7 ff bc c8 fa bb c9 f9 cd d9 fe ce d8 fe d3 db fe bc c8 f8 ca d3 fd c2 cb fa ca d4 fd ba c7 fa c9 c9 f4 d4 de ff c8 d3 fd d3 dd fd bc c9 f7 d3 de fe d4 dc fd 00 b0 ff 00 af ff 2a b4 ff 00 b0 ff 00 af ff 00 b4 ff ff d4 00 dc e6 ff ff cf 00 dd e8 ff ff d8 00 ff c7 00 e0 e8 ff ff cb 00 ff c3 00 da e4 ff ff bf 00 d6 e0 ff d9 e3 ff ff bb 00 ff af 00 00 d1 ff 00 cd ff 00 c9 ff 00 c5 ff ff b2 00 d5 df ff ff 9f 00 ff b5 00 00 c1 ff ff a5 00 cd d7 fd ff aa 00 d2 dd fe ff 98 00 00
                                                                                                                                                                                                                        Data Ascii: PNGIHDRD+PLTE*


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        278192.168.2.750011203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:12 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-28.cf48975b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC572INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:13 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 8656
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:12 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b69ff3dd-9eb9-418c-8a06-2f4177bc7477
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC8656INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c0 00 00 00 c0 08 03 00 00 00 65 02 9c 35 00 00 02 fa 50 4c 54 45 00 00 00 45 88 ee 43 84 eb de 7e 61 e2 8b 71 41 80 df 43 84 ea f9 a5 8b e7 94 7c db 83 6d 42 80 e7 43 7e e0 43 7c e1 43 7e e2 e1 93 7b de 88 73 41 7f e7 e6 97 80 4f 7d dc 41 7e e5 de 8c 76 e7 96 7e 42 7e e4 44 86 ec 43 84 ea 4f 7b d8 42 7f de 4e 81 da 42 80 e5 45 81 e2 f8 a3 88 dc 71 4d f7 a1 87 42 7e e2 47 7c e2 f1 a5 8c ef 9d 83 42 80 e6 ed 9d 83 44 7c e2 f6 a9 91 43 82 e9 ed 9c 83 43 7d e0 ec 9b 80 ea 9a 80 e7 98 7e db 8d 76 f0 a3 8a ef 9f 85 42 7e e3 42 7f e2 f4 a0 85 ee 9f 86 43 7d e4 42 7d e3 43 7c e1 eb 9c 82 43 7f e5 42 7d e2 40 7c e2 ec 9b 81 42 7f e5 e9 99 80 e6 98 7f ef a1 88 43 83 e9 42 82 e8 42 7a e4 40 7d e2 ea 99 7f f0
                                                                                                                                                                                                                        Data Ascii: PNGIHDRe5PLTEEC~aqAC|mBC~C|C~{sAO}A~v~B~DCO{BNBEqMB~G|BD|CC}~vB~BC}B}C|CB}@|BCBBz@}


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        279192.168.2.750014203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC391OUTGET /im.qq.com_new/de9c920b/img/ornament-29.bf39516b.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC585INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:13 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 16731
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:12 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:32 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 5ee7102388d8b484c0eaca013c70befe
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 51d571f0-79b1-4969-8269-1ac42934cdb3
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC15799INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 71 00 00 01 71 08 03 00 00 00 b2 59 68 96 00 00 02 fa 50 4c 54 45 00 00 00 79 4d 10 ff c2 00 78 48 00 77 4a 08 77 48 04 77 4a 01 77 48 01 ff de 24 ff c6 00 ff e0 23 77 77 77 6d 6d 6d ff ba 00 ff dd 09 ff bb 00 ff db 03 ff d4 00 ff d1 00 ff ba 00 ff d7 04 fd b7 00 6a b9 ff ff db 03 ff d7 00 ff d7 00 ff da 05 ff bd 00 ff da 04 ff d9 03 6c b4 f7 ff d9 00 ff dc 17 69 b9 ff ff bd 00 e4 9a 00 ff d8 00 68 b8 ff 69 b9 ff ff b4 00 ff df 19 d3 be aa ff da 00 6b 60 56 ff b1 00 f9 cf 90 2a 93 de ff d1 8e ff d3 00 ff d5 92 7c 75 6d ff bd 00 af 72 0f f8 b1 00 ff bd 00 e0 91 00 69 b9 ff eb 99 00 71 71 70 ff de 14 86 80 77 e4 a5 49 91 8a 83 fb b7 50 69 b9 ff 5f 5d 5b ff d4 92 ff c2 63 ff d4 92 f3 b5 5f 9f c2 e0 f7
                                                                                                                                                                                                                        Data Ascii: PNGIHDRqqYhPLTEyMxHwJwHwJwH$#wwwmmmjlihik`V*|umriqqpwIPi_][c_
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC932INData Raw: c9 b7 63 b0 0c 8d ad 8e 98 78 6b 1c 97 63 05 8e ef fa 8f 4d 28 ee 38 f9 7c de 8d c5 32 1c 52 75 b3 df 2c 81 8e f3 22 c7 58 21 c7 a6 5d ee 2a ce d3 a9 8f e5 a3 b6 ff ad 3a c7 2d a0 07 12 c7 3c 14 09 52 bc 54 62 c0 45 1c 87 33 37 2f c3 fb 56 b4 c3 54 7f a8 f7 1b 8a 6b 88 ef f4 12 27 cb 10 8a 73 e0 4e c1 73 e3 b3 0c 43 a8 be 25 2a 5c 7d 0d 70 1c 77 59 64 19 fa 14 2f 14 0a 25 cf 8d d3 32 34 a9 2e c9 2a bb 55 85 f3 cf 40 e2 1c 79 6f 8f af 2c 6f c8 4e f1 2f 43 07 8a 33 e2 a5 62 a7 1e cb 63 53 af ba 24 2e 29 67 69 ab e0 26 cb 37 56 ee ae 2c 2f a5 d3 6b be 4e 81 e2 00 ce 88 17 cb ed 9f 31 5b 86 46 d5 41 1b 82 93 75 c8 90 ab 5a e1 b4 45 d6 06 1d 9b 8e 04 ce 88 97 bd 76 a2 78 9f ea 12 31 70 fb 1d e7 92 2b e2 7b 0c 77 26 93 96 59 f2 29 2e 3a 25 40 f1 72 a5 62 7b 6e
                                                                                                                                                                                                                        Data Ascii: cxkcM(8|2Ru,"X!]*:-<RTbE37/VTk'sNsC%*\}pwYd/%24.*U@yo,oN/C3bcS$.)gi&7V,/kN1[FAuZEvx1p+{w&Y).:%@rb{n


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        280192.168.2.750013203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC390OUTGET /im.qq.com_new/de9c920b/img/brand-text.561ce6a3.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC901INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:14 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 9809
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:13 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 463353fa894409fc70cfaea47443bd0c
                                                                                                                                                                                                                        ETag: "5af07979c5cdf3fb896b467640d3aba0"
                                                                                                                                                                                                                        x-cos-hash-crc64ecma: 11126362672445115392
                                                                                                                                                                                                                        x-cos-request-id: NjVjYzllMWNfYzgyZjlhMWVfNWJjOV83MzM2MWMx
                                                                                                                                                                                                                        x-cos-storage-class: MAZ_STANDARD
                                                                                                                                                                                                                        x-cos-version-id: MTg0NDUwMzY0OTg2MjUyMjAxMDM
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 19d11bc1-ec93-493a-bc3f-0d54bc21f062
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        x-sername: cdn-go.cn
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC9809INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 cc 00 00 00 6e 08 06 00 00 00 33 9a 45 d6 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRn3EpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        281192.168.2.750012203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC386OUTGET /im.qq.com_new/de9c920b/img/page-3.f961bc34.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC534INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:13 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 103063
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:12 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 0bb4d343-d5fb-4d2b-bba1-df8ee3c06eda
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC15850INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 2e 00 00 06 13 08 03 00 00 00 22 b1 9c 4d 00 00 02 fa 50 4c 54 45 00 00 00 18 43 85 0d 3e 7c 02 3d 75 03 3f 80 03 3d 84 d4 dc e4 d9 de e9 bf cb dc b6 c3 d5 dc e2 eb f5 f5 f5 f2 f3 f4 86 9f bd ee f0 f2 ed ee f1 e7 ea ef ef f0 f2 f0 f1 f2 ec ee f1 e3 e6 ed e8 eb ef e6 e9 ee e3 e7 eb f5 f5 f5 ff ff ff f7 f7 f7 00 9c ff fa fa fa f1 f1 f1 c9 e9 ff cc e8 ff 00 00 00 c7 e7 ff ef ef ef ec ec ec c4 e9 ff 8e 8e 8e cd ea ff ff 61 39 4d 4d 4e e9 e9 e9 fb fc fc d1 e9 ff df e0 e0 e5 e4 e4 9c 9c 9c da db db d5 eb ff 95 95 95 e5 e6 e7 c9 e4 ff 00 b5 ff d9 ed ff a2 a2 a2 ce ce ce a8 a8 a8 d2 d2 d2 c1 c1 c1 cb cb cb c6 c6 c7 e4 d5 f9 db e5 fa d6 d6 d6 d3 de fe e4 ed e9 bb bb bb e2 d7 fc da e9 fc e2 de f4 7f af e1 e3
                                                                                                                                                                                                                        Data Ascii: PNGIHDR."MPLTEC>|=u?=a9MMN
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC16384INData Raw: 2c 1a db 3d a1 d2 c5 0b fb 2e 90 c5 59 bb 28 b7 ac 6b 60 7c 79 e5 4c 2e 6c 53 42 34 83 08 66 30 1a db 74 5a bf c4 8c d3 98 8f 7d 17 88 42 d9 a5 b7 48 ee 07 2f 92 58 5a d7 29 3f ad 2d c8 2e 90 45 73 3d 6c 51 04 a3 32 df 36 a2 ac d9 05 4b 71 48 62 d8 d5 2f f1 72 d9 1c db 1d 95 7e e7 bf 8f 66 0c a2 18 b7 29 f5 18 eb 2f b9 96 ec 62 97 f1 73 f9 18 92 f8 2d f5 c5 72 76 b1 06 4b 8d 14 5c 2c 21 8d d9 23 f9 ce f4 f5 eb 0c a3 90 6b 2f 85 73 b0 02 a2 28 c6 49 af ef 5e c0 5f cf b8 ee 56 c5 98 12 0c a5 3e 04 a1 da 65 de 0f 6b f4 fb ca 2e be ce 18 e7 90 7e d8 3b a3 dc c6 61 18 88 56 46 80 bd 82 22 84 3f d9 3f df ff 80 ab 18 46 69 63 58 ae 16 66 21 76 33 4f 49 1a 18 45 d2 8f 0e 68 4a e4 90 64 06 72 17 08 2f 4e d1 58 dc 29 65 b1 6a f8 17 1e 53 92 5c 68 74 f1 cf 5d 6c a9
                                                                                                                                                                                                                        Data Ascii: ,=.Y(k`|yL.lSB4f0tZ}BH/XZ)?-.Es=lQ26KqHb/r~f)/bs-rvK\,!#k/s(I^_V>ek.~;aVF"??FicXf!v3OIEhJdr/NX)ejS\ht]l
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 0f e3 9f fa ee 27 97 00 b7 15 81 e1 e4 92 eb 61 ec fd b7 9b 5b 73 ab 4b 5a ce 5f b8 f0 5d 79 41 2d 2e d7 4a 11 0b 3d 49 eb c5 68 61 03 96 60 e8 67 7b 79 04 31 00 d3 97 ef 8e cd 1a c1 28 2d 4d 0a 69 72 52 9f 14 f5 5d b1 cb 89 f6 42 ab 9e 2e a6 8c 2d 62 97 e9 7c 2e 2d 6e 59 6c 1c c7 6e 0c 6e ec cf 0b 8e f1 1b c9 d3 2e 3f d8 3b 83 d6 56 aa 30 0c 2b f8 23 c6 e1 04 21 59 45 27 1d 0d a4 4d da 62 30 e8 6d 40 68 09 25 a4 08 96 92 6e d4 de a2 2e 84 2e ba 30 37 9b 69 90 16 5d 05 53 21 70 03 dd 04 b1 3f e2 6e 4a ff 88 ff c2 f7 3d 67 ce 3d 39 33 d3 24 f5 8e 75 02 f7 fd be f3 cd d4 4a 71 e1 c3 fb 7d 33 67 66 ec d9 65 f9 0f 56 a0 a4 41 0c 33 b9 19 cb ec 9e b1 eb 67 f3 f5 bd 08 e5 78 65 1e fc 2a b5 85 33 37 8f e5 95 5c fc aa 53 a5 6a 42 94 1a 4a 45 51 ac b6 3a 5b 2d f9
                                                                                                                                                                                                                        Data Ascii: 'a[sKZ_]yA-.J=Iha`g{y1(-MirR]B.-b|.-nYlnn.?;V0+#!YE'Mb0m@h%n..07i]S!p?nJ=g=93$uJq}3gfeVA3gxe*37\SjBJEQ:[-
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: f2 d0 f4 cc c6 57 f9 5e fd e5 f1 e6 63 86 0b e3 e5 ce 9d 4b 9f 9f eb 2e 32 f1 60 0a d1 24 b2 80 bf 2c 6a be 01 37 cf 0a ea 71 80 b8 a0 74 1a 82 bb 48 c4 33 a0 d2 0f 29 2f 08 96 8c 8f 23 81 73 0c 87 6f d2 a8 1e 9c 38 91 e0 c2 60 61 fe 52 8a 8b 56 a8 5e 98 c3 20 2d 49 a4 c4 1c 64 d9 18 a3 05 a2 40 0b e2 02 7a ff 2f 3e c3 f4 33 18 1f ab 5a 45 77 e9 33 5c 1e cb d5 2e f3 ae b1 2c c2 c2 80 a9 66 09 7f 91 97 fe af 5d f8 3b 48 4a 7a 15 70 91 03 c7 d4 24 e2 3a b6 80 52 1c 87 c2 8d 9a 14 e4 c8 42 22 e2 b9 58 b0 38 26 f4 22 75 45 c0 09 2e 41 32 e1 a1 c2 0b ae ac e8 d2 89 13 27 80 93 32 60 0a b4 e4 4b fd 32 60 80 13 40 06 ba 6d d0 00 18 96 8d f5 10 53 b0 97 04 17 d4 ce 5e e5 68 a9 1e 97 a9 be af 5d e6 75 97 82 2a 99 a4 64 3d d2 b7 5c 4e e0 ef c1 e5 ca dd bb e7 ef 5e
                                                                                                                                                                                                                        Data Ascii: W^cK.2`$,j7qtH3)/#so8`aRV^ -Id@z/>3ZEw3\.,f];HJzp$:RB"X8&"uE.A2'2`K2`@mS^h]u*d=\N^
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: eb 20 36 e9 b0 91 3b 74 46 40 f3 c7 f4 e1 c4 da df b3 5f 73 ee 1c e7 1a a5 dd 63 c7 ae 5f bf fe e4 c9 75 a8 5f e5 50 e1 a7 0f 9d 4e ab 0e 23 72 78 ec 58 f7 52 78 b1 a1 7f e0 be fd 34 74 c3 8b e1 e8 fd a7 24 fc 14 5e 3c 1f c6 ef d6 61 f2 76 5d 9c 3f 5d bc 0b 0f 27 6f 0f 81 e2 6d 7c 78 b8 70 3f 85 87 87 e1 bb 4f eb 62 bd 9e e0 e1 c7 ef 92 c3 3f 85 74 bf a0 95 28 7b b1 bd a4 8b f4 e5 57 5f 48 96 c2 ec ec ea e5 3f 5e ea 1f 83 a6 f8 82 94 be 48 a8 a6 71 04 45 12 77 7f 4e c4 2b 3c 17 fa 90 f0 7e af fc f9 5c 9c 9b 03 c6 06 94 5b 26 07 0e fa 30 b8 06 3e ad c1 78 df 70 0d 57 ef db 06 45 53 47 e6 b0 67 69 ae 69 0e 34 ea 7a 05 2b 18 c3 c1 71 ca a1 28 2c 4b eb 9e 99 3e 2f 79 86 ed 59 0b 33 85 47 b3 99 5f 33 c3 6a e5 11 34 2c 68 d8 1b 9e fa 57 ba 5a 92 24 93 9a 77 ef
                                                                                                                                                                                                                        Data Ascii: 6;tF@_sc_u_PN#rxXRx4t$^<av]?]'om|xp?Ob?t({W_H?^HqEwN+<~\[&0>xpWESGgii4z+q(,K>/yY3G_3j4,hWZ$w
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 93 dd 92 eb ba ee f5 44 15 79 92 cb 3e f5 7c 61 b5 f7 05 5f ea 7e 55 7b 78 0e f5 bb 35 d5 33 d7 47 e9 20 41 85 20 6f 72 91 49 14 6d db 8e 7a b8 dd 3a b8 21 fc 02 84 b4 9e 3e da 08 c8 3a 96 94 53 70 76 76 9b be 4a 05 37 b9 14 5e 3f 12 e1 7d 61 b9 bc dc c2 7f 3c 33 76 69 e4 72 32 35 76 a9 5c 8c 0f f8 40 42 de 5b 5b 4f b8 aa 32 af d9 47 9d 6d 04 20 28 97 bc c9 ca 34 7e b1 4e de 38 19 8c 4d 73 a6 07 f8 aa 5c 44 b0 76 e8 51 90 81 76 a3 6c 72 f1 a1 80 f4 d8 72 52 fe 56 df c5 2e bd 4e b4 aa 5f 7b 8f 5a 45 00 c9 72 31 9b 5c 60 d2 cf a7 61 7a ad 27 05 1b 62 90 ab 5c ba b8 32 a3 5c 0a 72 94 7c aa cf a2 8b fc ae b4 aa 3f e9 8d 00 90 6d 70 81 20 b9 18 1b 4a 40 48 2e a2 d7 a9 b0 b3 98 6d 09 04 ca 45 b8 ff 5a ef f2 eb b3 58 98 57 33 63 97 89 e5 c7 93 2d 30 d7 0e c6 a4
                                                                                                                                                                                                                        Data Ascii: Dy>|a_~U{x53G A orImz:!>:SpvvJ7^?}a<3vir25v\@B[[O2Gm (4~N8Ms\DvQvlrrRV.N_{ZEr1\`az'b\2\r|?mp J@H.mEZXW3c-0
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC5293INData Raw: 03 ec 87 d3 74 f4 27 f9 f4 b8 9c f9 25 ec 2e 0c 5a 9a 4c 03 c1 58 13 f1 e3 08 16 c8 be 93 a2 0a 40 5b d2 c4 34 c6 25 19 23 4b ac 8c 50 8e 10 bc 7e 73 06 41 bd 84 7e b9 76 9b 41 a4 5c 0d c5 d6 d3 80 96 b7 69 6b 00 bb d7 d1 10 1a 29 15 3f f1 6f 46 5a bd 7d 78 aa f2 fc be 92 30 63 c5 3e 47 9c 6a 32 00 fb 3c 2e de c1 62 59 8b 1f bb 39 1c 24 0c b1 ba 98 05 05 2d 92 2d 2e 2f 36 c0 6f c1 cd 5f 4c e3 6f c0 7a ea e5 5c ae 6e 33 f5 6e 5a b2 1b a2 44 e3 f8 c8 7e 34 4c d6 0c 9d 24 ac 39 71 6d 79 34 ef fd 77 1f 1f 9e a2 bc 7f 7e bf ae 59 ce 45 62 81 8d 99 7a 0d 09 08 1b 47 60 c0 4d a6 3e 04 cf 2a 75 98 73 2a 5d cc 42 aa 25 b5 4b 1d 70 f9 fd 7c 21 c5 66 3a a9 29 d3 c9 4d 6e b2 b9 4e b6 46 7a 27 08 7c e2 02 3a bd 9b a5 0c ed 8b 1b b2 c4 38 b7 ea f3 3d 7a f6 ec d9 79 dc
                                                                                                                                                                                                                        Data Ascii: t'%.ZLX@[4%#KP~sA~vA\ik)?oFZ}x0c>Gj2<.bY9$--./6o_Loz\n3nZD~4L$9qmy4w~YEbzG`M>*us*]B%Kp|!f:)MnNFz'|:8=zy


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        282192.168.2.750016203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:13 UTC386OUTGET /im.qq.com_new/de9c920b/img/page-1.e3569743.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC626INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:14 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 117721
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:13 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 08:12:32 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: b26b62d9905c7f0c2ea99648986c6150
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 453f007e-3aec-4088-a558-8b238d1a6877
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC15758INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 5a 00 00 06 69 08 03 00 00 00 77 aa 97 08 00 00 02 fa 50 4c 54 45 00 00 00 0f 40 75 0e 2f 6b 0d 34 7a 0a 34 79 02 3f 78 12 3f 7e 01 39 7b 00 3a 7a 01 3b 7c 00 3a 79 01 3c 80 02 3d 7f 00 3d 80 eb ed ef f5 f5 f5 cd d5 e0 c0 cc dd d2 d8 e3 f7 f7 f7 b0 be d2 f2 f3 f4 e3 e7 ed f5 f5 f6 8a a0 be e9 ec f0 f0 f1 f3 ed ef f1 e8 eb ef d4 db e4 e4 e8 ec f4 f4 f4 f6 f6 f6 ff ff ff 00 9c ff fb fb fb ef ef ef f1 f1 f1 00 00 00 ec ec eb 8c 8c 8c 4d 4d 4d e7 e7 e7 e1 e1 e1 e5 e5 e5 e9 e9 e9 cd cd cd db db db d1 d1 d1 93 93 93 dd dd dd 96 96 96 b4 b4 b4 99 99 99 90 90 90 d8 d8 d8 b8 b8 b8 d5 d5 d5 9c 9c 9c a4 a4 a4 c7 c7 c7 ac ac ac 9f 9f 9f 28 bf ff a9 a9 a9 00 e6 ff bc bc bc c3 c3 c3 ca ca ca 00 d0 ff a6 a6 a6 00
                                                                                                                                                                                                                        Data Ascii: PNGIHDRZiwPLTE@u/k4z4y?x?~9{:z;|:y<==MMM(
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 71 68 f9 63 cb d7 a4 fe d0 f2 c7 56 58 68 05 16 62 9f 08 31 1d 7c de 8e 67 5a d4 55 43 d3 d7 7c c7 a1 16 df ba 4e 41 0b a4 ad 32 8e 31 3b 97 16 19 ab c1 16 0f be 2f ea ac e2 2c d8 a2 db 01 28 f2 0d 7e 04 41 cb 1f 5b c1 d0 0a d5 09 f5 81 18 b7 28 b5 16 01 5b c6 f4 c7 f4 39 84 bc 0e 21 af 95 a6 c4 b2 73 a3 e7 16 c5 de df f9 e4 10 2e 68 2e cc bf dc 9d cf 4e 1b 41 0c c6 db 46 6a d5 8a 87 d8 43 22 0e 4b d3 a8 17 14 89 13 70 ea 81 63 df ff 51 90 63 0d 5f 8c 87 f1 ac 47 ce 9a 78 0f 01 65 09 8b 34 1f bf b1 c7 7f 3c d8 2a d6 a2 4c 9d 28 b8 6c 68 d5 05 ee 87 56 f3 d2 ef ab d0 7e 06 6c 39 cc 71 ae c5 dc d2 89 4e a0 56 89 bc d3 4b 5c 88 f0 24 5c 1d c5 60 6e fd 7a 9b 54 92 34 83 d3 83 2d 7c 67 a1 a8 a1 14 13 5a 75 6c f9 a1 d5 b4 ba d6 85 58 33 60 6b 7c 2d d8 d9 18 a5
                                                                                                                                                                                                                        Data Ascii: qhcVXhb1|gZUC|NA21;/,(~A[([9!s.h.NAFjC"KpcQc_Gxe4<*L(lhV~l9qNVK\$\`nzT4-|gZulX3`k|-
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 21 c2 60 d9 25 8b f7 1c a8 c5 07 5b 0e b9 16 62 cb 3a ae 65 dc 96 66 5f 54 62 0a 9d c5 61 84 ff c6 ee 5d c6 b6 85 ab 8e b9 56 1f d0 e2 47 2d f2 c4 d5 d9 59 6a 2d 6a 2c ea 2c e6 ad 97 af 40 2f 49 9a 92 c9 28 4b 99 4c 3a ad 65 b4 f4 0c 30 0d 17 32 53 60 4a dc ab 0c 90 89 dd a5 8d 5c ae ee 01 5d 64 2b 95 4a 55 96 d4 54 2a 37 ae cc 10 00 98 54 f6 44 e3 23 1b 4d 79 af 45 40 1a 57 3d 43 f1 5a 5a 4b 2b 9a 96 ce 03 44 5a f2 58 69 b8 35 f3 80 e7 04 78 6b 6d 6b 09 4d 55 06 52 cc 8e 00 55 b1 44 95 59 52 4a 86 62 f4 05 db 33 04 c8 f4 44 6d 2b a7 05 60 5a 89 48 8d 28 b8 43 44 38 4c 6c f5 a6 16 ee d7 c2 32 86 2e fb bc 96 f5 62 6a d3 5c 3c a8 65 1d e0 b7 9d 6b 39 76 be f7 01 2d 6e b9 d6 e5 ab 9b b3 d4 5a 88 2c 5d ab eb ab ab eb d7 2e f6 b2 96 32 23 08 0b 8a 20 ec 96 87
                                                                                                                                                                                                                        Data Ascii: !`%[b:ef_Tba]VG-Yj-j,,@/I(KL:e02S`J\]d+JUT*7TD#MyE@W=CZZK+DZXi5xkmkMURUDYRJb3Dm+`ZH(CD8Ll2.bj\<ek9v-nZ,].2#
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 9e 0d 6f fa e2 2f 8b 05 1b 22 56 ca 79 fa b3 b9 19 cf 2b b7 72 40 88 62 cd f3 d6 c7 6d f9 85 06 7e a1 36 2a 14 b5 9a a9 5a 09 d7 10 4a bb d4 f1 5a ec 96 72 ae c5 8b 42 13 b9 f7 b0 86 50 1b 55 a2 5c e0 37 34 cb 78 a7 51 4b 9c 6f 8f 4e d8 38 e7 07 8b 41 32 0b 9f cf 3f e3 8a 5c b6 4a b2 b4 fa 16 c4 e3 54 dd 12 59 63 b5 4a 33 f5 fa 5c 65 d1 a1 0f 5b 95 56 bd de ac 54 db 6e 2c fa f4 76 bc 3c 3d 5b af 96 27 46 01 a9 97 a6 eb f5 99 4a b0 ea 13 0b 95 99 c3 2b d3 a5 02 30 76 6d 06 52 92 ea e8 c4 27 c6 f8 d3 75 ac c5 66 c5 34 22 34 33 70 35 9a 5c c7 51 4b a9 21 34 39 a9 64 e7 03 57 4f 6d b6 a7 92 fc 32 7f 4f 18 b2 2e 5c f8 e1 87 9f d5 8a 5c 12 8b 89 6f 8c 41 a1 aa b4 8e 6a 91 1b 05 72 64 b2 42 ad 06 ab 95 06 be 8a 15 77 1c 24 07 5c 8a 54 8e 37 4d 7f b3 ec c4 a2 0d
                                                                                                                                                                                                                        Data Ascii: o/"Vy+r@bm~6*ZJZrBPU\74xQKoN8A2?\JTYcJ3\e[VTn,v<=['FJ+0vmR'uf4"43p5\QK!49dWOm2O.\\oAjrdBw$\T7M
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 52 ab 96 59 d1 fa 8f e3 b5 5e d3 68 91 b8 d4 72 a6 a3 8c d5 10 7e 83 c3 8c 2b 12 f0 bf 64 58 b5 ea d3 29 0d 28 05 47 14 8b 6c e2 be 3c fa 27 b9 74 25 61 d5 6e 40 ee 5b 63 b7 a9 ff 60 44 b6 18 4e d5 d7 e7 5e c2 7b 3c 18 54 3d 19 18 54 2d f8 af 6d 2d da 3f 57 67 ae 2b 1d 84 ac ad 85 70 6d c6 2a 9a 71 11 22 ab ba a5 85 6c b1 30 84 06 62 be d7 85 13 04 00 f1 dd 55 23 06 7a 95 af 54 37 2d c8 55 81 17 e7 fb bc 2a 02 76 9b 9a 0f c6 0f 87 a3 0f 46 c1 e2 76 fc c1 f8 89 80 1f e3 a2 55 6b 94 b1 1a ae b5 17 98 9a 64 5c d5 a9 eb f6 5a 5b cf 98 90 2d 75 75 1a 86 f0 79 22 5a 06 de 6b d5 62 53 00 2b 02 4c 5c 2a 0f 38 ee 86 ab 66 84 63 77 a4 72 c5 1f 80 6f 67 37 e6 1b 38 27 c0 31 63 0f c6 65 4b 6f b9 8f 7f f0 70 c5 d5 9c 6a 41 8d b6 96 26 eb ae 34 e1 db ec 5a ba f3 bb b1
                                                                                                                                                                                                                        Data Ascii: RY^hr~+dX)(Gl<'t%an@[c`DN^{<T=T-m-?Wg+pm*q"l0bU#zT7-U*vFvUkd\Z[-uuy"ZkbS+L\*8fcwrog78'1ceKopjA&4Z
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 09 1f a7 d6 82 b0 35 f3 99 4b 1b a5 0c c0 21 4d 13 1c 33 56 ac ce 32 9b f1 21 e3 40 58 cb 5c 2e 97 2d 1c 2c 87 6d 76 4b f3 30 c1 04 b5 da 5d 73 c1 d7 66 d8 12 34 6d 47 d1 26 f8 f1 be d6 ba b0 65 69 b8 4c 38 71 8b 1a 84 c2 5b 20 d1 d1 f2 d3 20 64 6c bd 92 d8 92 01 42 b4 d6 5f 80 ad f9 ce 1c a7 c0 6e bb 66 5b 04 d6 4a 04 b5 2e a3 e3 5a 72 96 b1 0c 63 f0 2b f2 51 27 c4 70 48 a3 0e 45 6e 8e 90 eb 0b d0 a2 03 85 a3 d6 da 04 eb c7 d6 68 36 06 ca 1a 32 96 61 0c 2b cf c9 4f 88 50 06 df 9f cb fc 5c d4 f4 7c ad e5 60 6b e6 13 87 ed c1 7d 78 b7 d6 40 0e e1 66 d8 5a b4 7b dc 5a 14 96 70 35 e0 92 63 93 eb 5b 0e 61 b2 0b 6a 6c 14 56 dd 8b f4 91 63 2c 47 dc 95 c4 dd 43 59 5b b8 ff d8 ab c7 16 4d e0 07 0d cc 29 41 c9 d2 75 de 43 84 f6 b8 16 e7 39 3d 47 5f 71 83 f0 ed 58
                                                                                                                                                                                                                        Data Ascii: 5K!M3V2!@X\.-,mvK0]sf4mG&eiL8q[ dlB_nf[J.Zrc+Q'pHEnh62a+OP\|`k}x@fZ{Zp5c[ajlVc,GCY[M)AuC9=G_qX
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 77 ae 23 68 51 37 06 d4 95 b3 d0 c9 2e 5b de 4e 61 5c 0f a1 a0 75 34 b4 2a 41 2b 3a e4 48 6a 01 5a ec 5c c7 cf 83 e0 56 92 99 31 06 f8 4d 59 6e aa 64 74 37 46 25 68 1d 0f ad 5a d0 9a 70 c8 d8 cb d8 ba 31 90 7b 5f ef 73 06 2e 8d d1 6e 74 b2 db 50 1e b3 3e 61 0d e1 8d 09 cb 65 df 87 77 63 a8 e5 7d 36 b4 2a 41 2b 3a e4 94 0c 21 3f 11 f2 1e 42 9f 20 cc 34 33 5e 38 53 48 ea 7c 1f a0 96 5a de 3f 00 5a b5 a0 35 13 5a ae 87 b0 04 59 d7 35 d4 82 77 5d 57 5b 79 c2 42 3b 86 5f 3b b3 b6 9d ef eb 1e 6a a9 e5 7d 1e b4 2c 04 ad f0 90 e3 7b 08 bf 16 5d 59 38 68 ad 5c c5 78 81 7e 0c 48 2b a7 87 d0 15 b6 a6 4d 19 0b 5a 73 a1 55 0b 5a d3 0e c9 81 6e 8c af 60 96 9b d7 72 d4 02 b0 60 0a 99 a5 ad 62 c0 df 6d 22 f4 4e 25 82 56 1a b4 d4 3d 18 1f 72 ca bc 16 53 ab 93 22 e4 6e 8c
                                                                                                                                                                                                                        Data Ascii: w#hQ7.[Na\u4*A+:HjZ\V1MYndt7F%hZp1{_s.ntP>aewc}6*A+:!?B 43^8SH|Z?Z5ZY5w]W[yB;_;j},{]Y8h\x~H+MZsUZn`r`bm"N%V=rS"n
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC3659INData Raw: e9 c5 61 16 d4 0a ad 05 b3 18 9f 81 e2 0a d0 87 b1 83 6b 73 2e 3c ae 11 4e 85 9f c1 2d 32 0e be 36 ec 08 29 b7 4e 48 7a 09 47 5f 11 ba 43 30 41 82 bb bc 5e bd a4 ce e1 71 d2 fc 5f e2 aa e1 ba 0b 00 fc 20 43 ad 9c f1 88 ca 92 1c 66 4f f1 74 53 1f 7f 39 98 f0 dd 7b e8 35 be b0 6b 35 14 c6 80 c2 50 5c 56 5f 85 3d ed 65 7f 0a b8 c5 6c 0f fb 81 53 0e 71 1e 4c 0c 0f 92 6d bf 5d c0 aa 81 53 e7 1f ec 6a ab e4 95 69 85 ca 82 58 3f b3 b7 7b 48 ee 64 2b a3 1d 50 5c 8b b6 4d 2b 7c 99 09 17 c5 15 4b 67 f4 f2 f0 be 28 7e d9 b1 5a 3c 9e 38 37 5e f8 0a 6f 23 96 a4 66 88 91 0d 83 55 17 cc 85 3c f5 3d 1f b3 34 e7 18 63 46 18 e1 0d 74 97 ad 39 dd ec 5a 99 25 17 10 a9 c6 49 17 af 72 3e c9 75 62 8c 02 bd 1f ec b0 67 d2 09 97 67 64 b9 8b f8 53 ce 79 64 1d 4f 33 0b 7c 60 74 d3
                                                                                                                                                                                                                        Data Ascii: aks.<N-26)NHzG_C0A^q_ CfOtS9{5k5P\V_=elSqLm]SjiX?{Hd+P\M+|Kg(~Z<87^o#fU<=4cFt9Z%Ir>ubggdSydO3|`t


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        283192.168.2.750018119.28.165.184437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC610OUTGET //im.qq.com_new/7bce6d6d/asset/favicon.ico HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC486INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:14 GMT
                                                                                                                                                                                                                        Content-Type: image/vnd.microsoft.icon
                                                                                                                                                                                                                        Content-Length: 25393
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:14 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 08 Feb 2023 09:21:48 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 91c7d333-17c9-446a-b8ca-ee031b9be8e1
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC15898INData Raw: 00 00 01 00 01 00 00 00 00 00 01 00 20 00 1b 63 00 00 16 00 00 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 62 e2 49 44 41 54 78 da ed bd 49 6f 1d d9 b6 e7 f7 db 3b 9a d3 77 ec 49 49 a9 54 de 6c de 7d b7 5e 95 e1 66 e4 99 5d 9f a0 6c d8 b0 bf 82 01 0f dd a0 0a 30 3c 30 50 b0 87 f6 c0 23 0f ec 81 81 42 19 e5 81 3d 2a c0 80 01 c3 70 01 f5 ea be 77 f3 de 9b 52 2a a5 54 aa a1 d8 f3 f4 6d 44 6c 0f 56 ec 88 38 14 29 92 4a 91 3c 24 e3 0f 04 4f 9c 86 a7 89 88 f5 df ab 5f 90 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 58 6c a8 9b fe 02 39 3e 0a 75 ca a6 e3 4d 7d 64
                                                                                                                                                                                                                        Data Ascii: cPNGIHDR\rfbIDATxIo;wIITl}^f]l0<0P#B=*pwR*TmDlV8)J<$O_#G9r#G9r#G9r#G9r#G9r#G9r#G9rXl9>uM}d
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC9495INData Raw: 36 92 76 dd b8 76 50 68 fc 67 ee f6 e4 3e 67 af e4 d9 d1 63 41 ac 01 54 2b 32 60 d3 f7 e5 73 b4 75 80 2d c4 75 75 ed b0 ab ff 74 3a 4d 9c b6 9f 40 00 67 d9 58 bf e6 c0 da 12 61 db 28 a4 83 68 01 0b 71 a2 6e 9a 00 ac 06 60 4d 80 5f 13 2a 09 11 b5 2a 24 f5 c4 7e 52 ec d5 aa 93 61 18 ce a9 93 26 f3 66 4a 6b 8c e7 a3 ab 15 cc d2 12 7a 6b 13 67 38 04 c7 45 77 3a 62 12 c4 23 ae 8c 35 0f a2 50 da 76 47 46 48 e2 c4 ad b1 f7 ed 4c 3f 3b f8 c3 ce ca d3 4e 32 9e 4c 37 ea e8 f5 35 54 a3 81 2a 16 65 ee 9e d6 0b d7 b9 fc ba 10 86 21 d3 e9 94 d1 68 c4 64 32 f9 14 c7 ad 41 86 79 d8 5b fb 98 ad f3 ff d4 72 5e 1b e9 b2 04 50 62 81 9c 81 8b 40 00 59 0d e0 53 4d 00 83 08 ff 08 98 92 46 18 f4 a7 bc 5f d6 9e 0c 82 20 71 2a cd cd ab 53 4a 26 d8 d6 eb 38 91 41 69 8d 2a 16 d1 6b
                                                                                                                                                                                                                        Data Ascii: 6vvPhg>gcAT+2`su-uut:M@gXa(hqn`M_**$~Ra&fJkzkg8Ew:b#5PvGFHL?;N2L75T*e!hd2Ay[r^Pb@YSMF_ q*SJ&8Ai*k


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        284192.168.2.750015203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC386OUTGET /im.qq.com_new/de9c920b/img/page-1.5a6a85fe.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC587INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:14 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 200887
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:13 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 9f55ebfb1df7b70f3ae0acb686e660ca
                                                                                                                                                                                                                        X-NWS-LOG-UUID: b5898ef5-bc3d-4385-a90b-8a38190099a9
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC15797INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 f8 00 00 03 c7 08 03 00 00 00 82 12 07 5e 00 00 02 fa 50 4c 54 45 00 00 00 1c 1c 1c fe fe fe f0 f0 f0 f1 f1 f1 b3 d5 ed fe fe fe a9 d2 f4 fb fb fb 7a c4 fa f7 ce ad e0 e0 df f9 da c2 5b d6 f3 15 bd ff fa d0 7e ca cf d0 a9 aa af ba bb c2 83 e0 ac 8a 8c 98 f9 f9 f9 1e 1e 1e 46 47 47 8f 8c 9a f4 f4 f4 c0 bf ca ff ff ff f6 f6 f6 f4 f4 f4 f1 f1 f1 f0 ee ee ec eb eb f8 f7 f8 e8 e8 ea fa fa fb f1 f4 f8 0a 0d 14 a0 a0 a0 ce cd ce d9 d8 d9 05 05 07 b0 b0 b1 a9 a9 a8 e0 df df bf bf bf c6 c6 c6 e5 e3 e4 99 99 99 8d 8c 8c 92 92 93 b8 b8 b8 12 12 12 7e 7e 7f 00 9d ff eb ed f5 20 21 24 d3 d2 d3 85 84 85 41 40 41 39 37 3d 32 32 32 1c 1a 1a 10 14 1d ba cd e2 de e7 f2 c9 d8 eb 9e b9 d7 d1 dd ec 51 51 51 c2 d3 e6 d6
                                                                                                                                                                                                                        Data Ascii: PNGIHDR^PLTEz[~FGG~~ !$A@A97=222QQQ
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: d4 bb 01 bf 1c a4 a5 ba e3 16 d9 59 ee 7f 20 ad 57 ff 51 76 16 e3 20 c8 07 7f 67 0b 48 43 de f0 64 59 d5 33 85 15 00 df d0 c0 28 4d 61 66 e0 73 34 19 9b cd 56 3f c8 67 34 5b 07 07 03 2e 92 2f 1a b6 a6 52 94 5c 6f 60 b3 76 6e e8 bc aa 16 e4 6b 55 29 c1 b8 72 d8 3d 08 0b 38 ca 95 5a eb 86 4d cb 7b ba 33 18 a5 03 f4 82 a8 66 fb 16 17 3c 16 0f d0 c7 4d 9f d0 ec 1a 62 b9 d7 77 ec f1 d0 ee 68 d7 02 26 4c 7f fc e7 ce ce ce 86 3d 18 b4 fc 84 2f 45 7f d7 1e 64 09 5b 42 41 fb c8 45 9a 7c 77 f7 eb 9f 5e 4a 93 0f fa b2 a1 08 dc bb 7e 7d 75 6b 72 72 cb f8 fe 7b ef bc 63 a0 18 ae 81 61 af e1 c3 7a 50 8e 8e 9a fa 98 cb d6 1b ef 32 4d d2 13 dc 12 0f e1 03 c5 ca 0d 71 88 dc a3 f9 d6 a3 27 c4 f2 e5 8c 22 b9 37 7c d9 83 7c c7 ef e5 f3 64 f8 04 e7 b2 c3 b8 c2 de 89 39 cb 28
                                                                                                                                                                                                                        Data Ascii: Y WQv gHCdY3(Mafs4V?g4[./R\o`vnkU)r=8ZM{3f<Mbwh&L=/Ed[BAE|w^J~}ukrr{cazP2Mq'"7||d9(
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 3a 36 10 34 76 cf 08 86 8f 76 b1 d9 90 ae 07 a1 21 20 82 7b 90 e7 f1 40 17 b6 10 a5 d9 2c 42 00 5f b3 c9 d1 dc 36 8b b6 a5 ed f4 f6 aa e4 f8 60 21 79 cf 6e 19 b8 03 f6 60 f7 08 79 61 c7 d7 ee 01 7c f4 3b fa 06 7b 06 7c 96 7b 08 4f f3 c5 60 bb 46 b7 ba 05 f2 71 17 ea f2 93 38 50 8d c7 43 81 2a 72 88 98 e3 93 46 0c 9f 23 03 bd 62 21 6a 44 44 57 5b be 91 03 08 a3 4c 30 89 79 fa 77 d7 7f 97 e3 1b eb 9f 2c fe 5b a9 ed 72 ea fc f2 ad 5e a9 15 40 cf 62 0f ad 35 7d e2 fa c4 ef 91 6c 9f 1b c3 3c fe 31 cb 3a 35 c9 a7 f7 ea 8e 9a 88 d4 ed f8 a0 6f 4e e0 f8 90 93 ca 66 e0 03 f5 c8 f3 4d 19 c3 77 70 f0 f9 e0 16 0d 3e a8 62 d9 47 b2 2d 80 d2 e7 07 e1 f6 eb be 09 ea e6 c1 3e 1c 88 7b be e7 43 9e 87 a6 80 f7 0a 05 3f e0 1e 79 3b 72 82 3e b6 e8 22 5a e1 19 bf e7 03 7b f0
                                                                                                                                                                                                                        Data Ascii: :64vv! {@,B_6`!yn`ya|;{|{O`Fq8PC*rF#b!jDDW[L0yw,[r^@b5}l<1:5oNfMwp>bG->{C?y;r>"Z{
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: e4 19 d4 ae ed f8 6a fb f8 88 79 49 9c 4b 4b ff e2 dd bb b8 15 ee d1 c1 96 89 89 89 96 96 96 89 c1 89 09 64 62 e7 87 7f 4c b7 c7 c0 ac 51 0f ef e2 dd 89 a3 0b 40 1f 45 bd 58 88 50 57 ef 5d fd e0 fc cd df fc e6 d7 63 5f ea 1c 6f 1b f8 e2 1b a7 6f a0 92 ef fa 97 2e 5f 41 4e 63 ea fe 3b f7 1f 4f 3d 9e ba fa 80 20 c9 c5 63 e9 3b fd 7c 32 16 a2 5e 16 3c 27 7d 7f fd 0f 88 7d df 9a 7b 00 f0 bd 5a 8e 6f fb 03 37 f0 58 d3 f1 55 f7 f1 89 b8 f9 d4 85 2c 10 b0 9b 0b cd 86 94 be da 73 7c db 77 7c d4 cf b7 5b 8e 4f 90 4c 4d 51 02 4b 71 65 18 76 3f a7 ba 22 f9 2b 0e 3e dd c3 3e 02 86 ac 6b b1 a6 73 31 11 10 28 7a 26 29 84 5d 09 f2 46 8e c0 e7 e1 52 b1 ac 45 7a 1c ea 76 1e 01 61 a8 1b a6 0c e5 08 7c 45 53 f5 24 fd 45 f0 59 b1 54 b6 7c 3b aa 73 54 01 7e ca d2 75 cb b0 69
                                                                                                                                                                                                                        Data Ascii: jyIKKdbLQ@EXPW]c_oo._ANc;O= c;|2^<'}}{Zo7XU,s|w|[OLMQKqev?"+>>ks1(z&)]FREzva|ES$EYT|;sT~ui
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: f7 ea 82 af ab a3 d7 f5 29 f1 8e e1 55 1e 19 29 57 ca 8d ca 12 0a 5b 28 c7 3b b5 c4 35 98 09 bb 6a 50 93 a8 07 ec 71 ab d7 93 62 8f c0 d7 d6 fd bc 5a 19 1b bc 43 b5 f2 33 18 e2 e3 dc 03 f8 f8 e8 1e 22 dd c7 6a b8 04 c0 f7 32 08 46 56 ef 49 bc 5e 7e fe 8e e1 e1 c5 d5 c7 a8 ce 79 11 43 7b d4 92 0f c0 6b b3 6f b9 f5 0e f5 a6 ca 26 70 ec 07 be 82 70 84 f0 3b 3c b9 c1 11 d6 d9 92 1b 5d f0 ed d5 7f 27 d4 55 99 d8 9e 61 2b ef 5a 1a 1b 92 b3 9d 92 ca fe 8c 24 56 2c 64 ab 80 cb ed 6b 8a c2 ef 56 2d 57 45 26 db b2 e7 e5 9f e0 84 b6 8a 38 f3 20 e5 77 a3 b0 fd 45 b7 7d b8 54 71 d7 a5 8a 07 2d af 9e 2f 85 0e 89 ea 59 77 a8 0a 07 2e 74 2e a8 6c 1f 15 7f 37 4f 43 f9 23 f0 55 a0 f1 f1 91 6a 15 55 2d 84 37 e2 de 32 15 b7 2c 4f 65 d8 23 26 92 26 00 bb 06 a9 d9 43 d8 e3 a2
                                                                                                                                                                                                                        Data Ascii: )U)W[(;5jPqbZC3"j2FVI^~yC{ko&pp;<]'Ua+Z$V,dkV-WE&8 wE}Tq-/Yw.t.l7OC#UjU-72,Oe#&&C
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: ff be df de 6f 75 a3 69 f6 1d f8 b6 db e6 be 26 a7 89 a2 a1 c4 42 a1 1c 69 3b db b5 89 33 15 3a 3e b4 75 bd d0 e9 f9 55 76 27 1c 1f 5a be 70 62 f4 97 ca 4b 0e 16 1b c2 54 05 53 72 d8 5b c0 37 ee f8 fc 00 c7 d8 24 97 4e 2e dc 08 96 f8 a2 e3 0b f4 65 f3 f2 02 68 77 b1 6b 76 bb 8f 5f 77 97 17 30 cf 85 c4 05 2d f9 38 41 82 75 bb 96 d6 5a 59 3b 94 11 9e 80 00 64 b6 95 ec 30 59 54 44 91 52 b8 67 b9 65 a4 53 61 0e 63 2d 84 32 42 d4 0b fc e6 23 74 7c 41 1c 37 b4 7b 38 cb 1d 75 7c 38 cb 8d 94 d6 f5 8b 0d c1 76 34 f3 46 52 cf 23 fc 5c 9b 98 e5 5e 5b c0 37 28 1e a9 af e6 63 2b 8a bf 49 1c 8e 39 3e 14 dd bc d8 5f ec 7e fc 78 bd ff 7e 79 d9 b0 ed d7 cb 4b c0 5e b3 bd b1 4d f1 1e a3 c8 4a 6c e0 a8 14 94 52 61 09 61 4a 90 42 59 6b 12 42 25 05 95 82 38 59 46 25 e1 46 13
                                                                                                                                                                                                                        Data Ascii: oui&Bi;3:>uUv'ZpbKTSr[7$N.ehwkv_w0-8AuZY;d0YTDRgeSac-2B#t|A7{8u|8v4FR#\^[7(c+I9>_~x~yK^MJlRaaJBYkB%8YF%F
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 19 fe 37 91 e3 f8 56 bd c4 5a e1 71 7c ab 57 61 f0 fd f3 0f 1f 14 ff f9 87 0a 26 10 bb c9 2d b3 37 b8 e5 e5 eb d7 97 97 a3 3b c6 db 54 86 bc 9e 20 b8 a5 bb 22 4c 20 ad 5c 4f ef 29 64 4e 51 d9 26 b4 92 45 fb 86 6d a5 d4 51 d6 fb d1 e8 ff 78 ec 9c e3 f8 56 3b 57 97 42 2e 13 e2 2e 67 75 39 3c d8 bc 8e 0f 12 ef df 8a 59 a7 44 16 ed ca a2 17 e4 7c 73 ce 5b a2 b8 e2 37 85 9f 58 f9 32 51 0c da 42 a7 20 5e 67 0a 08 7f 8c 18 5e b8 e2 8f 3c 58 30 c5 a1 b2 fe d5 e8 6f e0 2c ab 3c e0 47 84 42 bf 13 82 ef 89 52 68 e3 d5 9b 23 b3 55 9b 9f 7a ee 60 c3 b5 2c 35 35 3c fb b5 17 9f 7f b6 72 60 4e 17 84 1d 35 db 2b 9a 9b 9b f7 f4 df bc 89 64 ee 48 eb d8 d8 14 b6 73 73 3b 9f de 71 e4 c8 99 66 51 dc 71 ed e0 17 3e 5f 7b ad 79 3c 39 3e 3e 18 e8 ca 52 67 2a b9 94 5a ca af f1 e0
                                                                                                                                                                                                                        Data Ascii: 7VZq|Wa&-7;T "L \O)dNQ&EmQxV;WB..gu9<YD|s[7X2QB ^g^<X0o,<GBRh#Uz`,55<r`N5+dHss;qfQq>_{y<9>>Rg*Z
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 6e 13 57 d0 fe c6 fe 16 3c 1f a6 a6 1d ec 13 02 f0 cd 83 79 0f 35 e0 fa 1a cd 77 df 5f ef e0 ee a3 4f 3e 7a f7 fd 77 3f 42 83 f6 5d 7a fd c9 47 c0 1e b7 7e 73 88 76 a1 65 44 b7 c0 1b 45 df f2 f4 d0 f4 ce ce d0 d4 e8 d4 07 0b d3 d3 8d cf 16 86 4e 0e e1 b9 65 98 41 90 af f1 c6 cb b9 e0 3b d6 ed a5 b4 eb c2 5f 57 b0 ab 64 66 eb 66 4d 5f ce 5c dd bf b9 ae 2e 37 8a b9 73 75 a1 7a 1f ef e3 4b 06 09 19 49 42 96 d0 0d 86 07 aa 75 93 8a e7 75 c1 3d 86 bd dc ac 6e 31 3a 7c a5 8f 25 56 39 a6 91 ac 02 f0 95 27 a8 fa 18 f8 92 09 b5 03 3e 7b a2 da 0f 55 b1 d7 a4 ff b6 b4 e3 16 59 cb 63 5e 36 ad 91 a1 1e 4e bb 0c 1f 76 61 f9 8e 05 5f 21 70 25 4e 3f 03 60 08 09 1a 03 17 78 0b 49 ed 4c 85 d0 bc a0 a8 f1 19 6c 1c 7c 92 56 2c 45 51 45 32 54 1d c0 c0 6d 7d 45 f1 55 55 e6 93
                                                                                                                                                                                                                        Data Ascii: nW<y5w_O>zw?B]zG~sveDENeA;_WdffM_\.7suzKIBuu=n1:|%V9'>{UYc^6Nva_!p%N?`xILl|V,EQE2Tm}EUU
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: cd 37 df 7c 36 bb 23 03 17 83 60 bc ae d6 44 d7 f1 b5 01 7c 89 6e 1f 25 b3 66 0b a1 96 0d 9e 19 ee 24 6a b9 e0 4b 48 28 55 73 8c 6e 49 f1 94 00 f0 05 73 03 22 60 ae fb 28 e1 72 3c 1b 8e 7c 69 c7 17 96 10 14 b3 90 a3 86 42 96 2f a2 1f df f4 4b 7c c1 e9 6c 8c 26 05 33 af bc f2 10 16 f6 56 57 57 07 03 20 df e6 e6 e6 86 a7 1e 36 7f f0 c2 ae 6f 79 eb 60 3b da f1 bd f7 e3 ec d3 81 de fb 71 f4 de 57 01 f9 0c 43 d7 f5 9a a5 83 8c 1c 4a 37 d4 ae a1 d5 8d 6e bb 32 97 bb 0c 3e cd 6e d5 1d d5 c6 08 6b d6 45 84 b2 0d bc d3 a0 06 63 1a 7f 59 44 be 32 96 26 d4 55 75 6e 6e ae 64 cf 99 73 73 76 5c ae 36 d5 76 b5 5a ad d4 ca 2e f8 50 a6 88 e5 81 4f e9 35 d4 7e b5 d0 49 c5 eb 77 09 3e 62 f9 e8 23 d7 c2 29 8f 9b ac f1 81 82 df 31 1c 9f b1 f3 de ec ec f8 fc e9 13 ac f1 f9 e1
                                                                                                                                                                                                                        Data Ascii: 7|6#`D|n%f$jKH(UsnIs"`(r<|iB/K|l&3VWW 6oy`;qWCJ7n2>nkEcYD2&Uunndssv\6vZ.PO5~Iw>b#)1
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 1f cb 62 9e b5 be c6 86 7d b8 29 ec 3b 3e 5f 6d 50 ab 8e 8f 7b c8 e7 d4 dd 0d 5a e8 b3 1a 2b b7 e1 e6 f8 b0 79 f0 7b 9c e3 6b f2 7c 7b e7 4c f0 01 7d d3 ef 0f c4 9f 3d 8b 4b 7d 47 ba 7b 0e 1c ee 7a 4d dc 33 c7 88 7d 6a 32 7c ad 83 8f f5 74 81 bd 15 80 4f 13 04 39 ae 43 46 a9 d2 6d 18 8b 20 9c 96 53 e4 64 52 66 01 8d 05 96 d7 03 0a 05 de cd 9c 93 54 46 96 42 0d fd db 5f 44 bc 35 31 53 b0 94 09 6c 27 f0 99 dc 33 f7 96 b2 ba a1 cd 9d db 4d 67 8d d3 1a fd 75 75 7d b5 41 ad 39 3e e7 61 7c a1 2d 1d 1f 3f 94 8f 03 9f 37 b3 c7 6b c7 66 f2 bd ee ef 4f d3 c3 3c 80 ef c5 e1 ae be ae ee 3e 8c db ec 3a 32 fa 0a dc 4b f7 43 cf 53 c4 3d 5c ec 05 7c 45 a3 4a 5a 9c d7 04 68 81 c0 a7 eb b9 aa 01 69 b2 92 cb 29 0b b9 86 c0 82 19 50 58 a0 fc 79 e0 b1 12 20 15 6a 99 8c 05 3b
                                                                                                                                                                                                                        Data Ascii: b});>_mP{Z+y{k|{L}=K}G{zM3}j2|tO9CFm SdRfTFB_D51Sl'3Mguu}A9>a|-?7kfO<>:2KCS=\|EJZhi)PXy j;


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        285192.168.2.750017129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069932675&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:14 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        286192.168.2.750019203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC386OUTGET /im.qq.com_new/de9c920b/img/page-2.9a3b1afa.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC574INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:14 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 542510
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:13 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 5c1c6200-3874-490c-bada-97f1cd0a7070
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC15810INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 1b 00 00 06 01 08 06 00 00 00 d5 ab 86 93 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 01 65 69 43 43 50 44 69 73 70 6c 61 79 20 50 33 00 00 78 9c 75 90 bd 4b c3 50 14 c5 4f ab 52 d0 3a 88 0e 1d 1c 32 89 43 d4 d2 0a 76 71 68 2b 14 45 30 54 05 ab 53 9a 7e 09 6d 7c 24 29 52 71 13 57 29 f8 1f 58 c1 59 70 b0 88 54 70 71 70 10 44 07 11 dd 9c 3a 29 b8 68 78 de 97 54 da 22 de c7 e5 fd 38 9c 73 b9 5c c0 1b 50 19 2b f6 02 28 e9 96 91 4c c4 a4 b5 d4 ba e4 7b 83 87 9e 53 aa 66 b2 a8 a2 2c 0a fe fd bb eb f3 d1 f5 de 4f 88 59 4d bb 76 10 d9 4f 5c 97 ce 2e 97 76 9e 02 53 7f fd 5d d5 9f c9 9a 1a fd df d4 41 8d 19 16 e0 91 89 95 6d 8b 09 de 25 1e 31 68 29 e2 aa e0 bc cb c7 82 d3 2e 9f 3b 9e
                                                                                                                                                                                                                        Data Ascii: PNGIHDRpHYs%%IR$eiCCPDisplay P3xuKPOR:2Cvqh+E0TS~m|$)RqW)XYpTpqpD:)hxT"8s\P+(L{Sf,OYMvO\.vS]Am%1h).;
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: b6 0c 5b 4f 26 40 f6 0d b6 25 ad 83 ed 43 db 36 db 8f 4a 30 ee d9 d5 5c 16 9e ff 9e 5d 61 6b eb a4 e7 b5 2e 36 dd 6e b5 be b6 5d 7a 0f db fe a6 76 60 df d6 cf f6 8f b6 af a9 9d 17 f2 9c 9a d2 f4 7a db 5f e9 73 4c a1 cf 46 fb c8 b6 41 eb 66 cb 18 f6 7e 0c 7b ee f6 19 e9 7b 69 df 87 b4 fe 9a de 54 f7 d5 56 f1 9b c6 46 da 97 b8 3f a0 75 0a df 86 b8 5f f3 f8 0f cf 30 3d 9f c7 ff d3 37 fe 21 d1 12 09 9b 48 b6 06 a5 28 4d 12 9f 38 4d ea b7 af de 1e 94 fb d4 6d c2 dc 77 d3 02 ad d8 c5 38 6c 53 55 ab a0 2d 70 b0 ce f3 60 3d 87 de 9a d8 0e 05 91 07 db 8a 18 a7 01 40 6a a4 1e 39 b7 18 35 f3 3f d4 a5 b1 20 19 19 a0 cf fa 98 58 a9 33 19 b5 f7 c0 29 8d 35 a2 36 a3 22 d5 50 e9 85 d0 3c 22 d5 e8 18 ed 8d 6e 24 ed e8 2a bd e4 54 af d8 a8 dc 71 15 f5 df c8 96 9c db 0a 3a
                                                                                                                                                                                                                        Data Ascii: [O&@%C6J0\]ak.6n]zv`z_sLFAf~{{iTVF?u_0=7!H(M8Mmw8lSU-p`=@j95? X3)56"P<"n$*Tq:
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 5b cf 34 65 64 64 64 64 64 3c 15 80 61 80 ca 31 24 08 20 ee 15 60 28 6a 62 90 17 cd 30 47 61 1e 85 cd 82 55 1f 42 7e d8 72 40 0d 18 73 d7 6f fd d6 6f b1 9a 51 2a 75 80 3a 15 54 9d 5f f2 92 97 d0 c5 40 99 0d 2c d4 41 95 18 f3 e1 eb 5e f7 3a 3e be 9c 80 24 01 f6 2b 58 04 c4 62 21 16 37 b1 b8 f8 4c 60 65 a5 fa f3 f1 2f fd d1 17 8f ac 7d b4 a6 01 b7 11 84 1c 27 4e 3f 16 49 37 8e d6 8c c6 8e 5b c5 68 1c ea 54 1c f8 0f d1 c6 e7 83 d1 f8 ce 89 9a 25 39 76 aa 52 66 03 d7 1f aa ff ed c1 8a 32 f6 9d 74 83 01 c9 06 22 8d df 1f 82 ff 8d 3a 86 03 50 a6 63 cc 18 89 83 c1 68 b7 5c ac 37 6f 1a 0e 74 7d 64 f1 b2 96 6c 94 8e e1 e8 4f d6 12 8d b9 b9 88 f9 50 a8 d6 4f ac 15 04 06 22 b6 8b b6 61 25 ea 1f 6b 12 69 ec 0d 2d eb 72 30 1e 97 dd f5 2d 90 44 35 24 eb a6 4b d3 d1 76
                                                                                                                                                                                                                        Data Ascii: [4eddddd<a1$ `(jb0GaUB~r@sooQ*u:T_@,A^:>$+Xb!7L`e/}'N?I7[hT%9vRf2t":Pch\7ot}dlOPO"a%ki-r0-D5$Kv
                                                                                                                                                                                                                        2024-02-16 07:52:14 UTC16384INData Raw: 3e 0e 24 a3 e0 cb fd f2 14 9c e8 57 af b5 ff 64 28 e3 16 4b 44 1c 49 31 b7 84 41 69 bb 38 a5 55 1b 51 70 59 17 36 4c 36 bc 6c 92 98 47 c2 ad 54 9d a7 0c 29 2c f9 03 c1 58 a5 68 e8 6d ee 7f fd 5e d3 28 f8 0b 64 9f 62 f1 d3 3c 42 55 40 b9 1f dc f6 90 8b fa 92 af 9a e7 d9 e0 d8 c7 56 55 0e 30 42 31 87 cf 44 4a 38 20 57 41 d5 e8 a1 d5 ed e1 a1 aa 01 43 8f a9 1a 06 83 c1 60 30 18 0c d7 0f ea 7c 02 15 b0 bd b9 21 59 17 82 68 80 70 68 42 15 22 70 5b b7 2f 45 f1 f9 26 be cf cc dc 62 0c 65 23 7c 2e 4d 34 85 77 e3 b4 f7 01 43 d9 c0 a9 6d f6 6d 8c 8c 50 5d bd 4c da ec e9 d9 11 14 fb 01 fb 92 bd 5a aa 86 fa 95 31 ed a3 3d 1b 0a 90 8c 1c 6e eb 3a 94 a4 51 e5 31 46 45 32 35 84 51 aa fe c0 33 4d 3c 2e 15 25 35 1b e8 de d0 9b 06 06 28 e8 f3 5b cd 29 36 a2 6a 00 9b f5 6c
                                                                                                                                                                                                                        Data Ascii: >$Wd(KDI1Ai8UQpY6L6lGT),Xhm^(db<BU@VU0B1DJ8 WAC`0|!YhphB"p[/E&be#|.M4wCmmP]LZ1=n:Q1FE25Q3M<.%5([)6jl
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC16384INData Raw: ad 27 1a f8 00 fd 8e 68 a0 6b 03 b7 f0 20 55 e0 dd c0 b6 10 b4 87 0f f9 f8 db b2 37 8a 23 fa 16 44 03 84 43 0d e2 d5 aa 06 46 a9 70 81 41 3c f9 80 5e dd 60 9c 0a de df b6 b9 38 54 36 a6 c8 a7 51 75 ac 21 77 18 0c 06 83 c1 60 30 18 ae 39 40 d9 d0 e8 db f5 a1 2d 19 a3 9a 85 67 03 91 b7 fe 16 78 36 10 7f 2b b1 b7 9d b4 72 de 37 89 4f cf c5 48 42 c5 48 3f 7a 36 2e f8 e6 f0 11 90 8c de 5e 56 37 70 3d ed da 38 96 bc 5a f1 4b b4 22 69 54 a9 39 5c cb ae 97 3c e1 40 a4 2b 52 a8 ca 7e 8c aa a8 8f 25 59 5f 43 d9 d0 93 fc fd f0 6c 38 55 23 8c bf 05 50 c4 8d ad 8e 52 01 58 db 83 68 20 0a 77 23 dd 1a 21 36 ab 6c c4 51 3a c0 15 8c 54 45 15 6c 28 ef de d8 60 32 4a 35 28 a5 7e 87 82 0f 16 78 37 78 96 cc 7d 11 20 1a fb df f1 89 15 82 aa e1 7d 1b 00 b6 ca e8 c2 31 aa 63 27
                                                                                                                                                                                                                        Data Ascii: 'hk U7#DCFpA<^`8T6Qu!w`09@-gx6+r7OHBH?z6.^V7p=8ZK"iT9\<@+R~%Y_Cl8U#PRXh w#!6lQ:TEl(`2J5(~x7x} }1c'
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC16384INData Raw: 7f 94 1a 68 8a 47 a8 70 9b 96 fa 61 ab cf 21 23 54 f8 29 b3 97 7a 7a 67 69 d4 8f c1 6d 99 6c 89 cf 65 4e d7 ed ea d8 45 e7 5b eb b8 67 03 44 03 84 63 72 32 e8 da 70 fa 18 4c e2 64 30 fc 90 03 24 e2 f5 af 7f 3d 9b b7 ef 73 9f fb 70 1b f8 fb df ff 7e f6 6e 28 a0 76 e4 7d c4 04 cc d9 30 5b d7 c2 bf ff fb bf f3 25 04 22 79 ab 1b c7 ab 81 d7 0e 5f ef 4a 02 23 62 20 57 9f fd ec 67 e9 2d 6f 79 0b 3d e0 01 0f a8 30 b5 57 a3 d6 88 15 80 cf a4 cd eb 06 c3 5d 01 8c d4 7f f8 10 b7 0c 98 95 28 db 87 bb cb bd 5a 25 19 09 24 01 0b e7 f7 3e 71 b5 b9 1a 71 b4 bf f1 05 31 47 03 e8 8b 40 07 47 b5 f1 1b b7 df 76 67 1a 91 8b 45 36 7c 22 cf bf 31 bd cf 8b ff 4b d2 9a 80 4f 38 65 7f f0 2b b5 df 2b 54 14 34 9c 87 78 68 d7 fa c8 c6 fd 1d d1 78 7c 2f 6d 18 77 96 85 34 d4 ad e3 37
                                                                                                                                                                                                                        Data Ascii: hGpa!#T)zzgimleNE[gDcr2pLd0$=sp~n(v}0[%"y_J#b Wg-oy=0W](Z%$>qq1G@GvgE6|"1KO8e++T4xhx|/mw47
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC16384INData Raw: 43 fa cc ea 8e a1 ad 7a fb 5b 04 e2 0a 2a 1b 37 de ba eb 42 fc bc 6e 43 91 5f 76 ed 53 0d 1b 6f 99 e4 d9 a1 b3 66 2f 48 a4 fc a2 96 39 0e d5 61 16 11 11 11 11 11 11 11 11 f1 2e 42 aa ba 0c 5b d5 08 89 c6 8e 27 14 58 e0 62 7b bb e2 a3 36 7a 6d 45 43 f5 1b f8 52 09 e1 f0 95 8d e4 b8 46 28 2c 98 de 93 49 db fc bc 6b d7 37 46 49 46 3e 0e 7d 4c 82 78 c1 89 0a c2 41 0b 55 a3 66 83 ea c6 75 a3 8e 54 4a 32 70 a4 32 9d 41 55 83 f6 29 df 42 55 46 28 5e 76 6d 54 2c a1 ed ad 68 37 fc 7b 56 2a ea 44 35 6e 08 f5 53 47 2a c6 f2 3a a6 a7 a0 a0 ee b3 81 0b 6d cb 03 e5 c3 b6 51 d1 3a 95 e4 69 82 f2 af bc af db a8 71 69 9f 72 fe bc 26 4b 10 af 1a c4 28 8e 49 69 b0 5f e6 fd 6b bf 88 ba 09 42 fd 2c 46 bd 1d d5 c4 84 13 88 53 33 42 10 43 65 e3 ca 2b e7 b2 56 2a fe 18 9a b3 c1
                                                                                                                                                                                                                        Data Ascii: Cz[*7BnC_vSof/H9a.B['Xb{6zmECRF(,Ik7FIF>}LxAUfuTJ2p2AU)BUF(^vmT,h7{V*D5nSG*:mQ:iqir&K(Ii_kB,FS3BCe+V*
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC16384INData Raw: 29 9d e0 6d 05 87 0e f5 0b 84 e2 ce fb ca ae 9d a8 24 af aa c8 03 a4 a2 31 ee 9e ec 73 36 a8 6c 94 82 ca 06 a1 7e f2 45 d4 dd c3 a4 7d 6a 62 44 fa cf 0c c4 83 db 3a 47 d2 d2 d4 4c b2 6d bf 68 12 c4 b7 d7 4c 56 d9 08 5d a9 1e 6d d3 03 77 db cc ce 5f 4c db da 6f 9b fe 9e f3 6d b3 77 67 0d 9a 8d 79 b3 96 9a 07 46 74 1a 43 fd b0 4c 27 10 ef 3b 79 b6 4d ad c9 b0 2b 4b 2d e1 88 d6 b7 8d 60 b6 05 81 f5 61 5a ac 18 a0 93 3c 7e 90 70 25 aa 0a 3c 67 bf 10 40 08 02 b3 41 3a 43 d5 4c 37 c2 09 0f 7d 85 26 a5 03 4e 5c 95 4a 45 d2 c7 69 a1 62 66 4c 35 15 9c d8 e8 57 0d 7f 44 cc cc 71 1d d2 b0 d7 77 c0 fd b4 a4 21 70 54 87 2f 48 0f df dd f3 12 21 46 44 44 44 bc 28 70 0c a5 7a cc 6c 3d c7 cc c3 82 e3 26 c7 51 aa c7 0c c8 9f 55 b5 fd b0 a0 7a 4e 8b ec db 69 ef c2 09 8b 16
                                                                                                                                                                                                                        Data Ascii: )m$1s6l~E}jbD:GLmhLV]mw_LomwgyFtCL';yM+K-`aZ<~p%<g@A:CL7}&N\JEibfL5WDqw!pT/H!FDDD(pzl=&QUzNi
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC16384INData Raw: ec a7 ff f8 8f ff 68 0e 83 f7 be f7 bd e6 43 1f fa 50 4b 8f e5 b7 72 ef de 3d f9 8e 39 86 44 bc 78 e0 94 f3 47 7f f4 47 72 4c fc f0 87 3f 6c 7a 7b 7b 85 5c 6f 6c 6c c8 9a 71 00 fb 1b fb 28 b7 71 ac 62 72 84 7d 8c 89 26 fe a6 fd fd fd 0d c7 d4 df fa ad df 6a 4a 40 f8 3d b1 8f af af bb 68 35 5e 93 fd 9c d7 e4 38 cf 6b b2 5f f3 7b f9 b1 1f fb b1 86 e7 72 6e 60 42 a6 55 f2 1d 82 fe fc 7f f1 2f fe 45 4b 8f e5 77 cc 36 f1 fb fe e0 07 3f 28 c7 ef 56 c0 77 c4 84 01 bf 07 7e db cd c0 31 9e fd ff ca 95 2b e6 20 e0 3c c4 76 e9 79 a9 19 5e 7d f5 55 39 ef 2a 98 a8 e3 39 e1 31 2b 42 d3 c3 1f a4 a6 bb 5d 5a a8 a8 6c 60 7b cb 7d ea 48 d5 d3 dd 99 20 0e b7 47 e1 c6 e7 da db 97 97 96 d2 62 c2 06 93 d7 74 cb 30 99 4d 45 03 db db f4 a1 49 86 cf 9b 74 de ff b9 34 45 bc cd 13
                                                                                                                                                                                                                        Data Ascii: hCPKr=9DxGGrL?lz{{\ollq(qbr}&jJ@=h5^8k_{rn`BU/EKw6?(Vw~1+ <vy^}U9*91+B]Zl`{}H Gbt0MEIt4E
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC16384INData Raw: ba b3 de d7 d3 91 f5 f9 f3 57 9b db 72 8d bf 55 83 78 c0 85 0d d1 b7 ac 83 cf 45 75 23 8d bf 4d ed 06 15 af 6e d0 59 37 5b 09 8a 06 6b 6d 17 95 0d b5 31 80 6a 2c d9 4e 53 a9 50 39 18 a1 42 d9 c8 94 46 b9 ba a9 a5 7c bb 3d 1b 3b 3a 74 1b 62 6e b3 c2 8d 0e b1 81 f5 e8 93 fb 9d 0c bb e4 77 78 a4 28 f6 0b 24 83 71 2a 17 5f 1c 90 76 c3 9a 2b 8c e2 95 78 3d aa 86 4a 40 40 7b 36 20 1a 7a 1d 2e fd cd 46 a8 42 6c 58 c0 d4 cc 42 8e 41 bc cf f5 b9 ab 91 4d 6a 22 95 8e 52 a1 6c 70 3c 50 4c 3c dd 3d ae f3 ce 5a 66 ca c6 e6 60 d4 89 c5 0e 7f 20 36 5b b0 e8 6d fe dd bf fb 77 ee db be ed db 64 81 d3 88 1f fb b1 1f 73 ff e0 1f fc 83 4d 89 06 e0 0f 12 8b aa 6f fa a6 6f aa 5b cc 29 fe f7 ff fe df 42 54 36 23 1a 80 5f 4e ff f3 7f fe 4f b9 3f e7 1b f1 47 7f f4 47 ee ef fe dd
                                                                                                                                                                                                                        Data Ascii: WrUxEu#MnY7[km1j,NSP9BF|=;:tbnwx($q*_v+x=J@@{6 z.FBlXBAMj"Rlp<PL<=Zf` 6[mwdsMoo[)BT6#_NO?GG


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        287192.168.2.750020203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC386OUTGET /im.qq.com_new/de9c920b/img/page-2.5d02382f.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC625INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:15 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 73028
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:15 GMT
                                                                                                                                                                                                                        Last-Modified: Sat, 10 Feb 2024 14:24:44 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 56dbd5de862e3a5ec4271c7c7004bf64
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 4b0a08d3-1a95-439a-b090-a099c4422d1a
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=2
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC15759INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 97 00 00 04 d5 08 03 00 00 00 c1 f2 0f fe 00 00 02 f4 50 4c 54 45 00 00 00 10 10 10 0a 0a 0a 07 07 07 df df e0 ec ec ec e3 e6 ec f0 f3 fa c8 cc d3 ee f1 fa 9e a2 a9 ea ed f6 ec f3 fe cc cc d0 ed ef f6 e7 e7 eb eb eb ef ec f2 fe e8 f0 fb ff ff ff ee f4 ff f2 f2 f7 f4 f4 f8 f3 f7 fe fa fa fa f2 f2 f2 1b 1c 1e ee ee f6 f8 fa fe ee ee ef e5 e4 e5 d9 d8 d9 e9 e9 ea ff 36 18 99 99 9c 30 30 33 dd dc dd e1 e0 e2 c7 c7 c9 d4 d4 d6 23 24 26 bf bf c1 94 94 98 9c 9c a0 36 36 39 cc cc ce ac ac af 2a 2a 2d a9 a9 ab eb eb f4 9f 9f a3 b3 b4 b6 cf cf d1 b0 b0 b3 a5 a5 a8 ba bb be 3d 3d 40 c3 c3 c5 91 91 95 e7 c4 c1 b7 b7 ba e3 ba b9 e4 e5 f0 ff dd bb ff c5 c3 eb cc c7 55 55 58 6a 6c 6e ff d4 b6 46 47 4a 4e 4e 51 8f
                                                                                                                                                                                                                        Data Ascii: PNGIHDRPLTE6003#$&669**-==@UUXjlnFGJNNQ
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC16384INData Raw: d2 c9 08 9b cf 2b c2 58 dc e7 2b b2 61 9f 8f 83 0b 09 e5 77 98 5e 7a 64 e2 a5 0f a8 a0 d1 8a 5d 94 d1 4b ce 0f 3c 0f 76 4e 7d ef cc 1a fa 5f 58 1c 09 f6 76 ba cf 0d 53 6f e3 a3 8d 8d 8d bb d5 ea 5d 1c 76 f6 08 f3 55 dc 8c 2f 2e 96 4b 8b 95 df d0 4d 5c 67 b6 f1 6f a3 de ac d7 b7 99 b3 79 49 47 14 03 96 35 0e 24 06 50 60 8f 12 02 a0 c5 90 ea f0 d2 09 61 6e 52 88 eb 21 49 30 bd 9c 51 32 14 20 6e 35 65 0a a9 26 51 6d 51 2d d0 0c e7 74 67 15 1f 98 9a 02 c9 e3 48 9c a5 e0 42 c3 bb 78 4b 52 2f 38 63 12 40 34 0a c4 4b 31 ec 0b 85 c7 ed 66 9e 56 cf ad 5f 16 5b d1 e0 11 08 49 fe 81 f3 b0 f1 f2 dd 46 15 b9 79 b3 6a b2 b3 83 c3 c2 f6 62 07 69 97 2b 35 b2 1d c7 b9 dc aa d7 eb 0b 0b 0b a5 33 c6 cb 80 cf 60 26 cb aa 63 c6 99 4c b2 b0 93 10 74 cb 64 8a 6a e8 e5 c4 58 46
                                                                                                                                                                                                                        Data Ascii: +X+aw^zd]K<vN}_XvSo]vU/.KM\goyIG5$P`anR!I0Q2 n5e&QmQ-tgHBxKR/8c@4K1fV_[IFyjbi+53`&cLtdjXF
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC16384INData Raw: 57 4b e2 ea f2 f4 fd 5f 9b bb 43 fe c3 60 1f b9 70 5d 9d 53 44 33 49 20 08 3f a8 c8 cb 00 bb 06 d1 78 99 95 65 eb 82 aa 71 ec 65 5d 82 d7 47 40 70 59 90 49 65 25 db cc 5c 90 14 2a 8b 90 a8 93 46 77 07 11 a3 0c b9 f1 92 cf 22 3b c4 68 bd 1c fe 55 46 30 f2 92 7b 86 44 99 97 00 06 7a 4f 95 30 80 6e db 20 85 dd 9c 98 a5 00 51 d3 cc 63 d5 34 42 f6 26 44 5a 62 07 b6 f0 16 8e 8b e9 f5 ea bb 9b 21 cd cb c1 76 90 ef 8b f9 c6 4b de 27 05 3f 18 b4 0c 29 3c fe 7c f1 d9 fc db 61 e9 e5 ea de 3a a0 96 9c 54 bd 3c a1 2d 16 df 1b 31 df 83 7d 6c de 03 30 ee 5f 92 97 49 11 fb 45 11 6b 2f 53 cf 23 2f d9 22 25 2f e9 89 99 e0 be 88 18 80 9b bb 00 b6 7f e9 78 45 52 28 20 50 d6 b1 aa 88 30 c9 2b 0e 10 16 7e 5c 24 b1 4b 5e 82 db 23 0c 58 2f ed ff 80 33 55 46 f3 2c 4a 0b 04 51 1b
                                                                                                                                                                                                                        Data Ascii: WK_C`p]SD3I ?xeqe]G@pYIe%\*Fw";hUF0{DzO0n Qc4B&DZb!vK'?)<|a:T<-1}l0_IEk/S#/"%/xER( P0+~\$K^#X/3UF,JQ
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: 1d b7 59 1e 1e dc 5a 96 95 17 93 f9 b3 e0 ea 06 5c 2b 7e 7b 21 18 db cb a5 82 c5 4b d3 19 6e 5c 4c 5b b0 8f c6 3a 30 e6 75 ff df b0 bd 5c 32 4c f2 71 2e ef 61 07 6b eb 66 bd 6c bc 39 23 ed 76 7c 89 b9 6d bc 87 d3 92 33 c8 02 29 8d bb 43 f2 6f 11 bb 1d 5f 36 4c e3 e5 b4 21 a7 07 83 49 8b 9a e5 c6 5e c6 11 72 bb 1d 5f 6e cc f3 71 7e be ba 31 21 5f 78 ee c3 a7 e2 88 9d 8f 2f 37 37 e6 e3 cc 0e 16 c9 2c b0 92 cb 79 4c 57 8f db ed f8 32 43 e2 a5 b9 99 7c 49 03 ab 22 26 af 27 bf 90 c2 6e c7 97 99 7f d9 3b 9b db 86 61 18 0a 0b 01 3c 81 0d e4 92 21 7a eb 08 9e a2 f5 4d b3 79 cc da 2d 8b be 8a a6 1c 03 22 10 81 ef 13 e2 24 a7 e4 40 50 e2 8f 1e 07 33 ec 01 5f e6 13 f7 e8 01 e4 55 c5 0d da 65 24 c4 5f 9a 01 39 9a a4 5b 97 9b d8 66 a1 09 8b dc e8 2f 63 71 e0 2f 93 a9
                                                                                                                                                                                                                        Data Ascii: YZ\+~{!Kn\L[:0u\2Lq.akfl9#v|m3)Co_6L!I^r_nq~1!_x/77,yLW2C|I"&'n;a<!zMy-"$@P3_Ue$_9[f/cq/
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC8117INData Raw: a8 d3 b1 fc 73 1a cc e2 60 66 18 fe c4 d0 a9 82 7d 09 23 f2 9b 84 66 78 66 fc 9d 2e 3a e3 4b 22 bd df bf 0c 3a d6 40 26 41 92 b8 d2 fe 01 ce fb fd be f1 c8 cb 91 10 e2 73 37 10 c2 b7 b4 aa 78 0b 9c 2c 07 8a 6a ca 09 c6 34 90 b2 43 2e 47 2f 1b 98 1f e8 18 27 00 71 bf 24 4a 73 2a 3e 4c ef 89 36 d9 3a 47 96 b1 7a 59 ce 23 e7 fc 74 24 70 59 2f 57 63 31 b0 44 14 45 be de b4 ed a4 1f 39 fe d5 6c cb cb 73 6a 87 81 17 da 44 15 ed 4b a5 5e ca 5e 3d bc 8e dc 44 84 5d 6f ac 69 cd 5e 34 ba f1 17 fa a3 47 44 c1 6f bd 24 38 60 53 8d a3 9e b0 c2 bb 6e 28 8a d6 cd dd c8 b3 f9 e7 78 bc db 99 97 0c 3f d1 1f af af 36 2b ce e4 9c 85 f9 e2 63 15 a7 46 ca e5 03 65 d9 3a 5b 7f 5b 12 6d 7e 3c 14 50 eb 25 9c c2 65 08 13 29 ec 4b d7 88 5a 7a 68 18 76 68 12 4d 84 fe c8 4b 5d 74 e7
                                                                                                                                                                                                                        Data Ascii: s`f}#fxf.:K":@&As7x,j4C.G/'q$Js*>L6:GzY#t$pY/Wc1DE9lsjDK^^=D]oi^4GDo$8`Sn(x?6+cFe:[[m~<P%e)KZzhvhMK]t


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        288192.168.2.750021203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:15 UTC386OUTGET /im.qq.com_new/de9c920b/img/page-3.88e518ac.png HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC666INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:15 GMT
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        Content-Length: 199208
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:15 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 31 Jan 2024 03:24:06 GMT
                                                                                                                                                                                                                        X-NWS-UUID-VERIFY: 5bd645da7b9b9328135f48973193c73c
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 8540c3f7-044f-42b8-8d31-51d7467791a3
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From MemCache
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=3
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Upstream
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC15718INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 06 22 00 00 04 d3 08 03 00 00 00 cf ad df 1c 00 00 02 fd 50 4c 54 45 00 00 00 10 11 14 0b 12 18 06 17 29 f4 f4 f4 fa fa fa f8 f8 f8 fb fb fb fe fe fe fd fd fd db dc dd ea ea eb c2 c5 c7 d2 d3 d5 ca cc ce e3 e4 e4 ff ff ff ff ff ff ff ff ff e7 ed f8 ff ff ff d2 c9 d8 ff ff ff ff ff ff f2 f2 f2 a8 d3 f2 b7 d9 f3 cb e2 f2 b4 d7 e7 f3 f3 f3 c9 ca cb e1 e1 e2 db d5 d9 ec f2 fe f5 f5 f5 ff ff ff ed f3 ff e8 ef fe f5 f5 fe fa f5 f9 00 9c ff e6 f0 ff e3 ec f9 e0 ee fe de e9 f9 e5 eb ff c1 d6 fa a9 d8 f7 c8 cf f7 dd eb fd d0 cf f1 d8 e9 fa e3 cc df d1 e6 f9 d9 cf e9 d5 cb ef ea df fc d3 e9 fa b1 e2 f9 e8 e7 fe ca d4 f5 f9 c7 c8 f1 d5 fb a8 d5 f6 f4 c8 c9 b2 d8 fb be d4 fc d1 ca f3 b5 da fd e5 e3 fe f6 c4 cd df
                                                                                                                                                                                                                        Data Ascii: PNGIHDR"PLTE)
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: c5 29 12 22 52 81 10 34 16 86 8b b0 38 f4 59 04 e3 ea 15 89 6a f9 f6 46 26 d3 bc 5a 4a 53 a6 a1 9f 77 4d 65 54 9d 5d c9 83 bb f6 7a 09 17 41 da e3 57 75 a5 9a 8a 3a 54 1b 62 22 96 46 82 38 f5 61 2f 14 bf ee 52 51 b1 31 11 63 4c 4d f3 83 36 82 5d b1 bb 08 14 01 17 01 d0 88 67 98 07 e5 3e 98 50 32 8e ea a5 06 55 f0 3e 38 b7 8c 1d 50 05 91 c2 e3 34 78 08 96 98 fa 10 1b 91 00 ed 33 7e 61 44 42 54 f4 92 b6 9c c4 1a f5 a2 69 f2 b1 7e 2d 62 ff 5d 28 f4 c2 55 b0 44 f0 96 e9 8d d9 15 60 35 a0 f8 36 66 c1 db 98 08 31 2e 42 8d 92 4a 72 8b 6c 95 b0 0e 68 43 d3 05 27 6a 3d 8f 38 28 e6 24 82 c4 57 fb aa ad 2b 10 31 0c 34 88 05 16 42 21 e0 1f 2e fd 52 44 9f 3d 50 a6 7f 40 28 50 06 c2 cf 70 13 8e 94 93 f7 02 1f 11 1c 2e 82 5b 11 5e 62 89 03 fc 0c 76 c3 3d 4c 17 01 b0 13
                                                                                                                                                                                                                        Data Ascii: )"R48YjF&ZJSwMeT]zAWu:Tb"F8a/RQ1cLM6]g>P2U>8P4x3~aDBTi~-b](UD`56f1.BJrlhC'j=8($W+14B!.RD=P@(Pp.[^bv=L
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: ad 71 1f e9 7f fc 8f 7f 0e f7 dc 1b 29 61 73 a1 55 32 22 e1 a4 0b 81 74 90 c2 98 51 3b 65 c1 1c 60 dc 68 72 95 01 44 6a 65 53 85 7a 3b 32 22 0e f8 c3 ed c7 c0 a7 8a 70 13 bb 21 0c 12 b2 c9 d7 07 4d 9d 09 20 87 58 55 a7 67 ad 55 44 e3 87 a9 22 46 f7 bd 13 ec 90 02 83 22 de 8b 88 68 5c 30 98 e0 08 f0 03 29 78 fe fc 4d 88 2c 74 85 cb ce 19 c4 c8 8a 82 b9 41 c1 9b a1 88 1f de ba 5f f8 9f 23 4c 11 ff e3 7f fc 8b 21 8e c0 1e f2 e2 8b 7e 4e c9 f6 3e 9b 90 85 0c 1c c7 b7 5e f7 b8 c7 4b 06 5b a8 72 80 13 e0 81 6c 24 11 2f 3c 9d 93 77 03 7f cb 87 fc f6 e3 ea c5 19 13 de 4b af b5 8a 48 82 06 ba 90 c0 69 e9 9b 6a f8 35 43 78 4a 8d 8a 50 3d ec 08 34 2a ec 2c b1 41 71 41 ff 7f bf 58 42 f1 7b 2f fe 18 87 1d 04 8b 0b 15 69 c4 10 77 fd cf 10 ff 53 c4 4f ec 9d cd ee 4d 41
                                                                                                                                                                                                                        Data Ascii: q)asU2"tQ;e`hrDjeSz;2"p!M XUgUD"F"h\0)xM,tA_#L!~N>^K[rl$/<wKHij5CxJP=4*,AqAXB{/iwSOMA
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: 60 04 03 5d 84 44 25 84 ab 56 cd c9 2e 57 ab 85 b0 8f bd aa 46 56 89 b0 f9 60 97 ab cb ce 81 29 87 b5 06 16 70 92 05 88 09 ad 03 3a 26 b1 11 39 18 68 1e 4c 8e 8e 20 d8 00 28 d0 ca 07 96 98 51 82 09 45 03 83 d4 23 74 f0 15 ad 47 08 1d ec a7 21 f4 20 93 0d 00 09 3a 71 69 24 2e 82 d5 88 bf de da da df 5a 7b eb ec d2 1c 2c c4 e2 d9 b7 de 07 31 7e 7a a9 ef e8 90 17 94 11 11 46 f3 e5 97 3a 3e 8f 83 4f f8 8d c8 9f 8f 22 6c 34 05 8d 20 c0 52 90 23 a2 11 36 80 0d 55 75 3e 0c 83 76 e8 d3 45 04 21 92 4a 10 79 91 5f 20 a2 52 f3 eb 55 bb 58 0d 44 40 bd 31 22 4e ba 80 08 51 3c 9d a4 49 9a b5 90 92 00 f0 0b 89 29 57 63 82 a5 88 b1 9c e6 1b 4d 53 d8 7f 82 4b 30 2b a0 48 53 0e bd c6 30 22 38 f4 9a e0 2f 72 44 30 b0 46 5d 72 11 09 de 8f 2e c2 a8 55 4c dc a1 6a e6 2e 22 1d
                                                                                                                                                                                                                        Data Ascii: `]D%V.WFV`)p:&9hL (QE#tG! :qi$.Z{,1~zF:>O"l4 R#6Uu>vE!Jy_ RUXD@1"NQ<I)WcMSK0+HS0"8/rD0F]r.ULj."
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: f8 70 35 88 b8 dc 6e 10 5f 5c 84 b7 33 71 be da 52 e6 a8 df ba b4 f2 42 93 5b 16 d7 6f 88 13 d4 25 7a 3c d0 f6 d1 0c 09 5f 06 2e 95 85 88 84 06 2f 32 35 44 d8 45 10 7e b0 d0 54 6f 69 4a a4 48 5a df 19 6b 9a a7 ca 45 d0 ce 52 89 60 f4 65 68 42 5d a2 76 cb c8 00 0f 8e ce 14 cc 80 f6 c0 98 66 56 04 17 62 10 c3 41 74 19 16 62 86 c4 64 1b c1 08 91 e7 f4 87 b4 38 11 88 58 d5 46 0c 44 0c fd db 7a 6a 44 c8 49 00 08 e9 4a bf ed 35 f6 33 7d c2 45 a8 5c ad df a5 16 21 d3 20 9d 6f 67 ab b9 91 49 b0 f0 89 08 e3 a2 99 8a 8d 95 16 9a ac 60 84 a6 6c 23 e4 22 b4 da 14 84 20 b2 d2 04 21 2c 08 91 5d 04 43 ad 12 b5 ea 76 34 22 d5 22 32 27 dc 41 44 a6 44 2e 5c 93 30 ad a1 00 e1 34 f0 40 44 45 2d 62 6a f5 07 66 28 11 54 20 2b 35 75 2d 3a 4f 51 8b 88 e7 ae 38 01 13 82 3e b0 20
                                                                                                                                                                                                                        Data Ascii: p5n_\3qRB[o%z<_./25DE~ToiJHZkER`ehB]vfVbAtbd8XFDzjDIJ53}E\! ogI`l#" !,]Cv4""2'ADD.\04@DE-bjf(T +5u-:OQ8>
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: 5f ed a9 45 18 b9 bb aa 37 4a 60 70 65 b9 60 30 a1 3b 3e a9 2a d6 84 00 89 a1 07 10 18 c1 14 a3 fc 04 51 41 40 98 91 98 a8 b2 75 df c0 d4 ca fa 0a 33 c5 d4 79 19 23 06 34 93 bf f0 32 45 36 28 73 01 e1 5f d1 a4 42 83 59 60 74 84 cd 6c 66 51 6a 11 2e 4c 36 0b 7f 53 ad 76 11 01 13 11 25 ef 7f f8 e1 e9 f0 fa 89 27 2e 2f df 7b f7 f4 c3 0f bf b9 f9 e1 db 40 04 a4 af 25 69 14 06 18 a3 36 7a 8b 0a 83 76 c4 24 82 59 69 05 d2 56 33 4d 0d 22 1a ed 49 86 06 44 04 37 45 20 41 24 22 fa 42 84 71 08 44 c2 18 17 f0 80 c7 e3 d2 45 80 11 c0 03 a8 80 b4 77 76 c6 c9 25 92 e2 6c 84 e9 a6 e9 18 84 c0 17 7a 3b be 98 54 b5 88 43 76 8a 7c d8 b0 bd 5a c5 08 a2 a1 3c c2 0f 32 94 70 45 13 c1 e0 dd 5e 4d 40 f0 92 c4 85 ad df 5d ed 6e 8b 60 aa b0 07 48 d8 5c 7f dd ef ba 08 6b 21 ea a9
                                                                                                                                                                                                                        Data Ascii: _E7J`pe`0;>*QA@u3y#42E6(s_BY`tlfQj.L6Sv%'./{@%i6zv$YiV3M"ID7E A$"BqDEwv%lz;TCv|Z<2pE^M@]n`H\k!
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: 21 3e 68 8a 9a 09 0e 3a 05 d1 b1 0f 1a 58 3a 17 52 12 14 ac 77 53 b9 08 05 99 e7 42 c7 50 74 65 f6 81 75 c8 45 0c da 40 bd 79 7b 4c 04 6c c4 a7 2d 13 b1 38 88 8f a7 9c 23 c0 72 13 1e 5b dc 73 47 13 50 41 13 71 2f 32 62 fb fa b1 08 11 82 ad b5 d2 44 09 14 72 11 a8 c9 c7 bc 3e b3 92 87 e0 e8 5d 44 ac d7 5e 37 b7 56 17 91 5e 6a 4a b9 88 d5 c9 b0 93 b6 10 16 43 de 3a 68 c8 44 03 f3 0f 48 63 77 72 0b 5c 5d 42 c7 5c 45 da 33 d8 fd b2 0f 71 74 f2 ce 01 03 8a 45 ec 64 22 9a 20 73 08 50 34 1e 8f 31 6a 78 0a a3 6e 1a 5c c4 a0 4d 56 3d ba 45 2a 5a 2b 4d 0b bc 6a 77 3e 9f e1 e1 c6 63 d0 21 be 5f b1 ef b9 88 dd a6 b4 95 7a 12 38 01 a1 37 0a 91 0e f6 c2 39 f5 66 23 dc 63 5e 7b 66 21 3c 25 d2 9b 5e 9f 60 20 46 38 1b 81 60 7d 56 c2 bf 97 74 75 44 08 14 37 4b 5b 5c 13 81
                                                                                                                                                                                                                        Data Ascii: !>h:X:RwSBPteuE@y{Ll-8#r[sGPAq/2bDr>]D^7V^jJC:hDHcwr\]B\E3qtEd" sP41jxn\MV=E*Z+Mjw>c!_z879f#c^{f!<%^` F8`}VtuD7K[\
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: 0c d8 28 83 a9 35 16 80 42 0e 18 58 e6 5c 84 e5 04 33 11 1f 49 9f 9f 8b 70 bf 3a 92 02 04 14 8c 46 7e 12 26 89 ef 47 fb fb 5f 25 7b 6b 46 d8 69 82 36 7b 71 2f 92 be e5 38 ad 8e 14 1d a2 41 d4 af 3a 95 7e 1c 6e e3 2f 8a 92 30 12 85 fe cd 40 44 ed bd c3 7b ad bd 93 93 b0 d7 3f ed ee 9d 5f 5e 96 88 28 75 6d aa e9 ef 09 91 12 f0 10 d2 70 4b 93 f0 81 a5 88 65 58 08 9c 9e ab bd 83 93 11 82 08 03 08 e9 a6 e1 0e 0e ed 22 2c 12 94 8b c0 62 16 4a 4c 7f a3 49 df bf c1 40 2d 00 13 aa 2c 6e 4d 84 72 11 ea 1d 57 cc 6a 8d d9 da 06 30 81 95 08 2c 9e 06 12 f7 ec 82 47 a8 33 a8 90 4e 16 a0 73 10 0e 88 26 fb 58 e2 c7 d2 cd 9a 26 c2 5a 07 64 8a 0e 66 42 8e 69 11 b5 88 56 1c b4 c7 3a 12 44 f8 89 e9 e1 c9 de de de 3e 10 b1 41 44 38 6e ab d1 ec bb 95 cd a6 63 5e 29 6a ec b4 aa
                                                                                                                                                                                                                        Data Ascii: (5BX\3Ip:F~&G_%{kFi6{q/8A:~n/0@D{?_^(umpKeX",bJLI@-,nMrWj0,G3Ns&X&ZdfBiV:D>AD8nc^)j
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: a1 ea d0 6d cc c6 87 c4 4a 30 32 44 52 75 e4 61 22 de 0e f7 10 7e 82 7f f8 af 2e 34 fd 0f ea d5 9d a2 a2 6b 2d ec 68 62 0b bd ba 68 f4 10 09 27 d2 8f 92 0a 13 1c 6c 94 6d 79 95 92 4b 99 dc 46 68 6e bd a9 c9 cb d5 d1 d8 cd 44 5c b5 04 20 06 23 d3 c3 6a 11 0c 94 99 86 a8 39 10 15 1c d0 cb e6 22 f8 a6 f6 0e c8 19 f1 20 48 b0 29 f1 67 1e 9c 5e 6e aa 4a 60 30 10 05 b5 b9 d8 4a c8 80 10 65 6b 10 20 e8 10 56 02 81 3f d1 41 44 24 2b 98 da c6 a6 17 5a b3 a1 b8 88 a2 a2 ff 5a 72 11 10 02 6d c4 d3 8b 4e 2e 30 ae a7 94 d8 88 1d 4d 04 04 95 2d 45 a4 9c 10 1f 34 14 5b 5f 01 ae 3c 10 e1 a7 e7 d4 56 af 30 28 ad 5d 84 03 22 24 42 50 7a 59 03 02 51 5d 15 07 74 2d 36 29 44 63 b0 c7 db 74 11 e4 02 67 45 db c4 84 50 a3 40 78 a8 66 e6 48 11 7f 2f 3a a0 2b 08 0f 52 75 b2 3a 0a
                                                                                                                                                                                                                        Data Ascii: mJ02DRua"~.4k-hbh'lmyKFhnD\ #j9" H)g^nJ`0Jek V?AD$+ZZrmN.0M-E4[_<V0(]"$BPzYQ]t-6)DctgEP@xfH/:+Ru:
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC16384INData Raw: 76 e7 06 31 c1 69 e3 b7 a6 29 02 07 f7 14 6d ea 68 10 f0 60 fb 5c 85 06 47 07 eb 08 1a 8c 81 00 08 46 22 22 74 0f 2b ed 68 0a bf 4b 7a d1 94 4c 9a 74 a6 35 7e 19 78 ec 78 f5 f5 4b 32 80 09 c8 38 09 13 92 b8 e0 af f1 d3 50 b6 3a 28 54 b9 8e b9 88 a0 4c 4d ad f9 68 35 9a a5 6c ee 70 b5 af 45 30 28 8e ca 76 34 f1 04 04 23 1a 31 81 1c 7c 20 2d 04 07 74 22 21 f8 70 10 9e 46 f5 30 47 e4 e6 8d f0 3c 04 d1 20 ff 80 67 74 50 62 70 11 0a de 3f 08 0e 12 1f 15 6d 12 22 d4 c6 77 34 59 35 42 fd 3c 5c ef 3d 21 62 d2 45 92 bf e9 35 cc 3c 1f a2 ba 92 46 c2 df be 11 a9 44 30 18 20 34 ad 72 19 f8 b8 8b 60 64 66 6d 4d f7 bd 7a 36 b8 ef 56 33 f3 2e 42 68 60 ae e6 45 a7 c0 b0 31 e0 40 36 62 30 0e 9c d4 e0 1f 10 55 8b c0 17 e8 80 05 76 9e a0 93 87 88 e2 41 5e 42 80 f0 7c d0 61
                                                                                                                                                                                                                        Data Ascii: v1i)mh`\GF""t+hKzLt5~xxK28P:(TLMh5lpE0(v4#1| -t"!pF0G< gtPbp?m"w4Y5B<\=!bE5<FD0 4r`dfmMz6V3.Bh`E1@6b0UvA^B|a


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        289192.168.2.750022203.205.137.1394437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC381OUTGET //im.qq.com_new/7bce6d6d/asset/favicon.ico HTTP/1.1
                                                                                                                                                                                                                        Host: qq-web.cdn-go.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC553INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Server: NWSs
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:16 GMT
                                                                                                                                                                                                                        Content-Type: image/vnd.microsoft.icon
                                                                                                                                                                                                                        Content-Length: 25393
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Expires: Sun, 17 Mar 2024 07:52:15 GMT
                                                                                                                                                                                                                        Last-Modified: Wed, 08 Feb 2023 09:21:48 GMT
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 4b56c924-6273-4b77-90bb-f0757d3052d9
                                                                                                                                                                                                                        Vary: Origin
                                                                                                                                                                                                                        Is-Immutable-In-The-Future: true
                                                                                                                                                                                                                        Timing-Allow-Origin: *
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Disktank3
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-Daa-Tunnel: hop_count=1
                                                                                                                                                                                                                        X-Cache-Lookup: Hit From Inner Cluster
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC15831INData Raw: 00 00 01 00 01 00 00 00 00 00 01 00 20 00 1b 63 00 00 16 00 00 00 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 01 00 08 06 00 00 00 5c 72 a8 66 00 00 62 e2 49 44 41 54 78 da ed bd 49 6f 1d d9 b6 e7 f7 db 3b 9a d3 77 ec 49 49 a9 54 de 6c de 7d b7 5e 95 e1 66 e4 99 5d 9f a0 6c d8 b0 bf 82 01 0f dd a0 0a 30 3c 30 50 b0 87 f6 c0 23 0f ec 81 81 42 19 e5 81 3d 2a c0 80 01 c3 70 01 f5 ea be 77 f3 de 9b 52 2a a5 54 aa a1 d8 f3 f4 6d 44 6c 0f 56 ec 88 38 14 29 92 4a 91 3c 24 e3 0f 04 4f 9c 86 a7 89 88 f5 df ab 5f 90 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 c8 91 23 47 8e 1c 39 72 e4 58 6c a8 9b fe 02 39 3e 0a 75 ca a6 e3 4d 7d 64
                                                                                                                                                                                                                        Data Ascii: cPNGIHDR\rfbIDATxIo;wIITl}^f]l0<0P#B=*pwR*TmDlV8)J<$O_#G9r#G9r#G9r#G9r#G9r#G9r#G9rXl9>uM}d
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC9562INData Raw: b1 fb 67 7d c0 42 2c 26 37 06 4b d4 d6 69 bb 60 8e 5b db 2e ac 86 2c 74 b6 ca 75 21 4e da 22 68 00 65 52 02 f8 35 e9 92 86 79 dd 5b f1 09 62 68 2f 9a 93 b5 e5 a7 5e 4c f1 1c 7b 55 f0 65 22 4f ad 86 6e 36 92 76 dd b8 76 50 68 fc 67 ee f6 e4 3e 67 af e4 d9 d1 63 41 ac 01 54 2b 32 60 d3 f7 e5 73 b4 75 80 2d c4 75 75 ed b0 ab ff 74 3a 4d 9c b6 9f 40 00 67 d9 58 bf e6 c0 da 12 61 db 28 a4 83 68 01 0b 71 a2 6e 9a 00 ac 06 60 4d 80 5f 13 2a 09 11 b5 2a 24 f5 c4 7e 52 ec d5 aa 93 61 18 ce a9 93 26 f3 66 4a 6b 8c e7 a3 ab 15 cc d2 12 7a 6b 13 67 38 04 c7 45 77 3a 62 12 c4 23 ae 8c 35 0f a2 50 da 76 47 46 48 e2 c4 ad b1 f7 ed 4c 3f 3b f8 c3 ce ca d3 4e 32 9e 4c 37 ea e8 f5 35 54 a3 81 2a 16 65 ee 9e d6 0b d7 b9 fc ba 10 86 21 d3 e9 94 d1 68 c4 64 32 f9 14 c7 ad 41
                                                                                                                                                                                                                        Data Ascii: g}B,&7Ki`[.,tu!N"heR5y[bh/^L{Ue"On6vvPhg>gcAT+2`su-uut:M@gXa(hqn`M_**$~Ra&fJkzkg8Ew:b#5PvGFHL?;N2L75T*e!hd2A


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        290192.168.2.750024129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:16 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069935674&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:17 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:17 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:17 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        291192.168.2.750023180.95.234.2494437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:17 UTC610OUTGET /qzone/qzact/act/external/tiqq/logo.png HTTP/1.1
                                                                                                                                                                                                                        Host: qzonestyle.gtimg.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                                                                                                                        sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                        Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                        Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: image
                                                                                                                                                                                                                        Referer: https://im.qq.com/
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:18 UTC716INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Last-Modified: Mon, 22 Jan 2024 04:49:09 GMT
                                                                                                                                                                                                                        Content-Type: image/webp
                                                                                                                                                                                                                        X-DataSrc: 1
                                                                                                                                                                                                                        Cache-Control: max-age=2592000
                                                                                                                                                                                                                        Age: 1202588
                                                                                                                                                                                                                        Content-Length: 8284
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 4502011706735034090
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Server: Lego Server
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:18 GMT
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Access-Control-Expose-Headers: x-client-proto-ver
                                                                                                                                                                                                                        alt-svc: quic=":443";ma=86400;v="39,38,37,36,35"
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Client-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Server-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Upstream-IP
                                                                                                                                                                                                                        X-Client-Ip: 191.96.227.222
                                                                                                                                                                                                                        X-Server-IP: 180.95.234.249_eth0
                                                                                                                                                                                                                        X-Upstream-IP: $upstream_server
                                                                                                                                                                                                                        X-Real-Ip: 191.96.227.222
                                                                                                                                                                                                                        Vary: Origin, Accept
                                                                                                                                                                                                                        2024-02-16 07:52:18 UTC8284INData Raw: 52 49 46 46 54 20 00 00 57 45 42 50 56 50 38 20 48 20 00 00 b0 73 00 9d 01 2a f0 00 f0 00 3e 19 0a 84 41 a1 05 1e 31 5d 04 00 61 2c 6d dc 2e aa 21 02 a3 fd 07 65 35 87 ea ff 8d ff 94 bf 2d b5 e7 ea 3f 76 bf 68 7f c5 f2 2b 94 4f 5d 3d aa fc a7 e6 5f fa 6f 82 7e a3 ff 2d 7f c1 f7 00 fd 15 fe 9f fd 97 f6 9b fb 57 ff ff 9a ff f0 1e d4 3f 69 7d 42 ff 32 fe cd ff 47 fc 47 be 97 e0 07 bb 2f f4 1f b1 9f a0 1f 20 1f dc ff bc 7a 60 fb 0c 7f 59 ff 61 ec 01 fc 6b fb 37 a6 27 ed 87 c2 c7 f5 bf f3 7f f7 7f c2 fb 3e 7f bb fc ff ef ec e9 57 ea c7 f7 3e d1 bf b5 7e 45 f9 df f8 af ca 7f 51 fe d3 fb 11 fd c3 f6 a7 9f 8f 58 f9 8f fc 6f eb 47 d9 ff b6 7f 82 ff 39 fd ff f7 53 e4 ff f5 be 2c fc 58 fe b3 f2 73 e0 17 f1 8f e5 bf db 7f b6 7f 72 ff 3b fd 97 f7 2f 93 e7 59 f3 08 f5
                                                                                                                                                                                                                        Data Ascii: RIFFT WEBPVP8 H s*>A1]a,m.!e5-?vh+O]=_o~-W?i}B2GG/ z`Yak7'>W>~EQXoG9S,Xsr;/Y


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        292192.168.2.750025129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:19 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069938667&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:20 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:20 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:20 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        293192.168.2.75002661.241.148.2294437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:20 UTC381OUTGET /qzone/qzact/act/external/tiqq/logo.png HTTP/1.1
                                                                                                                                                                                                                        Host: qzonestyle.gtimg.cn
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                        2024-02-16 07:52:20 UTC744INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Type: image/png
                                                                                                                                                                                                                        X-DataSrc: 9
                                                                                                                                                                                                                        X-ReqGue: 0
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Server: Lego Server
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:20 GMT
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Hit
                                                                                                                                                                                                                        Last-Modified: Thu, 23 Feb 2023 12:32:27 GMT
                                                                                                                                                                                                                        Cache-Control: max-age=0
                                                                                                                                                                                                                        Age: 0
                                                                                                                                                                                                                        Content-Length: 1710
                                                                                                                                                                                                                        X-NWS-LOG-UUID: 2311106480841783675
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        X-Cache-Lookup: Cache Miss
                                                                                                                                                                                                                        Access-Control-Expose-Headers: x-client-proto-ver
                                                                                                                                                                                                                        alt-svc: quic=":443";ma=86400;v="39,38,37,36,35"
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Client-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Server-Ip
                                                                                                                                                                                                                        Access-Control-Expose-Headers: X-Upstream-IP
                                                                                                                                                                                                                        X-Client-Ip: 191.96.227.222
                                                                                                                                                                                                                        X-Server-IP: 61.241.148.229_eth0
                                                                                                                                                                                                                        X-Upstream-IP: $upstream_server
                                                                                                                                                                                                                        X-Real-Ip: 191.96.227.222
                                                                                                                                                                                                                        Vary: Origin, Accept
                                                                                                                                                                                                                        2024-02-16 07:52:20 UTC1710INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 3e 00 00 00 3e 08 03 00 00 00 44 1f 58 76 00 00 02 07 50 4c 54 45 ff ff ff 00 00 00 e8 1f 1f fa ae 08 e7 16 16 ff b5 08 fd fd fd ff b2 08 04 02 02 f2 20 20 ff fe fc ed 20 20 06 06 06 eb 1f 1f 0c 0c 0c 09 09 09 fb af 08 f4 f4 f4 e2 e2 e2 9b 9b 9b 81 81 81 ef 20 20 11 11 11 0e 0e 0e fd b1 08 24 24 24 f7 f7 f7 ff fb f1 c4 c4 c4 f7 ab ab 4d 4d 4d fb bd 34 45 31 02 38 27 02 20 16 01 ed ed ed eb eb eb dd dd dd db db db bb bb bb b0 b0 b0 f2 7a 7a 78 78 78 f1 73 73 59 59 59 ff fd f8 ff fc f4 df df df 6f 6f 6f 54 54 54 3c 3c 3c 2e 2e 2e fa b8 25 20 20 20 df 1e 1e e8 1a 1a 18 18 18 15 15 15 a3 72 07 fa fa fa d1 d1 d1 b6 b6 b6 98 98 98 94 94 94 6a 6a 6a 62 62 62 57 57 57 43 43 43 36 36 36 e4 e4 e4 d7 d7 d7 ca
                                                                                                                                                                                                                        Data Ascii: PNGIHDR>>DXvPLTE $$$MMM4E18' zzxxxssYYYoooTTT<<<...% rjjjbbbWWWCCC666


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        294192.168.2.750027129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:22 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069941673&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:23 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:23 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:23 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        295192.168.2.750028129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:25 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069944665&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:26 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:26 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:26 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        296192.168.2.750029129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:28 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069947677&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:29 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:29 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:29 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        297192.168.2.750032129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:32 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069950679&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:32 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:32 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:32 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        298192.168.2.750033129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:35 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069953699&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:35 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:35 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:35 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        299192.168.2.750035129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:38 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069956719&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:38 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:38 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:38 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        300192.168.2.750036129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:41 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069959715&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:41 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:41 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:41 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        301192.168.2.750037129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:44 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069962714&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:44 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:44 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:44 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        302192.168.2.750038129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:47 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069966106&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:48 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:47 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:48 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        303192.168.2.750039129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:50 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069968739&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:50 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:50 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:50 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        304192.168.2.750040129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:53 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069971755&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:53 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:53 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:53 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        305192.168.2.750041129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:56 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069974766&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:56 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:56 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:56 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        306192.168.2.750042129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:52:59 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069977771&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:52:59 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:52:59 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:52:59 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        307192.168.2.750043129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:02 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069980791&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:02 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:02 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:02 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        308192.168.2.750044142.250.80.784437832C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:03 UTC449OUTGET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000A83DEAB4AE HTTP/1.1
                                                                                                                                                                                                                        Host: clients1.google.com
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                        2024-02-16 07:53:03 UTC817INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-VslnWAefAdkFus4kSTUYPA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                                                                                                                        Content-Security-Policy: script-src 'report-sample' 'nonce-jk5skTf_A1Owgpa_w1sQUA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1
                                                                                                                                                                                                                        Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                        Content-Length: 220
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:03 GMT
                                                                                                                                                                                                                        Expires: Fri, 16 Feb 2024 07:53:03 GMT
                                                                                                                                                                                                                        Cache-Control: private, max-age=0
                                                                                                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                        Server: GSE
                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        2024-02-16 07:53:03 UTC220INData Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 37 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 37 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 37 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 39 37 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 39 37 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 39 37 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 38 39 64 63 30 38 66 37 0a
                                                                                                                                                                                                                        Data Ascii: rlzC1: 1C1ONGR_enUS1097rlzC2: 1C2ONGR_enUS1097rlzC7: 1C7ONGR_enUS1097dcc: set_dcc: C1:1C1ONGR_enUS1097,C2:1C2ONGR_enUS1097,C7:1C7ONGR_enUS1097events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: 89dc08f7


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        309192.168.2.750045129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:05 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069983802&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:05 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:05 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:05 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        310192.168.2.750046129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:08 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069986807&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:08 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:08 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:08 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        311192.168.2.750048129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:11 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069989816&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:11 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:11 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:11 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        312192.168.2.750049129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:14 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069992816&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:14 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:14 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:14 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        313192.168.2.750050129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:17 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069995819&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:17 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:17 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:17 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        314192.168.2.750051129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:20 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708069998824&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:20 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:20 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:20 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        315192.168.2.750052129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:23 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708070001825&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:23 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:23 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:23 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        316192.168.2.750053129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:26 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708070004829&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:26 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:26 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:26 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 36 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e6 9c aa e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('66','0','','0','', '')


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                        317192.168.2.750054129.226.107.1344432960C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                        2024-02-16 07:53:29 UTC1224OUTGET /ptqrlogin?u1=http%3A%2F%2Fcf.qq.com%2Fact%2Fa20130607zc%2Findex.htm&ptqrtoken=532982231&ptredirect=1&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=0-0-1708070007827&js_ver=23111510&js_type=1&login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ&pt_uistyle=40&aid=21000124&daid=8&&o1vId=&pt_js_version=v1.48.1 HTTP/1.1
                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                        Referer: https://ui.ptlogin2.qq.com/cgi-bin/login?appid=21000124&f_url=loginerroralert&s_url=http%3A//cf.qq.com/act/a20130607zc/index.htm&no_verifyimg=1&qlogin_jumpname=jump&daid=8&qlogin_param=u1%3Dhttp%3A//cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                                                                        Host: ssl.ptlogin2.qq.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Cookie: pt_login_sig=mgGuZNZRD1XW3zpa8sMkMlKDBTN2Icfn48KLgX8rE1bxNOXMyejY-jNy-ww2S7gQ; pt_clientip=9641bf60e3def13a; pt_serverip=be0d7f000001db6b; pt_local_token=0.2604508956610375; qrsig=e90ad9e9afb2c0bcdffe493ed91684328433e2280adf3197e14599d5ad5827bf6b4ca4765a3b7b4c5325b0afe9b5942e0cd78ccef1147f2193a19eaa71a39e28; _qpsvr_localtk=0.6974370274355943
                                                                                                                                                                                                                        2024-02-16 07:53:29 UTC297INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Fri, 16 Feb 2024 07:53:29 GMT
                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                        Content-Length: 51
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                        Expires: -1
                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                        Server: Tencent Login Server/2.0.0
                                                                                                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                        2024-02-16 07:53:29 UTC51INData Raw: 70 74 75 69 43 42 28 27 36 35 27 2c 27 30 27 2c 27 27 2c 27 30 27 2c 27 e4 ba 8c e7 bb b4 e7 a0 81 e5 b7 b2 e5 a4 b1 e6 95 88 e3 80 82 27 2c 20 27 27 29
                                                                                                                                                                                                                        Data Ascii: ptuiCB('65','0','','0','', '')


                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                        Start time:08:51:09
                                                                                                                                                                                                                        Start date:16/02/2024
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.Evo-gen.10682.26428.exe
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:475'136 bytes
                                                                                                                                                                                                                        MD5 hash:095CB2EF9C61816F0F00562532B04E54
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                        Start time:10:49:34
                                                                                                                                                                                                                        Start date:16/02/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://txz.qq.com/p?k=zf9HFO9edW8NQ5ZR*h8OHbclJ87PJCpe&f=21000124
                                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                        Start time:10:49:34
                                                                                                                                                                                                                        Start date:16/02/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1752,i,6384267855548143656,6449548652770198848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                        Start time:10:50:06
                                                                                                                                                                                                                        Start date:16/02/2024
                                                                                                                                                                                                                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3032 --field-trial-handle=1752,i,6384267855548143656,6449548652770198848,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                                                        Imagebase:0x7ff6c4390000
                                                                                                                                                                                                                        File size:3'242'272 bytes
                                                                                                                                                                                                                        MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                          Execution Coverage:1.9%
                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                          Signature Coverage:17.6%
                                                                                                                                                                                                                          Total number of Nodes:1025
                                                                                                                                                                                                                          Total number of Limit Nodes:48
                                                                                                                                                                                                                          execution_graph 74310 4880e9 HeapCreate 74311 488109 74310->74311 74312 48813f 74310->74312 74322 487fa1 50 API calls _wctomb_s 74311->74322 74314 48810e 74315 488118 74314->74315 74317 488125 74314->74317 74323 48bb75 HeapAlloc 74315->74323 74318 488142 74317->74318 74324 48c6bc 5 API calls ctype 74317->74324 74320 488122 74320->74318 74321 488133 HeapDestroy 74320->74321 74321->74312 74322->74314 74323->74320 74324->74320 75144 433160 75145 493ebc ctype 22 API calls 75144->75145 75147 43317e 75145->75147 75146 4331aa 75147->75146 75148 42bd90 32 API calls 75147->75148 75149 4331d0 75148->75149 75150 4331d4 75149->75150 75151 433214 GetStockObject LoadCursorA 75149->75151 75152 49680b 35 API calls 75151->75152 75153 43325c 75152->75153 75154 496126 32 API calls 75153->75154 75155 433266 75154->75155 75268 43a780 75274 43a797 75268->75274 75269 43a7a4 PeekMessageA 75269->75274 75270 43a8b5 75271 43a7cd IsWindow 75271->75274 75272 43a8a1 PeekMessageA 75272->75274 75273 42bac0 7 API calls 75273->75274 75274->75269 75274->75270 75274->75271 75274->75272 75274->75273 74852 442f40 74855 45f1a0 GetProcessHeap 74852->74855 74856 45f215 GetModuleFileNameA 74855->74856 74857 45f203 OleInitialize 74855->74857 74912 4849a7 74856->74912 74857->74856 74859 45f237 74860 45f240 74859->74860 74861 45f25b 74859->74861 74862 494304 ctype 28 API calls 74860->74862 74918 494106 28 API calls ctype 74861->74918 74864 45f257 74862->74864 74865 494304 ctype 28 API calls 74864->74865 74866 45f27a SetCurrentDirectoryA 74865->74866 74867 45f29d 74866->74867 74868 45f2d1 LoadCursorA GetStockObject 74867->74868 74869 49680b 35 API calls 74868->74869 74870 45f308 74869->74870 74871 496126 32 API calls 74870->74871 74872 45f319 GetCurrentThreadId 74871->74872 74873 45f357 74872->74873 74874 45f32e 74872->74874 74894 45f3ac 74873->74894 74921 42b940 7 API calls 74873->74921 74919 42b4a0 7 API calls 74874->74919 74876 45f342 74920 42b4a0 7 API calls 74876->74920 74878 45f471 74880 442f4d 74878->74880 74887 494783 23 API calls 74878->74887 74881 45f37d 74922 42b940 7 API calls 74881->74922 74884 45f458 74926 42b940 7 API calls 74884->74926 74885 45f38b 74923 42b940 7 API calls 74885->74923 74891 45f49d 74887->74891 74889 45f39b 74924 42b940 7 API calls 74889->74924 74927 49b1a0 22 API calls 2 library calls 74891->74927 74893 45f4e0 74928 4379f0 39 API calls ctype 74893->74928 74894->74878 74925 42b940 7 API calls 74894->74925 74896 45f4f3 74929 49b27c 25 API calls 2 library calls 74896->74929 74898 45f50c 74930 49ba84 32 API calls 2 library calls 74898->74930 74900 45f518 74931 4947c1 23 API calls 74900->74931 74903 45f63e 74933 42b410 GetProcessHeap HeapFree 74903->74933 74905 45f646 74934 437930 57 API calls ctype 74905->74934 74907 45f65c 74935 42b410 GetProcessHeap HeapFree 74907->74935 74909 45f6bc 74936 42b410 GetProcessHeap HeapFree 74909->74936 74911 45f520 74932 436fb0 7 API calls 74911->74932 74913 4849c4 74912->74913 74915 4849b5 74912->74915 74937 48a894 22 API calls 2 library calls 74913->74937 74915->74859 74916 4849cc 74938 48a8f5 LeaveCriticalSection 74916->74938 74918->74864 74919->74876 74920->74873 74921->74881 74922->74885 74923->74889 74924->74894 74925->74884 74926->74878 74927->74893 74928->74896 74929->74898 74930->74900 74931->74911 74932->74903 74933->74905 74934->74907 74935->74909 74936->74880 74937->74916 74938->74915 75275 442f81 75278 442f60 75275->75278 75281 43ae00 75278->75281 75280 442f71 75282 43aec3 75281->75282 75283 43ae2b 75281->75283 75284 43b15c 75282->75284 75287 43aef1 75282->75287 75357 483628 6 API calls _wctomb_s 75282->75357 75285 43ae4a 75283->75285 75286 43ae53 GetProcAddress 75283->75286 75284->75280 75353 483628 6 API calls _wctomb_s 75285->75353 75291 43ae73 75286->75291 75292 43aea6 75286->75292 75301 43af1c _wctomb_s 75287->75301 75304 43b02f 75287->75304 75354 444340 58 API calls ctype 75291->75354 75356 43ade0 28 API calls ctype 75292->75356 75295 43aead 75295->75280 75296 43b034 LoadLibraryA 75298 43b044 GetProcAddress 75296->75298 75296->75304 75297 43ae83 75355 43b1d0 121 API calls ctype 75297->75355 75298->75304 75300 43ae95 75305 49417b ctype 25 API calls 75300->75305 75302 43affa LoadLibraryA 75301->75302 75306 43af70 75301->75306 75307 43af48 75301->75307 75303 43b08a 75302->75303 75309 43b007 GetProcAddress 75302->75309 75303->75284 75311 43b0a6 75303->75311 75312 43b09f FreeLibrary 75303->75312 75304->75296 75304->75303 75308 43b076 FreeLibrary 75304->75308 75305->75292 75343 494410 75306->75343 75310 494410 31 API calls 75307->75310 75308->75304 75309->75303 75314 43b017 75309->75314 75315 43af54 LoadLibraryA 75310->75315 75320 43b0b7 75311->75320 75321 43b10a 75311->75321 75312->75311 75314->75303 75317 49417b ctype 25 API calls 75315->75317 75319 43af64 75317->75319 75318 494410 31 API calls 75322 43af9a LoadLibraryA 75318->75322 75319->75306 75319->75309 75358 444340 58 API calls ctype 75320->75358 75360 444340 58 API calls ctype 75321->75360 75325 49417b ctype 25 API calls 75322->75325 75328 43afaa 75325->75328 75326 43b11e 75361 43b1d0 121 API calls ctype 75326->75361 75327 43b0cc 75359 43b1d0 121 API calls ctype 75327->75359 75331 49417b ctype 25 API calls 75328->75331 75334 43afbb 75331->75334 75332 43b135 75335 49417b ctype 25 API calls 75332->75335 75333 43b0e3 75336 49417b ctype 25 API calls 75333->75336 75334->75309 75337 43aff2 75334->75337 75340 494410 31 API calls 75334->75340 75338 43b146 75335->75338 75339 43b0f4 75336->75339 75337->75302 75337->75309 75338->75280 75339->75280 75341 43afe2 LoadLibraryA 75340->75341 75342 49417b ctype 25 API calls 75341->75342 75342->75337 75344 49441a __EH_prolog 75343->75344 75345 494439 lstrlenA 75344->75345 75346 494435 75344->75346 75345->75346 75362 49436c 75346->75362 75348 494457 75349 493ef0 29 API calls 75348->75349 75350 494463 75349->75350 75351 49417b ctype 25 API calls 75350->75351 75352 43af86 75351->75352 75352->75318 75353->75286 75354->75297 75355->75300 75356->75295 75357->75287 75358->75327 75359->75333 75360->75326 75361->75332 75363 494380 75362->75363 75364 494386 ctype 75362->75364 75365 493fe8 ctype 24 API calls 75363->75365 75364->75348 75365->75364 74939 472740 74940 493ebc ctype 22 API calls 74939->74940 74941 472763 74940->74941 74942 4727a5 74941->74942 74949 4716f0 32 API calls ctype 74941->74949 74944 4727a1 74944->74942 74950 471a80 GetStockObject LoadCursorA 74944->74950 74946 472807 74946->74942 74947 472895 VariantClear 74946->74947 74960 471d40 74946->74960 74949->74944 74951 49680b 35 API calls 74950->74951 74952 471ad2 74951->74952 74953 496126 32 API calls 74952->74953 74954 471adc 74953->74954 74955 471ae0 74954->74955 74976 47c49f 74954->74976 74955->74946 74959 471b29 74959->74946 74961 4941e9 60 API calls 74960->74961 74962 471d6c 74961->74962 75087 4a04d5 MultiByteToWideChar SysAllocStringLen 74962->75087 74964 471db6 75091 47a84d 74964->75091 74965 471d7b 74965->74964 74966 471da1 lstrlenA 74965->74966 74967 471da8 74965->74967 74966->74967 75100 47b003 32 API calls ctype 74967->75100 74971 47a84d 6 API calls 74972 471ddd 74971->74972 74973 471df4 6 API calls 74972->74973 74974 49417b ctype 25 API calls 74973->74974 74975 471e4a 74974->74975 74975->74947 74977 47c4a8 74976->74977 74980 47c4b7 74976->74980 74978 49e254 ctype 7 API calls 74977->74978 74978->74980 74979 49dc37 ctype 28 API calls 74981 471af0 GetClientRect 74979->74981 74980->74979 74982 47b71c CopyRect 74981->74982 74985 47b77a 74982->74985 74986 47b788 74985->74986 74990 47b775 74985->74990 74991 47b7c3 74986->74991 74990->74959 74992 47b7cd __EH_prolog 74991->74992 74993 49dc37 ctype 28 API calls 74992->74993 74997 47b7ea 74992->74997 74993->74997 74994 47b78f 74994->74990 74999 47ba32 74994->74999 74995 47b826 GetParent 75007 495bca 51 API calls ctype 74995->75007 74997->74994 74997->74995 74998 47b841 GetWindowLongA 74997->74998 74998->74994 74998->74997 75000 47ba3c __EH_prolog 74999->75000 75001 49dc37 ctype 28 API calls 75000->75001 75002 47ba55 75001->75002 75005 47ba80 75002->75005 75008 47d2f9 75002->75008 75005->74990 75007->74997 75009 47d303 __EH_prolog 75008->75009 75010 49da05 21 API calls 75009->75010 75011 47d321 75010->75011 75012 47d32e 75011->75012 75031 49f1ed 75011->75031 75016 47baa9 75012->75016 75049 47d7f3 75012->75049 75016->75005 75030 493b3d 22 API calls ctype 75016->75030 75017 49ac70 51 API calls 75018 47d371 75017->75018 75071 49cfed 9 API calls 75018->75071 75020 47d3c3 75072 47d251 71 API calls 2 library calls 75020->75072 75021 47d38f 75023 49ace2 ctype 52 API calls 75021->75023 75023->75020 75024 47d465 75025 47d494 OffsetRect 75024->75025 75028 47d485 ctype 75024->75028 75026 47d4b2 75025->75026 75027 47d4cb OffsetRect 75026->75027 75026->75028 75027->75028 75028->75016 75073 47df55 51 API calls 75028->75073 75030->75005 75032 49f1f7 __EH_prolog 75031->75032 75033 49da05 21 API calls 75032->75033 75034 49f1ff 75033->75034 75035 49dc37 ctype 28 API calls 75034->75035 75036 49f206 75035->75036 75037 49f216 OleInitialize 75036->75037 75043 49f20d 75036->75043 75038 49f22b 75037->75038 75039 49f221 75037->75039 75075 49900f 75038->75075 75074 49f28a 33 API calls 75039->75074 75043->75012 75044 493ebc ctype 22 API calls 75045 49f24f 75044->75045 75046 49900f 28 API calls 75045->75046 75047 49f271 75046->75047 75080 49f392 CoRegisterMessageFilter 75047->75080 75050 47d7fd __EH_prolog 75049->75050 75081 47d5c5 75050->75081 75052 47d821 75053 47d958 75052->75053 75054 47d902 75052->75054 75055 47d350 75052->75055 75053->75055 75056 47d974 CreateILockBytesOnHGlobal 75053->75056 75057 47d9d2 75053->75057 75054->75055 75085 49b1a0 22 API calls 2 library calls 75054->75085 75055->75016 75055->75017 75055->75020 75056->75055 75059 47d98f StgCreateDocfileOnILockBytes 75056->75059 75057->75055 75058 47d9db GlobalAlloc 75057->75058 75062 47da15 75058->75062 75063 47d9f4 GlobalLock 75058->75063 75059->75055 75062->75055 75066 47da27 CreateILockBytesOnHGlobal 75062->75066 75063->75062 75064 47d9ff GlobalUnlock 75063->75064 75064->75062 75065 47d925 75086 49b27c 25 API calls 2 library calls 75065->75086 75066->75055 75069 47da3d StgOpenStorageOnILockBytes 75066->75069 75070 47da59 75069->75070 75070->75055 75071->75021 75072->75024 75073->75016 75074->75043 75076 49dc5d ctype 28 API calls 75075->75076 75077 499014 75076->75077 75078 49dc37 ctype 28 API calls 75077->75078 75079 499020 75077->75079 75078->75079 75079->75043 75079->75044 75080->75043 75082 47d5d2 CoGetClassObject 75081->75082 75083 47d60a CoGetClassObject 75081->75083 75084 47d5f1 75082->75084 75083->75084 75084->75052 75085->75065 75086->75055 75088 4a0502 75087->75088 75089 4a0507 MultiByteToWideChar 75087->75089 75101 491a7e RaiseException ctype 75088->75101 75089->74965 75092 47a865 75091->75092 75093 471dc6 75091->75093 75094 47a87d lstrlenA 75092->75094 75095 47a86d lstrlenA SysAllocStringByteLen 75092->75095 75093->74971 75102 484010 75094->75102 75098 47a8b0 75095->75098 75097 47a893 MultiByteToWideChar SysAllocString 75097->75098 75098->75093 75103 491a7e RaiseException ctype 75098->75103 75100->74964 75102->75097 75366 499581 KiUserCallbackDispatcher 75367 499598 75366->75367 75368 4995bb 75366->75368 75367->75368 75369 4995ad TranslateMessage DispatchMessageA 75367->75369 75369->75368 74722 495ea2 74723 49e1bf ctype 21 API calls 74722->74723 74724 495eb7 74723->74724 74725 495ec0 CallNextHookEx 74724->74725 74726 495ed7 74724->74726 74740 49608f 74725->74740 74727 49dc37 ctype 28 API calls 74726->74727 74728 495ee7 74727->74728 74729 495fff CallNextHookEx 74728->74729 74730 495f5c 74728->74730 74731 495f10 GetClassLongA 74728->74731 74729->74740 74741 496082 UnhookWindowsHookEx 74729->74741 74734 49600d GetWindowLongA 74730->74734 74735 495f64 74730->74735 74731->74729 74732 495f24 74731->74732 74738 495f48 lstrcmpiA 74732->74738 74739 495f31 GlobalGetAtomNameA 74732->74739 74734->74729 74737 49601d GetPropA 74734->74737 74755 495c0f 51 API calls ctype 74735->74755 74737->74729 74742 496030 SetPropA GetPropA 74737->74742 74738->74729 74738->74730 74739->74738 74741->74740 74742->74729 74743 496044 GlobalAddAtomA 74742->74743 74744 496059 74743->74744 74745 49605e SetWindowLongA 74743->74745 74744->74745 74745->74729 74746 495fea 74747 495fef SetWindowLongA 74746->74747 74747->74729 74748 495f6c 74748->74746 74749 4959ff 110 API calls 74748->74749 74750 495faf 74749->74750 74750->74746 74751 495fb6 74750->74751 74752 495fbb GetWindowLongA 74751->74752 74753 495fd8 74752->74753 74753->74729 74754 495fdc SetWindowLongA 74753->74754 74754->74729 74755->74748 75203 4911e2 75206 49a2ab 75203->75206 75207 49900f 28 API calls 75206->75207 75208 49a2b6 75207->75208 75209 49dc37 ctype 28 API calls 75208->75209 75210 49a2bd 75209->75210 75217 49eac7 SetErrorMode SetErrorMode 75210->75217 75214 4911f7 75215 49a2f2 75228 4a10b1 53 API calls 2 library calls 75215->75228 75216 493fe8 24 API calls 75216->75215 75218 49dc37 ctype 28 API calls 75217->75218 75219 49eade 75218->75219 75220 49dc37 ctype 28 API calls 75219->75220 75221 49eaed 75220->75221 75222 49eb13 75221->75222 75229 49eb2a 75221->75229 75224 49dc37 ctype 28 API calls 75222->75224 75225 49eb18 75224->75225 75226 49a2d5 75225->75226 75248 499024 75225->75248 75226->75215 75226->75216 75228->75214 75230 49dc37 ctype 28 API calls 75229->75230 75231 49eb3d GetModuleFileNameA 75230->75231 75232 4849a7 22 API calls 75231->75232 75233 49eb6f 75232->75233 75259 49ec47 lstrlenA lstrcpynA 75233->75259 75235 49eba1 75238 49ebdb 75235->75238 75260 499b91 75235->75260 75236 49eb8b 75236->75235 75264 4866c2 22 API calls _wctomb_s 75236->75264 75239 49ebf3 lstrcpyA 75238->75239 75240 49ec0e 75238->75240 75266 4866c2 22 API calls _wctomb_s 75239->75266 75243 49ec1d lstrcatA 75240->75243 75244 49ec3b 75240->75244 75267 4866c2 22 API calls _wctomb_s 75243->75267 75244->75222 75249 49dc37 ctype 28 API calls 75248->75249 75250 499029 75249->75250 75251 49da05 21 API calls 75250->75251 75258 499081 75250->75258 75252 499035 GetCurrentThreadId SetWindowsHookExA 75251->75252 75253 49e254 ctype 7 API calls 75252->75253 75254 49905f 75253->75254 75255 49906c 75254->75255 75256 49dc37 ctype 28 API calls 75254->75256 75257 49e1bf ctype 21 API calls 75255->75257 75256->75255 75257->75258 75258->75226 75259->75236 75261 49dc37 ctype 28 API calls 75260->75261 75262 499b97 LoadStringA 75261->75262 75263 499bb2 75262->75263 75265 4866c2 22 API calls _wctomb_s 75263->75265 75264->75235 75265->75238 75266->75240 75267->75244 74325 438aed 74328 443010 74325->74328 74327 438af9 74333 43cbd0 74328->74333 74330 443048 74330->74327 74331 44303f 74331->74330 74345 472e50 74331->74345 74334 43cbe5 74333->74334 74344 43cc9f 74333->74344 74335 43cc00 74334->74335 74338 43cc17 74334->74338 74351 43b1d0 121 API calls ctype 74335->74351 74337 43cc0d 74337->74331 74339 43cc44 74338->74339 74342 43cc5b 74338->74342 74352 43b1d0 121 API calls ctype 74339->74352 74341 43cc51 74341->74331 74342->74344 74353 43b1d0 121 API calls ctype 74342->74353 74344->74331 74346 472e5c 74345->74346 74354 4733c0 74346->74354 74348 472e78 74457 473a00 GetProcessHeap HeapFree 74348->74457 74350 472ea9 74350->74330 74351->74337 74352->74341 74353->74344 74355 4733f9 74354->74355 74356 4737d8 74354->74356 74355->74356 74458 494783 74355->74458 74356->74348 74360 473434 74469 49164e 74360->74469 74367 4734a5 74368 49417b ctype 25 API calls 74367->74368 74370 4734b1 74368->74370 74372 49417b ctype 25 API calls 74370->74372 74374 4734bd 74372->74374 74373 473503 InternetConnectA 74375 47352b 74373->74375 74376 473578 74373->74376 74377 49417b ctype 25 API calls 74374->74377 74379 49417b ctype 25 API calls 74375->74379 74502 473330 74376->74502 74380 4734c9 74377->74380 74383 473537 74379->74383 74381 49417b ctype 25 API calls 74380->74381 74384 4734d5 74381->74384 74382 473580 74385 49164e 30 API calls 74382->74385 74386 49417b ctype 25 API calls 74383->74386 74387 49417b ctype 25 API calls 74384->74387 74388 473591 74385->74388 74389 473543 74386->74389 74390 4734e1 74387->74390 74505 4942b4 74388->74505 74392 49417b ctype 25 API calls 74389->74392 74513 4947c1 23 API calls 74390->74513 74395 47354f 74392->74395 74398 49417b ctype 25 API calls 74395->74398 74396 4734ed 74396->74348 74397 49417b ctype 25 API calls 74399 4735aa HttpOpenRequestA 74397->74399 74400 47355b 74398->74400 74402 4735dc 74399->74402 74403 473629 HttpSendRequestA 74399->74403 74401 49417b ctype 25 API calls 74400->74401 74404 473567 74401->74404 74407 49417b ctype 25 API calls 74402->74407 74405 47364b 74403->74405 74406 47369a HttpQueryInfoA 74403->74406 74514 4947c1 23 API calls 74404->74514 74410 49417b ctype 25 API calls 74405->74410 74409 4736bb 74406->74409 74418 4736c7 74406->74418 74411 4735e8 74407->74411 74517 48359d 6 API calls _wctomb_s 74409->74517 74415 473657 74410->74415 74412 49417b ctype 25 API calls 74411->74412 74416 4735f4 74412->74416 74413 473573 74420 4737c2 74413->74420 74421 4737bb InternetCloseHandle 74413->74421 74417 49417b ctype 25 API calls 74415->74417 74419 49417b ctype 25 API calls 74416->74419 74422 473663 74417->74422 74518 473820 7 API calls 74418->74518 74425 473600 74419->74425 74420->74348 74421->74420 74423 49417b ctype 25 API calls 74422->74423 74426 47366f 74423->74426 74427 49417b ctype 25 API calls 74425->74427 74428 49417b ctype 25 API calls 74426->74428 74430 47360c 74427->74430 74431 47367b 74428->74431 74429 473709 74519 473a00 GetProcessHeap HeapFree 74429->74519 74434 49417b ctype 25 API calls 74430->74434 74435 49417b ctype 25 API calls 74431->74435 74432 473760 InternetReadFile 74432->74429 74436 473703 74432->74436 74438 473618 74434->74438 74439 473687 74435->74439 74436->74429 74436->74432 74520 473a90 7 API calls 74436->74520 74437 47371c 74440 49417b ctype 25 API calls 74437->74440 74515 4947c1 23 API calls 74438->74515 74516 4947c1 23 API calls 74439->74516 74444 473728 74440->74444 74447 49417b ctype 25 API calls 74444->74447 74445 473624 74445->74413 74449 4737b0 InternetCloseHandle 74445->74449 74446 473693 74446->74445 74448 473734 74447->74448 74450 49417b ctype 25 API calls 74448->74450 74449->74413 74451 473740 74450->74451 74452 49417b ctype 25 API calls 74451->74452 74453 47374c 74452->74453 74454 49417b ctype 25 API calls 74453->74454 74455 473758 74454->74455 74521 4947c1 23 API calls 74455->74521 74457->74350 74522 494799 GetLastError 74458->74522 74460 473413 74461 4941e9 74460->74461 74462 4941fd 74461->74462 74468 494210 ctype 74461->74468 74463 494212 lstrlenA 74462->74463 74464 494207 74462->74464 74466 49421f 74463->74466 74463->74468 74525 499b0d 59 API calls ctype 74464->74525 74526 493fe8 74466->74526 74468->74360 74542 48582f 74469->74542 74471 491664 74549 4915d6 74471->74549 74474 49417b 74475 49418b InterlockedDecrement 74474->74475 74476 473451 74474->74476 74475->74476 74477 494199 74475->74477 74479 49d344 74476->74479 74583 49406a 24 API calls ctype 74477->74583 74480 473477 74479->74480 74481 49d361 ctype 74479->74481 74480->74367 74499 4732a0 74480->74499 74584 4945ab 27 API calls ctype 74481->74584 74483 49d38c 74585 4945ab 27 API calls ctype 74483->74585 74485 49d3a3 74586 4945ab 27 API calls ctype 74485->74586 74487 49d3ba 74587 4945ab 27 API calls ctype 74487->74587 74489 49d3c9 74588 49d210 26 API calls ctype 74489->74588 74491 49d3df 74589 4945fa 28 API calls 74491->74589 74493 49d3ed 74590 4945fa 28 API calls 74493->74590 74495 49d3f6 74591 4945fa 28 API calls 74495->74591 74497 49d3ff 74592 4945fa 28 API calls 74497->74592 74500 4732d8 74499->74500 74501 4732a8 InternetOpenA 74499->74501 74500->74367 74500->74373 74501->74500 74503 473346 InternetSetOptionA InternetSetOptionA InternetSetOptionA 74502->74503 74503->74382 74506 4942c4 74505->74506 74512 47359e 74505->74512 74507 4942db 74506->74507 74508 4942e8 74506->74508 74510 494287 ctype 27 API calls 74507->74510 74593 4940b2 25 API calls ctype 74508->74593 74510->74512 74511 4942ef InterlockedIncrement 74511->74512 74512->74397 74513->74396 74514->74413 74515->74445 74516->74446 74517->74418 74518->74436 74519->74437 74520->74436 74521->74446 74523 49e1bf ctype 21 API calls 74522->74523 74524 4947b2 SetLastError 74523->74524 74524->74460 74525->74468 74528 493ffd 74526->74528 74529 493ff4 74526->74529 74527 494005 74533 47ce5d 74527->74533 74528->74527 74531 494044 74528->74531 74529->74468 74532 493ebc ctype 22 API calls 74531->74532 74532->74529 74540 485704 74533->74540 74535 47ce67 EnterCriticalSection 74536 47ceb6 LeaveCriticalSection 74535->74536 74537 47ce85 74535->74537 74536->74529 74541 4939a5 22 API calls ctype 74537->74541 74539 47ce97 74539->74536 74540->74535 74541->74539 74543 48583a 74542->74543 74544 48584b 74542->74544 74543->74471 74560 48a894 22 API calls 2 library calls 74544->74560 74547 4858b5 74547->74471 74548 485854 74561 48a8f5 LeaveCriticalSection 74548->74561 74550 4915e0 __EH_prolog 74549->74550 74551 491603 74550->74551 74552 4915f5 74550->74552 74567 4941a5 24 API calls ctype 74551->74567 74562 493ef0 74552->74562 74555 491621 74557 493ef0 29 API calls 74555->74557 74556 473449 74556->74474 74558 49162d 74557->74558 74559 49417b ctype 25 API calls 74558->74559 74559->74556 74560->74548 74561->74547 74563 493f0d 74562->74563 74564 493eff InterlockedIncrement 74562->74564 74568 494304 74563->74568 74566 493f1d 74564->74566 74566->74556 74567->74555 74569 494310 74568->74569 74570 494314 lstrlenA 74568->74570 74573 494287 74569->74573 74570->74569 74572 494324 74572->74566 74576 494152 74573->74576 74575 494295 ctype 74575->74572 74577 494162 74576->74577 74578 494176 74577->74578 74582 4940b2 25 API calls ctype 74577->74582 74578->74575 74580 49416e 74581 493fe8 ctype 24 API calls 74580->74581 74581->74578 74582->74580 74583->74476 74584->74483 74585->74485 74586->74487 74587->74489 74588->74491 74589->74493 74590->74495 74591->74497 74592->74480 74593->74511 74263 498606 74264 49860d ShowWindow 74263->74264 74265 49861c 74263->74265 74264->74265 74266 495e26 74267 49e254 ctype 7 API calls 74266->74267 74270 495e3a 74267->74270 74268 495e84 74272 495e88 74268->74272 74273 495cc7 74268->74273 74270->74268 74300 4979a1 7 API calls 74270->74300 74301 485704 74273->74301 74275 495cd1 GetPropA 74276 495db1 74275->74276 74277 495d04 74275->74277 74307 495bca 51 API calls ctype 74276->74307 74279 495d0d 74277->74279 74280 495d90 74277->74280 74283 495d6c SetWindowLongA RemovePropA GlobalFindAtomA GlobalDeleteAtom 74279->74283 74284 495d12 74279->74284 74305 495bca 51 API calls ctype 74280->74305 74282 495db9 74308 495bca 51 API calls ctype 74282->74308 74288 495dcf CallWindowProcA 74283->74288 74287 495d1d 74284->74287 74284->74288 74285 495d96 74306 495989 59 API calls 74285->74306 74302 495bca 51 API calls ctype 74287->74302 74292 495d58 74288->74292 74290 495dc1 74309 495928 57 API calls 74290->74309 74292->74272 74293 495da8 74296 495dcb 74293->74296 74295 495d23 74303 49588c GetWindowRect GetWindowLongA 74295->74303 74296->74288 74296->74292 74298 495d33 CallWindowProcA 74304 4958af 85 API calls 74298->74304 74300->74268 74301->74275 74302->74295 74303->74298 74304->74292 74305->74285 74306->74293 74307->74282 74308->74290 74309->74296 75156 49ed66 75161 49ed70 75156->75161 75158 49ed6b 75169 48462f 28 API calls 75158->75169 75160 49ed84 75162 49ede2 GetVersion 75161->75162 75163 49ee23 GetProcessVersion 75162->75163 75164 49ee35 75162->75164 75163->75164 75170 49a253 KiUserCallbackDispatcher GetSystemMetrics 75164->75170 75166 49ee3c 75177 49a20f 7 API calls 75166->75177 75168 49ee46 LoadCursorA LoadCursorA 75168->75158 75169->75160 75171 49a279 75170->75171 75172 49a272 75170->75172 75179 49edc0 GetSystemMetrics GetSystemMetrics 75171->75179 75178 49ed90 GetSystemMetrics GetSystemMetrics 75172->75178 75175 49a277 75176 49a27e GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 75175->75176 75176->75166 75177->75168 75178->75175 75179->75176 74594 42c6f0 74595 493ebc ctype 22 API calls 74594->74595 74596 42c712 74595->74596 74597 42c754 74596->74597 74625 42bd90 74596->74625 74599 42c750 74599->74597 74634 42bf00 74599->74634 74604 496126 32 API calls 74605 42c885 74604->74605 74605->74597 74643 42ca20 74605->74643 74608 42c8b2 SendMessageA 74609 42c8d1 SendMessageA 74608->74609 74613 42c8e3 74608->74613 74609->74613 74611 42c9cf SendMessageA SendMessageA 74678 42be80 GetWindowLongA SetWindowLongA SetWindowPos 74611->74678 74613->74611 74675 49801f 40 API calls ctype 74613->74675 74614 42ca03 74616 42c91b 74617 496126 32 API calls 74616->74617 74619 42c94c 74617->74619 74618 42c950 74618->74611 74619->74618 74620 42c98c SendMessageA 74619->74620 74621 42c9c2 74620->74621 74622 42c9b9 74620->74622 74677 42e9b0 59 API calls 74621->74677 74676 498648 EnableWindow 74622->74676 74627 42bdb1 74625->74627 74626 42be5d 74626->74599 74627->74626 74679 49b1a0 22 API calls 2 library calls 74627->74679 74629 42be0c 74680 49b27c 25 API calls 2 library calls 74629->74680 74631 42be33 74681 49ba84 32 API calls 2 library calls 74631->74681 74633 42be47 74633->74599 74635 42bf13 CreateSolidBrush 74634->74635 74636 42bf0b GetSysColor 74634->74636 74637 49af18 74635->74637 74636->74635 74638 49af28 74637->74638 74639 42c84a 74637->74639 74682 49ae91 50 API calls 2 library calls 74638->74682 74639->74604 74641 49af2f 74683 493b3d 22 API calls ctype 74641->74683 74644 42ca56 74643->74644 74645 42ca4a 74643->74645 74684 49ac70 74644->74684 74645->74644 74697 49af6f 51 API calls 74645->74697 74648 42ca97 74700 49a530 53 API calls 74648->74700 74651 42caa2 GetTextExtentPoint32A GetSystemMetrics 74653 42cae2 74651->74653 74654 42caec GetWindowRect 74651->74654 74701 49a56c 52 API calls 74653->74701 74657 42cb02 74654->74657 74658 42cb2e 74654->74658 74655 42ca80 74655->74648 74661 42ca87 74655->74661 74657->74658 74664 4985b7 SetWindowPos 74657->74664 74659 42cb32 74658->74659 74660 42cb40 GetStockObject 74658->74660 74662 42cb51 SendMessageA 74659->74662 74660->74662 74699 49a56c 52 API calls 74661->74699 74665 42cb74 74662->74665 74666 42cb5e 74662->74666 74664->74658 74691 49ace2 74665->74691 74668 4985b7 SetWindowPos 74666->74668 74667 42ca93 74667->74651 74668->74665 74671 4985b7 74672 4985c1 SetWindowPos 74671->74672 74673 4985e6 74671->74673 74672->74673 74673->74608 74675->74616 74676->74621 74677->74618 74678->74614 74679->74629 74680->74631 74681->74633 74682->74641 74683->74639 74685 49ac7a __EH_prolog 74684->74685 74686 49ac9a GetDC 74685->74686 74687 49a3d8 50 API calls 74686->74687 74688 49acac 74687->74688 74689 42ca62 74688->74689 74702 49b01f RaiseException ctype 74688->74702 74689->74648 74698 42bf40 52 API calls 74689->74698 74692 49acec __EH_prolog 74691->74692 74703 49a40f 74692->74703 74697->74644 74698->74655 74699->74667 74700->74651 74701->74654 74704 49a41a 74703->74704 74705 49a430 ReleaseDC 74703->74705 74714 49a351 50 API calls 2 library calls 74704->74714 74709 49a456 74705->74709 74707 49a421 74707->74705 74715 493b8d 22 API calls ctype 74707->74715 74710 49a460 __EH_prolog 74709->74710 74711 42c895 74710->74711 74712 49a40f ctype 50 API calls 74710->74712 74711->74608 74711->74671 74713 49a479 DeleteDC 74712->74713 74713->74711 74714->74707 74715->74705 74716 433290 74717 43330b 74716->74717 74718 433299 74716->74718 74718->74717 74719 4332d6 KillTimer 74718->74719 74720 4332e5 74718->74720 74719->74720 74720->74717 74721 4332ec SetTimer 74720->74721 74756 43e6b0 74757 493ebc ctype 22 API calls 74756->74757 74758 43e6d6 74757->74758 74759 43e6ee 74758->74759 74818 43fa30 CreateEventA 74758->74818 74761 42bd90 32 API calls 74759->74761 74762 43e700 74759->74762 74763 43e719 74761->74763 74763->74762 74764 43e846 GetSystemMetrics GetSystemMetrics 74763->74764 74765 43e820 74763->74765 74764->74765 74795 43e610 74765->74795 74768 496126 32 API calls 74769 43e931 74768->74769 74770 43e935 74769->74770 74771 43e94b 74769->74771 74770->74762 74772 43e93d DestroyMenu 74770->74772 74804 43ea60 GetWindowLongA SetWindowLongA SetWindowPos GetWindowLongA 74771->74804 74772->74762 74774 43e952 GetWindowRect 74775 43e96f 74774->74775 74776 43e992 74775->74776 74819 498576 MoveWindow 74775->74819 74805 43e4f0 74776->74805 74780 43e9ac GetStockObject 74821 49af03 50 API calls 74780->74821 74783 43e9ba 74784 43e9c1 SendMessageA 74783->74784 74785 43e9be 74783->74785 74786 43e9d9 SetWindowPos 74784->74786 74787 43e9ef 74784->74787 74785->74784 74786->74787 74788 43e9f6 GetSystemMenu 74787->74788 74789 43ea1d 74787->74789 74822 499633 50 API calls ctype 74788->74822 74823 43e430 70 API calls 74789->74823 74792 43ea08 74792->74789 74794 43ea0c DeleteMenu 74792->74794 74793 43ea23 74793->74762 74794->74789 74796 49dc37 ctype 28 API calls 74795->74796 74797 43e61b GetClassInfoA 74796->74797 74799 43e642 LoadCursorA GetStockObject 74797->74799 74800 43e69f 74797->74800 74824 49676a 32 API calls 2 library calls 74799->74824 74800->74768 74802 43e695 74802->74800 74825 49b01f RaiseException ctype 74802->74825 74804->74774 74806 43e504 74805->74806 74826 4443e0 74806->74826 74808 43e51d 74809 4443e0 58 API calls 74808->74809 74815 43e52a 74809->74815 74810 43e582 SendMessageA SendMessageA 74811 43e5bf 74810->74811 74812 43e5bc DestroyCursor 74810->74812 74813 43e5c9 DestroyCursor 74811->74813 74814 43e5cc 74811->74814 74812->74811 74813->74814 74814->74780 74820 43ff30 73 API calls ctype 74814->74820 74815->74810 74816 43e578 74815->74816 74842 43b970 74815->74842 74816->74810 74818->74759 74819->74776 74820->74780 74821->74783 74822->74792 74823->74793 74824->74802 74827 4444bc 74826->74827 74828 444409 74826->74828 74827->74808 74828->74827 74846 44ad00 48 API calls ctype 74828->74846 74830 444442 74831 444448 74830->74831 74832 4444ab 74830->74832 74834 444460 DestroyCursor 74831->74834 74835 44446a 74831->74835 74850 49ba84 32 API calls 2 library calls 74832->74850 74834->74835 74836 444477 74835->74836 74847 493ee5 22 API calls ctype 74835->74847 74848 493ee5 22 API calls ctype 74836->74848 74839 444483 74849 49ba84 32 API calls 2 library calls 74839->74849 74841 444497 74841->74808 74843 43b99f 74842->74843 74844 43b984 GetModuleHandleA 74842->74844 74843->74816 74851 444aa0 LoadImageA LoadImageA 74844->74851 74846->74830 74847->74836 74848->74839 74849->74841 74850->74827 74851->74843 75104 43bd50 75105 43bd5e 75104->75105 75106 49900f 28 API calls 75105->75106 75107 43bd68 75105->75107 75108 43bd79 75106->75108 75108->75107 75109 495bf1 50 API calls 75108->75109 75110 43bdb6 SendMessageA 75108->75110 75111 43bdd9 GetParent 75108->75111 75109->75108 75110->75108 75111->75107 75111->75108 75112 441750 75113 495b31 23 API calls 75112->75113 75116 44175e 75113->75116 75114 4418a1 IsWindow 75115 4418b2 KiUserCallbackDispatcher IsWindow 75114->75115 75129 4419ac 75114->75129 75121 4418c7 75115->75121 75115->75129 75116->75114 75117 441799 GetParent 75116->75117 75116->75129 75139 495bca 51 API calls ctype 75117->75139 75118 441922 75122 44196b IsWindow 75118->75122 75120 4417a6 75120->75114 75140 49862d IsWindowEnabled 75120->75140 75121->75118 75123 441917 IsWindow 75121->75123 75124 441978 75122->75124 75122->75129 75123->75118 75123->75129 75126 441986 GetFocus 75124->75126 75124->75129 75127 441992 IsWindow 75126->75127 75126->75129 75128 44199d IsChild 75127->75128 75127->75129 75128->75129 75130 441837 IsWindow 75134 4417c1 75130->75134 75131 441855 GetParent 75141 495bca 51 API calls ctype 75131->75141 75133 441866 IsWindowVisible 75133->75134 75134->75114 75134->75130 75134->75131 75134->75133 75136 441887 SetActiveWindow 75134->75136 75142 49862d IsWindowEnabled 75134->75142 75143 495bca 51 API calls ctype 75136->75143 75138 441897 75139->75120 75140->75134 75141->75134 75142->75134 75143->75138 74049 479270 74061 493ebc 74049->74061 74051 47928e 74052 4792ba 74051->74052 74065 479da0 74051->74065 74054 4792e0 74055 4792e4 74054->74055 74056 479301 GetStockObject LoadCursorA 74054->74056 74074 49680b 74056->74074 74063 493ec2 74061->74063 74064 493ee0 74063->74064 74094 484317 74063->74094 74064->74051 74067 479dc1 74065->74067 74066 479e6d 74066->74054 74067->74066 74125 49b1a0 22 API calls 2 library calls 74067->74125 74069 479e1c 74126 49b27c 25 API calls 2 library calls 74069->74126 74071 479e43 74127 49ba84 32 API calls 2 library calls 74071->74127 74073 479e57 74073->74054 74128 49da05 74074->74128 74079 49684c wsprintfA 74080 496866 GetClassInfoA 74079->74080 74082 47935e 74080->74082 74083 496876 74080->74083 74081 496837 wsprintfA 74081->74080 74087 496126 74082->74087 74136 49676a 32 API calls 2 library calls 74083->74136 74085 4968ad 74085->74082 74137 49b01f RaiseException ctype 74085->74137 74088 49dc37 ctype 28 API calls 74087->74088 74089 496170 74088->74089 74090 479368 74089->74090 74170 496098 74089->74170 74097 484329 74094->74097 74098 484326 74097->74098 74100 484330 _wctomb_s 74097->74100 74098->74063 74100->74098 74101 484355 74100->74101 74102 484382 74101->74102 74103 4843c5 74101->74103 74109 4843b0 74102->74109 74119 48a894 22 API calls 2 library calls 74102->74119 74103->74109 74110 4843e7 74103->74110 74105 484398 74120 48bf11 5 API calls __startOneArgErrorHandling 74105->74120 74106 484434 RtlAllocateHeap 74108 4843b7 74106->74108 74108->74100 74109->74106 74109->74108 74122 48a894 22 API calls 2 library calls 74110->74122 74111 4843a3 74121 4843bc LeaveCriticalSection _wctomb_s 74111->74121 74114 4843ee 74123 48c9b4 6 API calls 2 library calls 74114->74123 74116 484401 74124 48441b LeaveCriticalSection _wctomb_s 74116->74124 74118 48440e 74118->74108 74118->74109 74119->74105 74120->74111 74121->74109 74122->74114 74123->74116 74124->74118 74125->74069 74126->74071 74127->74073 74138 49e1bf 74128->74138 74131 49dc37 74132 49e1bf ctype 21 API calls 74131->74132 74133 49dc46 74132->74133 74134 496823 74133->74134 74162 49e254 74133->74162 74134->74079 74134->74081 74136->74085 74139 49e1f5 TlsGetValue 74138->74139 74141 49e1c8 74138->74141 74142 49e208 74139->74142 74140 49e1e2 74149 49de58 EnterCriticalSection 74140->74149 74141->74140 74159 49ddbf RaiseException TlsAlloc InitializeCriticalSection ctype 74141->74159 74144 49e21b 74142->74144 74145 496819 74142->74145 74160 49dfc7 8 API calls ctype 74144->74160 74145->74131 74147 49e1f3 74147->74139 74154 49de77 74149->74154 74150 49df48 LeaveCriticalSection 74150->74147 74151 49df33 ctype 74151->74150 74152 49deb1 GlobalAlloc 74155 49dee6 74152->74155 74153 49dec4 GlobalHandle GlobalUnlock GlobalReAlloc 74153->74155 74154->74151 74154->74152 74154->74153 74156 49df0f GlobalLock 74155->74156 74157 49def4 GlobalHandle GlobalLock LeaveCriticalSection 74155->74157 74156->74151 74161 491a7e RaiseException ctype 74157->74161 74159->74140 74160->74145 74163 49e25e __EH_prolog 74162->74163 74164 49e28c 74163->74164 74168 49ef43 6 API calls ctype 74163->74168 74164->74134 74166 49e275 74169 49efb3 LeaveCriticalSection 74166->74169 74168->74166 74169->74164 74171 49e1bf ctype 21 API calls 74170->74171 74172 4960a9 74171->74172 74173 4960dc CreateWindowExA 74172->74173 74174 4960ba GetCurrentThreadId SetWindowsHookExA 74172->74174 74177 4960e4 74173->74177 74174->74173 74175 4960d7 74174->74175 74184 491a7e RaiseException ctype 74175->74184 74178 49e1bf ctype 21 API calls 74177->74178 74179 4960f4 74178->74179 74180 49dc37 ctype 28 API calls 74179->74180 74181 4960fb 74180->74181 74182 496113 74181->74182 74183 496108 UnhookWindowsHookEx 74181->74183 74182->74090 74183->74182 75180 472f30 75181 472f52 75180->75181 75184 473020 75181->75184 75187 4a0e66 75184->75187 75186 472f92 75188 4a0e70 __EH_prolog 75187->75188 75189 49e254 ctype 7 API calls 75188->75189 75190 4a0e88 75189->75190 75191 4a0ebb 75190->75191 75192 4a0e9e WSAStartup 75190->75192 75193 49dc5d ctype 28 API calls 75191->75193 75194 4a0ead 75192->75194 75195 4a0ef0 75192->75195 75196 4a0ec7 75193->75196 75194->75191 75197 4a0eeb WSACleanup 75194->75197 75195->75186 75198 493ebc ctype 22 API calls 75196->75198 75199 4a0ed5 ctype 75196->75199 75197->75195 75198->75199 75200 4a0f09 ctype 75199->75200 75201 493ebc ctype 22 API calls 75199->75201 75200->75195 75202 493ebc ctype 22 API calls 75200->75202 75201->75200 75202->75195 74185 495c76 74186 495c88 74185->74186 74187 495c83 74185->74187 74193 495bf1 74186->74193 74189 495c91 74190 495cac DefWindowProcA 74189->74190 74191 495c9a 74189->74191 74190->74187 74196 4959ff 74191->74196 74206 495b58 74193->74206 74195 495bf8 ctype 74195->74189 74197 495a09 __EH_prolog 74196->74197 74198 49e1bf ctype 21 API calls 74197->74198 74199 495a21 74198->74199 74200 495a7e 74199->74200 74226 49588c GetWindowRect GetWindowLongA 74199->74226 74220 496a2d 74200->74220 74204 495aa7 74204->74187 74207 495b62 __EH_prolog 74206->74207 74214 49dc5d 74207->74214 74209 495b68 ctype 74210 493ebc ctype 22 API calls 74209->74210 74213 495ba6 ctype 74209->74213 74211 495b8a 74210->74211 74211->74213 74219 499cbb 22 API calls 2 library calls 74211->74219 74213->74195 74215 49dc37 ctype 28 API calls 74214->74215 74216 49dc62 74215->74216 74217 49e1bf ctype 21 API calls 74216->74217 74218 49dc73 74217->74218 74218->74209 74219->74213 74228 495b31 74220->74228 74233 479940 74220->74233 74221 496a4f 74222 495a8f 74221->74222 74240 496463 74221->74240 74222->74204 74227 4958af 85 API calls 74222->74227 74226->74200 74227->74204 74229 49e1bf ctype 21 API calls 74228->74229 74230 495b43 74229->74230 74232 496463 2 API calls 74230->74232 74231 495b56 74231->74221 74232->74231 74245 49add8 74233->74245 74237 479979 74253 49ae4a 52 API calls 2 library calls 74237->74253 74239 47998a 74239->74221 74241 496470 74240->74241 74242 496492 CallWindowProcA 74240->74242 74241->74242 74244 49647e DefWindowProcA 74241->74244 74243 4964a5 74242->74243 74243->74222 74244->74243 74246 49ade2 __EH_prolog 74245->74246 74247 49adee BeginPaint 74246->74247 74254 49a3d8 74247->74254 74250 479965 74252 4799d0 69 API calls ctype 74250->74252 74252->74237 74253->74239 74255 49a3e8 74254->74255 74259 49a3e4 74254->74259 74261 49a351 50 API calls 2 library calls 74255->74261 74257 49a3ef 74262 493b3d 22 API calls ctype 74257->74262 74259->74250 74260 49b01f RaiseException ctype 74259->74260 74261->74257 74262->74259

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 004733C0 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 324networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049417B: InterlockedDecrement.KERNEL32(-000000F4), ref: 0049418F
                                                                                                                                                                                                                          • InternetConnectA.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0047351C
                                                                                                                                                                                                                          • InternetCloseHandle.WININET(?), ref: 004737BC
                                                                                                                                                                                                                            • Part of subcall function 00473330: InternetSetOptionA.WININET(00000000,00000026,00000003,0000000C), ref: 0047336E
                                                                                                                                                                                                                            • Part of subcall function 00473330: InternetSetOptionA.WININET(?,0000002B,?,?), ref: 00473380
                                                                                                                                                                                                                            • Part of subcall function 00473330: InternetSetOptionA.WININET(?,0000002C,?,?), ref: 0047338E
                                                                                                                                                                                                                          • HttpOpenRequestA.WININET(00000000,GET,?,HTTP/1.0,00000000,?,84000000,00000000), ref: 004735CD
                                                                                                                                                                                                                          • HttpSendRequestA.WININET(00000000,Accept: */*,?,00000000,00000000), ref: 00473641
                                                                                                                                                                                                                          • InternetCloseHandle.WININET(00000000), ref: 004737B1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$Option$CloseHandleHttpRequest$ConnectDecrementInterlockedOpenSend
                                                                                                                                                                                                                          • String ID: $Accept: */*$GET$HTTP/1.0
                                                                                                                                                                                                                          • API String ID: 2275469768-4025763747
                                                                                                                                                                                                                          • Opcode ID: 4762f8fee7101a6886e30b02c21c1ffd8523c06613a4760d4fb6414aa9b72dbc
                                                                                                                                                                                                                          • Instruction ID: 35c1770a25e9f91410c2f09b93f4dfca71267257ef133d006aba474f7997ba62
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4762f8fee7101a6886e30b02c21c1ffd8523c06613a4760d4fb6414aa9b72dbc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAD180B4800248EADF04DFE5C949EEEBFB4AFA8318F10815EE41563381DB785B45DB66
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043AE00 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 281libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 228 43ae00-43ae25 229 43aec3-43aed2 228->229 230 43ae2b-43ae36 228->230 233 43aed8-43aee8 229->233 234 43b17f-43b190 229->234 231 43ae45-43ae48 230->231 232 43ae38-43ae42 230->232 235 43ae4a-43ae5b call 483628 231->235 236 43ae5d 231->236 232->231 237 43aeea-43aef4 call 483628 233->237 238 43aef9-43af16 call 42bb90 233->238 241 43ae5f-43ae71 GetProcAddress 235->241 236->241 237->238 250 43b02f 238->250 251 43af1c-43af2f call 484680 238->251 245 43ae73-43aea1 call 444340 call 43b1d0 call 49417b 241->245 246 43aea6-43aec0 call 43ade0 241->246 245->246 253 43b034-43b042 LoadLibraryA 250->253 261 43af35-43af46 251->261 262 43affa-43b001 LoadLibraryA 251->262 256 43b044-43b052 GetProcAddress 253->256 257 43b07f-43b088 253->257 264 43b054-43b05f 256->264 265 43b06a-43b074 256->265 257->253 263 43b08a-43b095 257->263 267 43af70-43afbd call 494410 * 2 LoadLibraryA call 49417b * 2 261->267 268 43af48-43af66 call 494410 LoadLibraryA call 49417b 261->268 262->263 272 43b007-43b015 GetProcAddress 262->272 270 43b09b-43b09d 263->270 271 43b15c-43b15e 263->271 264->265 273 43b061-43b067 264->273 265->263 269 43b076-43b07d FreeLibrary 265->269 267->272 306 43afbf-43afd0 267->306 268->272 294 43af6c 268->294 269->257 275 43b0a6-43b0b5 call 42bb90 270->275 276 43b09f-43b0a0 FreeLibrary 270->276 278 43b160-43b16b 271->278 279 43b176-43b17c 271->279 272->263 280 43b017-43b022 272->280 273->265 290 43b0b7-43b107 call 444340 call 43b1d0 call 49417b 275->290 291 43b10a-43b159 call 444340 call 43b1d0 call 49417b 275->291 276->275 278->279 284 43b16d-43b173 278->284 279->234 280->263 285 43b024-43b02d 280->285 284->279 285->263 294->267 309 43aff2-43aff4 306->309 310 43afd2-43afed call 494410 LoadLibraryA call 49417b 306->310 309->272 314 43aff6 309->314 310->309 314->262
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,004CB2A0), ref: 0043AE67
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?,004DBD1C), ref: 0043AF57
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?), ref: 0043AF9D
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?,004DBC18,00000001), ref: 0043AFE5
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00000001), ref: 0043AFFB
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0043B00D
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 0043B0A0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$Load$AddressProc$Free
                                                                                                                                                                                                                          • String ID: T;L
                                                                                                                                                                                                                          • API String ID: 3120990465-3610033661
                                                                                                                                                                                                                          • Opcode ID: d49387b95176f0505dbef8373d7e0b7d8f730fd68df97a4db8b035bfdf869865
                                                                                                                                                                                                                          • Instruction ID: 0ebeeb5ac897a9d231f15d9b64a6ab16ae48f1f621a04b97fb62874fd8743950
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d49387b95176f0505dbef8373d7e0b7d8f730fd68df97a4db8b035bfdf869865
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2A1AF71600701ABC714EF65C881FABB7A8FF99318F044A2EF96597341D738E9058BDA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045F1A0 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 373commemorythreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 363 45f1a0-45f201 GetProcessHeap 364 45f215-45f23e GetModuleFileNameA call 4849a7 363->364 365 45f203-45f20b OleInitialize 363->365 368 45f240-45f259 call 494304 364->368 369 45f25b-45f26e call 494106 364->369 365->364 374 45f26f-45f314 call 494304 SetCurrentDirectoryA call 44dd40 * 3 LoadCursorA GetStockObject call 49680b call 496126 368->374 369->374 386 45f319-45f32c GetCurrentThreadId 374->386 387 45f357-45f35f 386->387 388 45f32e-45f352 call 42b4a0 * 2 386->388 390 45f405-45f40f 387->390 391 45f365-45f3b0 call 42b940 * 4 387->391 388->387 394 45f471-45f477 390->394 395 45f411-45f415 390->395 421 45f3d4-45f3d8 391->421 422 45f3b2-45f3bd 391->422 397 45f6d2-45f6e2 394->397 398 45f47d-45f53f call 42b210 call 494783 call 49b9bf call 49ba47 call 49b1a0 call 4379f0 call 49b304 call 49b27c call 49ba84 call 4947c1 394->398 400 45f417-45f421 395->400 401 45f43f-45f46c call 42b940 * 2 395->401 444 45f545-45f548 398->444 445 45f62c-45f6cd call 436fb0 call 42b410 call 437930 call 42b410 * 2 398->445 405 45f423-45f428 400->405 406 45f43a-45f43d 400->406 401->394 405->406 410 45f42a-45f434 405->410 406->400 406->401 410->406 421->390 426 45f3da-45f3e5 421->426 424 45f3cf-45f3d2 422->424 425 45f3bf-45f3c7 422->425 424->421 424->422 425->424 429 45f3c9-45f3cc 425->429 430 45f3e7-45f3f8 426->430 431 45f400-45f403 426->431 429->424 430->431 433 45f3fa-45f3fd 430->433 431->390 431->426 433->431 447 45f54b-45f557 444->447 445->397 449 45f616-45f626 447->449 450 45f55d 447->450 449->445 449->447 452 45f560-45f577 call 436950 call 437030 450->452 462 45f5b1-45f5ec call 47a730 * 3 452->462 463 45f579-45f59e call 47a730 * 3 452->463 478 45f5ee-45f5f3 462->478 479 45f60a-45f610 462->479 480 45f5a0-45f5a7 463->480 481 45f5a9-45f5af 463->481 482 45f5f5-45f5fc 478->482 483 45f5fe 478->483 479->449 479->452 480->479 481->479 484 45f604-45f608 482->484 483->484 484->478 484->479
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 0045F1C9
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 0045F205
                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0045F223
                                                                                                                                                                                                                          • SetCurrentDirectoryA.KERNEL32(023C5BD0,?), ref: 0045F27D
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 0045F2D8
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 0045F2F9
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0045F319
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Current$CursorDirectoryFileHeapInitializeLoadModuleNameObjectProcessStockThread
                                                                                                                                                                                                                          • String ID: http://cf.qq.com/act/a20130607zc/index.htm
                                                                                                                                                                                                                          • API String ID: 3783217854-880187988
                                                                                                                                                                                                                          • Opcode ID: 8dc5760ea945ca7f0b8837760e96d23d62cc4b59a931d9759ada924ca550938b
                                                                                                                                                                                                                          • Instruction ID: b4504d1d5bf516e28ae009112db1bf1e501c64b1a24bc67f108ea9ea5b127444
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8dc5760ea945ca7f0b8837760e96d23d62cc4b59a931d9759ada924ca550938b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DBE1F170A002159BCB14DF54CC81FEE7BB4FF45309F14417EE905AB292DB38A94ACBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049ED70 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 817 49ed70-49ee21 GetVersion 819 49ee23-49ee32 GetProcessVersion 817->819 820 49ee35-49ee37 call 49a253 817->820 819->820 822 49ee3c-49ee7c call 49a20f LoadCursorA * 2 820->822
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetVersion.KERNEL32(?,?,?,0049ED6B), ref: 0049EDE7
                                                                                                                                                                                                                          • GetProcessVersion.KERNEL32(00000000,?,?,?,0049ED6B), ref: 0049EE24
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F02), ref: 0049EE52
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 0049EE5D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CursorLoadVersion$Process
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2246821583-0
                                                                                                                                                                                                                          • Opcode ID: fa19848ba7c79fe4a8bccfb162acd32d8be282cd832b5fab8679433175103524
                                                                                                                                                                                                                          • Instruction ID: bf6c1c196c322d6507343555e3f4b58bb4b2ba2007872ae0083bb62e481d1d8d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa19848ba7c79fe4a8bccfb162acd32d8be282cd832b5fab8679433175103524
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26114CB1A407508FDB24DF3A888462ABBE5FB487047514D3FE18BC6B91D7B8E4418B94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00495EA2 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 170stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049E1BF: TlsGetValue.KERNEL32(004FB50C,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?,00000100,0043B1CC,0043B1CC), ref: 0049E1FE
                                                                                                                                                                                                                          • CallNextHookEx.USER32(?,00000003,?,?), ref: 00495ECC
                                                                                                                                                                                                                          • GetClassLongA.USER32(?,000000E6), ref: 00495F13
                                                                                                                                                                                                                          • GlobalGetAtomNameA.KERNEL32(?,?,00000005), ref: 00495F3F
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(?,ime), ref: 00495F4E
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000FC), ref: 00495FC1
                                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000FC,00000000), ref: 00495FE2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Long$Window$AtomCallClassGlobalHookNameNextValuelstrcmpi
                                                                                                                                                                                                                          • String ID: AfxOldWndProc423$ime
                                                                                                                                                                                                                          • API String ID: 3731301195-104836986
                                                                                                                                                                                                                          • Opcode ID: 1aaae7cba0a0d9957982813bc66ee8afd115594ec8e6e71b5c075e2792282bdd
                                                                                                                                                                                                                          • Instruction ID: 4a84445419f01dd6e325ae9e4bbac3e07b514cce1dde55d339d396347d99ffb8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1aaae7cba0a0d9957982813bc66ee8afd115594ec8e6e71b5c075e2792282bdd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E451AA71500615ABCF219F60DC48B6B3FA8EF09365F26463AF916A7291C738D944CBA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00441750 Relevance: 19.7, APIs: 13, Instructions: 187windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Parent$ActiveCallbackChildDispatcherEnabledFocusUserVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 416498738-0
                                                                                                                                                                                                                          • Opcode ID: faa777f26d08f7f221387c4e8a03371e434fe381599b33f54cd835b237c9d3c9
                                                                                                                                                                                                                          • Instruction ID: 056ddd673dcd2db6e4cef8824ec76bbbe040e7d668fef6c4208c62b0fe3f0777
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: faa777f26d08f7f221387c4e8a03371e434fe381599b33f54cd835b237c9d3c9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 885193B1A047059BE7249FA5D880A5BFBE8FF44344F14492FF94593321DB38E885CBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00495CC7 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00495CCC
                                                                                                                                                                                                                          • GetPropA.USER32(?,AfxOldWndProc423), ref: 00495CE4
                                                                                                                                                                                                                          • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 00495D42
                                                                                                                                                                                                                            • Part of subcall function 004958AF: GetWindowRect.USER32(?,?), ref: 004958D4
                                                                                                                                                                                                                            • Part of subcall function 004958AF: GetWindow.USER32(?,00000004), ref: 004958F1
                                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000FC,?), ref: 00495D72
                                                                                                                                                                                                                          • RemovePropA.USER32(?,AfxOldWndProc423), ref: 00495D7A
                                                                                                                                                                                                                          • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 00495D81
                                                                                                                                                                                                                          • GlobalDeleteAtom.KERNEL32(00000000), ref: 00495D88
                                                                                                                                                                                                                            • Part of subcall function 0049588C: GetWindowRect.USER32(?,?), ref: 00495898
                                                                                                                                                                                                                          • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 00495DDC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prologLongRemove
                                                                                                                                                                                                                          • String ID: AfxOldWndProc423
                                                                                                                                                                                                                          • API String ID: 2397448395-1060338832
                                                                                                                                                                                                                          • Opcode ID: 46ec9fdcde1d0eb930dda6922b55f3dfb8cce611d9bab1a2a64ce06957ad6d35
                                                                                                                                                                                                                          • Instruction ID: 330660a909fc0498330539ef96410d79e7958e80996a18c4e138ae50f610b26d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46ec9fdcde1d0eb930dda6922b55f3dfb8cce611d9bab1a2a64ce06957ad6d35
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7D316F7280060ABFCF02AFA5DD49EFF7F79EF49311F24412AF511A2151C73989119B69
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049DE58 Relevance: 15.1, APIs: 10, Instructions: 99memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 344 49de58-49de75 EnterCriticalSection 345 49de84-49de89 344->345 346 49de77-49de7e 344->346 348 49de8b-49de8e 345->348 349 49dea6-49deaf 345->349 346->345 347 49df3d-49df40 346->347 350 49df48-49df69 LeaveCriticalSection 347->350 351 49df42-49df45 347->351 352 49de91-49de94 348->352 353 49deb1-49dec2 GlobalAlloc 349->353 354 49dec4-49dee0 GlobalHandle GlobalUnlock GlobalReAlloc 349->354 351->350 355 49de9e-49dea0 352->355 356 49de96-49de9c 352->356 357 49dee6-49def2 353->357 354->357 355->347 355->349 356->352 356->355 358 49df0f-49df3c GlobalLock call 4857c0 357->358 359 49def4-49df0a GlobalHandle GlobalLock LeaveCriticalSection call 491a7e 357->359 358->347 359->358
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(004FB528,004FB4FC,00000100,?,004FB50C,004FB50C,0049E1F3,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?), ref: 0049DE67
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00002002,00000000,00000000,?,004FB50C,004FB50C,0049E1F3,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?), ref: 0049DEBC
                                                                                                                                                                                                                          • GlobalHandle.KERNEL32(008A10D0), ref: 0049DEC5
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,004FB50C,004FB50C,0049E1F3,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?,00000100,0043B1CC), ref: 0049DECE
                                                                                                                                                                                                                          • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 0049DEE0
                                                                                                                                                                                                                          • GlobalHandle.KERNEL32(008A10D0), ref: 0049DEF7
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000,?,004FB50C,004FB50C,0049E1F3,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?,00000100,0043B1CC), ref: 0049DEFE
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(00000000,?,004FB50C,004FB50C,0049E1F3,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?,00000100,0043B1CC), ref: 0049DF04
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(?,?,004FB50C,004FB50C,0049E1F3,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?,00000100,0043B1CC), ref: 0049DF13
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,0043B1CC,0043B1CC), ref: 0049DF5C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2667261700-0
                                                                                                                                                                                                                          • Opcode ID: 03cc84430e29e0f8877c2b2deaa9bed8980e1f027d285c7e42e3c924bf84ac60
                                                                                                                                                                                                                          • Instruction ID: c868cbb7d0b101df7c7fa4dea82395fa46aa0d55c13069ce814a1221cf20c7e1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03cc84430e29e0f8877c2b2deaa9bed8980e1f027d285c7e42e3c924bf84ac60
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D319E726007059FDB20EF28DC89A6ABBE9FB85305B05497EF862C7661E775E8048B14
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042C6F0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 267windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 485 42c6f0-42c723 call 493ebc 488 42c730 485->488 489 42c725-42c72e call 42dae0 485->489 491 42c732-42c73c 488->491 489->491 493 42c73e-42c752 call 42bd90 491->493 494 42c75d-42c76f 491->494 497 42c772-42c79f 493->497 498 42c754-42c758 493->498 499 42c7a1 497->499 500 42c7a7-42c7ab 497->500 498->494 499->500 501 42c7e7 500->501 502 42c7ad-42c7b9 500->502 503 42c7ed-42c7f3 501->503 504 42c7c0 502->504 505 42c7bb-42c7be 502->505 507 42c803-42c807 503->507 508 42c7f5-42c7f6 503->508 506 42c7c6-42c7c7 504->506 505->504 505->506 509 42c7c9-42c7ca 506->509 510 42c7df-42c7e5 506->510 513 42c811 507->513 514 42c809-42c80a 507->514 511 42c800 508->511 512 42c7f8-42c7f9 508->512 516 42c7d7-42c7dd 509->516 517 42c7cc-42c7cd 509->517 510->503 511->507 512->507 518 42c7fb-42c7fe 512->518 515 42c817-42c81e 513->515 514->515 519 42c80c-42c80f 514->519 520 42c820-42c821 515->520 521 42c828 515->521 516->503 517->503 522 42c7cf-42c7d5 517->522 518->507 519->515 523 42c823-42c826 520->523 524 42c82b-42c888 call 42bf00 CreateSolidBrush call 49af18 call 496126 520->524 521->524 522->503 523->524 524->494 531 42c88e-42c89a call 42ca20 524->531 534 42c8b2-42c8cf SendMessageA 531->534 535 42c89c-42c8ad call 4985b7 531->535 536 42c8e3-42c8e8 534->536 537 42c8d1-42c8e1 SendMessageA 534->537 535->534 539 42c8ee-42c8f6 536->539 540 42c9cf-42ca1a SendMessageA * 2 call 42be80 536->540 537->536 539->540 541 42c8fc-42c903 539->541 543 42c905-42c908 541->543 544 42c90f 541->544 543->544 546 42c90a-42c90d 543->546 547 42c914-42c94e call 49801f call 496126 544->547 546->544 546->547 552 42c950-42c956 547->552 553 42c958-42c982 547->553 554 42c9c9 552->554 555 42c986-42c988 553->555 556 42c984 553->556 554->540 557 42c98a 555->557 558 42c98c-42c9b7 SendMessageA 555->558 556->555 557->558 559 42c9c2-42c9c4 call 42e9b0 558->559 560 42c9b9-42c9bd call 498648 558->560 559->554 560->559
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00000000), ref: 0042C838
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000C5,?,00000000), ref: 0042C8C9
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000CC,?,00000000), ref: 0042C8E1
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000465,00000000,?), ref: 0042C9AB
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B1,?,?), ref: 0042C9E8
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0042C9F7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$BrushCreateSolid
                                                                                                                                                                                                                          • String ID: EDIT$msctls_updown32
                                                                                                                                                                                                                          • API String ID: 943060551-1401569126
                                                                                                                                                                                                                          • Opcode ID: bc7f26dfd3c236cd0b985fafd8b6a26001bfdc3d03041e43fef48e386d65d425
                                                                                                                                                                                                                          • Instruction ID: b87a104d8ffd0ffaebf32d3bda2950ccbb7a520e6159777402097da3f267a851
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc7f26dfd3c236cd0b985fafd8b6a26001bfdc3d03041e43fef48e386d65d425
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5791D371704B219BE724DB28DC85F6BB6E5AB84700F50891EF296C7380DB78EC04CB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043E6B0 Relevance: 13.8, APIs: 9, Instructions: 289COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 563 43e6b0-43e6e5 call 493ebc 566 43e6f2 563->566 567 43e6e7-43e6f0 call 43fa30 563->567 569 43e6f4-43e6fe 566->569 567->569 571 43e700-43e702 569->571 572 43e707-43e71b call 42bd90 569->572 573 43ea28-43ea3a 571->573 576 43e72d-43e762 572->576 577 43e71d-43e728 572->577 578 43e764-43e771 576->578 579 43e7ad-43e7b1 576->579 577->573 581 43e773-43e776 578->581 582 43e778-43e78b 578->582 583 43e7b6-43e7ba 579->583 581->582 584 43e795-43e79b 581->584 582->584 585 43e78d 582->585 586 43e7f0-43e7f3 583->586 587 43e7bc 583->587 590 43e7a7-43e7ab 584->590 591 43e79d-43e7a5 584->591 585->584 588 43e7f5 586->588 589 43e7fd-43e800 586->589 587->586 592 43e7c3-43e7cb 587->592 593 43e7d5-43e7db 587->593 594 43e7e5-43e7e9 587->594 595 43e7cd 587->595 596 43e7dd 587->596 588->589 598 43e802 589->598 599 43e80a-43e818 589->599 590->583 591->583 592->586 597 43e7ec 593->597 594->597 595->593 596->594 597->586 598->599 600 43e81a-43e81e 599->600 601 43e86e-43e87f 599->601 604 43e820-43e821 600->604 605 43e846-43e86c GetSystemMetrics * 2 600->605 602 43e881-43e887 601->602 603 43e89b-43e8a5 601->603 606 43e889-43e899 602->606 607 43e8af-43e8be 602->607 608 43e8ab 603->608 609 43e823-43e824 604->609 610 43e83c-43e844 604->610 605->601 606->608 611 43e8c0-43e8c7 607->611 612 43e8c9-43e8cb 607->612 608->607 609->601 613 43e826-43e82f 609->613 610->601 611->612 614 43e8e1-43e8f2 611->614 612->614 615 43e8cd-43e8d5 612->615 613->601 616 43e831-43e83a 613->616 618 43e8f4 614->618 619 43e8f8-43e933 call 43e610 call 496126 614->619 615->614 617 43e8d7-43e8dd 615->617 616->601 617->614 618->619 624 43e935-43e93b 619->624 625 43e94b-43e96d call 43ea60 GetWindowRect 619->625 626 43e944-43e946 624->626 627 43e93d-43e93e DestroyMenu 624->627 630 43e981-43e98d call 498576 625->630 631 43e96f-43e97f 625->631 626->573 627->626 632 43e992-43e993 call 43e4f0 630->632 631->630 631->632 635 43e998-43e9a3 632->635 636 43e9a5-43e9a7 call 43ff30 635->636 637 43e9ac-43e9bc GetStockObject call 49af03 635->637 636->637 641 43e9c1-43e9d7 SendMessageA 637->641 642 43e9be 637->642 643 43e9d9-43e9e9 SetWindowPos 641->643 644 43e9ef-43e9f4 641->644 642->641 643->644 645 43e9f6-43ea0a GetSystemMenu call 499633 644->645 646 43ea1d-43ea26 call 43e430 644->646 645->646 651 43ea0c-43ea17 DeleteMenu 645->651 646->573 651->646
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b0d18a20474f4e11890f54220ba12a85177d04dce50329253216e83a1162d9c8
                                                                                                                                                                                                                          • Instruction ID: b121e91b6f11d8f4b42813cee749e76605eebe6b975f87c2fcefca470009c6b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0d18a20474f4e11890f54220ba12a85177d04dce50329253216e83a1162d9c8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2CB17970A057009FD724DF66C885B2BBBE6BB88704F50992EF59287390D778E841CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047D7F3 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 652 47d7f3-47d826 call 485704 call 47d5c5 657 47daec-47dafa 652->657 658 47d82c-47d84f call 47dc6c 652->658 662 47d851-47d863 658->662 663 47d87f-47d884 658->663 662->663 670 47d865-47d86f 662->670 664 47d886-47d889 663->664 665 47d8e9-47d8ec 663->665 668 47d958-47d96a 664->668 669 47d88f-47d8a1 664->669 667 47d8ee-47d900 665->667 665->668 667->668 675 47d902-47d904 667->675 676 47d970-47d972 668->676 677 47daae-47dab1 668->677 669->667 678 47d8a3-47d8b1 669->678 674 47d874-47d879 670->674 674->663 679 47dab3-47dab7 674->679 680 47d906-47d90a 675->680 681 47d914-47d94b call 49b1a0 call 492d64 call 49b27c 675->681 682 47d974-47d989 CreateILockBytesOnHGlobal 676->682 683 47d9d2-47d9d5 676->683 677->679 684 47dacb-47dad0 677->684 678->667 700 47d8b3-47d8e4 678->700 679->684 685 47dab9-47dac9 679->685 697 47d90f-47d912 680->697 706 47d950-47d953 681->706 690 47da80 682->690 691 47d98f-47d9aa StgCreateDocfileOnILockBytes 682->691 686 47d9db-47d9f2 GlobalAlloc 683->686 687 47da79 683->687 688 47dad2-47dad4 684->688 689 47dad8-47dadb 684->689 685->684 709 47da15-47da1c 686->709 710 47d9f4-47d9fd GlobalLock 686->710 687->690 688->689 695 47dadd-47dae0 689->695 696 47dae9 689->696 694 47da83-47da85 690->694 698 47d9c4 691->698 699 47d9ac-47d9bf 691->699 711 47da89-47da8c 694->711 695->696 705 47dae2 695->705 696->657 697->706 702 47d9c7-47d9cd 698->702 699->698 700->711 702->690 705->696 706->694 718 47da1f-47da25 709->718 710->709 716 47d9ff-47da13 GlobalUnlock 710->716 711->679 717 47da8e-47da91 711->717 716->718 717->677 721 47da93-47da9a 717->721 718->690 722 47da27-47da3b CreateILockBytesOnHGlobal 718->722 721->677 725 47da9c-47daab 721->725 722->690 726 47da3d-47da57 StgOpenStorageOnILockBytes 722->726 725->677 728 47da71-47da74 726->728 729 47da59-47da6c 726->729 728->702 729->728
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0047D7F8
                                                                                                                                                                                                                            • Part of subcall function 0047D5C5: CoGetClassObject.OLE32(00000000,?,00000000,004B3A08,00000003,?,?,?,?,0047D821,?,00000000,00000003,004B3BE8,?,?), ref: 0047D5E5
                                                                                                                                                                                                                            • Part of subcall function 0049B1A0: __EH_prolog.LIBCMT ref: 0049B1A5
                                                                                                                                                                                                                            • Part of subcall function 0049B27C: __EH_prolog.LIBCMT ref: 0049B281
                                                                                                                                                                                                                          • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?,?,00000000), ref: 0047D97E
                                                                                                                                                                                                                          • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?,?,00000000), ref: 0047D99F
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000000,00000000,?,00000000), ref: 0047D9E7
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000,?,00000000), ref: 0047D9F5
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(?,?,00000000), ref: 0047DA0D
                                                                                                                                                                                                                          • CreateILockBytesOnHGlobal.OLE32(?,00000001,?,?,00000000), ref: 0047DA30
                                                                                                                                                                                                                          • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?,?,00000000), ref: 0047DA4C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: GlobalLock$Bytes$CreateH_prolog$AllocClassDocfileObjectOpenStorageUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 645133905-0
                                                                                                                                                                                                                          • Opcode ID: 8051b8c4e6b681fc7a1f34ade042b463decb4fa58fece56fc8ac16803d2fdae9
                                                                                                                                                                                                                          • Instruction ID: b71ee237a8196bf8b4eb074bb43977a73eb0c8f0e772065f36d4b32fb6c583d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8051b8c4e6b681fc7a1f34ade042b463decb4fa58fece56fc8ac16803d2fdae9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DFB11BB0A1020AEFCB10DF65C884AAE7BB9FF48304B10856EF91AEB250D775DD51CB65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042CA20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 134windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 732 42ca20-42ca48 733 42ca56-42ca6c call 49ac70 732->733 734 42ca4a-42ca4d 732->734 739 42ca97-42ca9d call 49a530 733->739 740 42ca6e-42ca70 733->740 734->733 735 42ca4f-42ca51 call 49af6f 734->735 735->733 745 42caa2-42cae0 GetTextExtentPoint32A GetSystemMetrics 739->745 742 42ca72-42ca74 740->742 743 42ca76 740->743 744 42ca79-42ca85 call 42bf40 742->744 743->744 744->739 755 42ca87-42ca95 call 49a56c 744->755 747 42cae2-42cae7 call 49a56c 745->747 748 42caec-42cb00 GetWindowRect 745->748 747->748 751 42cb02-42cb0e 748->751 752 42cb2e-42cb30 748->752 751->752 756 42cb10-42cb29 call 4985b7 751->756 753 42cb32-42cb3e 752->753 754 42cb40-42cb50 GetStockObject 752->754 757 42cb51-42cb5c SendMessageA 753->757 754->757 755->745 756->752 760 42cb74-42cb97 call 49ace2 757->760 761 42cb5e-42cb6f call 4985b7 757->761 761->760
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTextExtentPoint32A.GDI32(?,004C3D48,?,?), ref: 0042CAC1
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000002E), ref: 0042CAD5
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0042CAF5
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0042CB42
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 0042CB51
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExtentMessageMetricsObjectPoint32RectSendStockSystemTextWindow
                                                                                                                                                                                                                          • String ID: H=L
                                                                                                                                                                                                                          • API String ID: 3316701254-2487894127
                                                                                                                                                                                                                          • Opcode ID: 13f3baa99141d79ff74fa5b04e63792664c3a7038bfe047d46cb4d06830eef29
                                                                                                                                                                                                                          • Instruction ID: 7ea67549f302be89b942fdacd37c51f8feb1bbc67ac3fdbf529e925697ba80a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13f3baa99141d79ff74fa5b04e63792664c3a7038bfe047d46cb4d06830eef29
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F541C271344314AFD720DF65DC82F6F7BA8BB88714F404A2EF552962C0DA78E804CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00471D40 Relevance: 10.6, APIs: 7, Instructions: 97stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004A04D5: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,?,?,00000000,?,00471D7B,?), ref: 004A04EE
                                                                                                                                                                                                                            • Part of subcall function 004A04D5: SysAllocStringLen.OLEAUT32(00000000,00000000), ref: 004A04F6
                                                                                                                                                                                                                            • Part of subcall function 004A04D5: MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,00471D7B,?), ref: 004A0514
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00471DA2
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?,00000000,00000000,00000000,?,00000000), ref: 00471E0B
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00471E1B
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00471E22
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00471E29
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00471E2C
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00471E37
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClearVariant$ByteCharMultiStringWide$AllocFreelstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 242697304-0
                                                                                                                                                                                                                          • Opcode ID: 06066e5ebc6ff084c15b51a830824a9432edd60f92e0ece66a25f32af836c205
                                                                                                                                                                                                                          • Instruction ID: 9de0323b19098d3f25aa34f9c75f2295b6e47f06e261d0c6baa9cb85b9090dcb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 06066e5ebc6ff084c15b51a830824a9432edd60f92e0ece66a25f32af836c205
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 523161725043809FD310EB64CC85EAFBBE8FBD9754F044A1EF69683290DB749945CBA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049A253 Relevance: 9.0, APIs: 6, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(0000000B), ref: 0049A260
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000C), ref: 0049A267
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0049A280
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 0049A291
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0049A299
                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 0049A2A1
                                                                                                                                                                                                                            • Part of subcall function 0049ED90: GetSystemMetrics.USER32(00000002), ref: 0049EDA2
                                                                                                                                                                                                                            • Part of subcall function 0049ED90: GetSystemMetrics.USER32(00000003), ref: 0049EDAC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MetricsSystem$CapsDevice$CallbackDispatcherReleaseUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1031845853-0
                                                                                                                                                                                                                          • Opcode ID: be172428d3cc6f71223f7aafbff020c32aa4814b935319fd148422a5f1b60c08
                                                                                                                                                                                                                          • Instruction ID: c6b4fb1edd507c04c2db8b207d4bb9be1fa2b25d27375e18bd3f64ad508e7f94
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: be172428d3cc6f71223f7aafbff020c32aa4814b935319fd148422a5f1b60c08
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF0B470640700AAEB206B729C49F17BFA4EF86B55F15483FF645472D0CA75A805CFB9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043E4F0 Relevance: 6.1, APIs: 4, Instructions: 94windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                          control_flow_graph 793 43e4f0-43e502 794 43e504-43e506 793->794 795 43e508 793->795 796 43e50e-43e538 call 4443e0 * 2 794->796 795->796 801 43e582-43e5ba SendMessageA * 2 796->801 802 43e53a-43e540 796->802 803 43e5bf-43e5c7 801->803 804 43e5bc-43e5bd DestroyCursor 801->804 802->801 805 43e542-43e55e call 43bdf0 802->805 806 43e5c9-43e5ca DestroyCursor 803->806 807 43e5cc-43e5cf 803->807 804->803 812 43e560-43e562 805->812 813 43e57a-43e57e 805->813 806->807 809 43e5d1-43e5eb 807->809 810 43e5ec-43e606 807->810 812->813 814 43e564-43e573 call 43b970 812->814 813->801 816 43e578 814->816 816->801
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000080,00000001,?), ref: 0043E598
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000080,00000000,?), ref: 0043E5AA
                                                                                                                                                                                                                          • DestroyCursor.USER32(?), ref: 0043E5BD
                                                                                                                                                                                                                          • DestroyCursor.USER32(?), ref: 0043E5CA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CursorDestroyMessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3501257726-0
                                                                                                                                                                                                                          • Opcode ID: 4cab12306ff32fdac26e2a977ac1e4b0b67744f6e0914a9a4f6e81ac4c3f7be2
                                                                                                                                                                                                                          • Instruction ID: 1886c34b85faf0cf5a598bfb0266d11a1230e0800298d77b089976e2772bf979
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4cab12306ff32fdac26e2a977ac1e4b0b67744f6e0914a9a4f6e81ac4c3f7be2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45314075705301AFE710DF66D881B97B7E8EFC8718F14881EF99587380E674E8098B66
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047D5C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CoGetClassObject.OLE32(00000000,?,00000000,004B3A08,00000003,?,?,?,?,0047D821,?,00000000,00000003,004B3BE8,?,?), ref: 0047D5E5
                                                                                                                                                                                                                          • CoGetClassObject.OLE32(00000000,?,00000000,004B3BA8,?,?,?,?,?,0047D821,?,00000000,00000003,004B3BE8,?,?), ref: 0047D61D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassObject
                                                                                                                                                                                                                          • String ID: ;K
                                                                                                                                                                                                                          • API String ID: 1165159591-965600188
                                                                                                                                                                                                                          • Opcode ID: b22900a01f8a5c15f09a5598445ac37ba863fab86c341bf2d7e8d2dbef14aa27
                                                                                                                                                                                                                          • Instruction ID: a887fca5d6e3f5d647fc33ff1a896272cac96ed34c4432a889075c71d7ce30ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b22900a01f8a5c15f09a5598445ac37ba863fab86c341bf2d7e8d2dbef14aa27
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4311047A900109BFCF11DF95CC08C9A7BB9EF89351B108465FC1993220D336DE22DBA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047D2F9 Relevance: 4.7, APIs: 3, Instructions: 242COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0047D2FE
                                                                                                                                                                                                                            • Part of subcall function 0047D7F3: __EH_prolog.LIBCMT ref: 0047D7F8
                                                                                                                                                                                                                            • Part of subcall function 0049AC70: __EH_prolog.LIBCMT ref: 0049AC75
                                                                                                                                                                                                                            • Part of subcall function 0049AC70: GetDC.USER32(00000001), ref: 0049AC9E
                                                                                                                                                                                                                            • Part of subcall function 0049CFED: GetMapMode.GDI32(?,00000000,?,?,?,?,0047D2C2,?), ref: 0049CFFD
                                                                                                                                                                                                                            • Part of subcall function 0049ACE2: __EH_prolog.LIBCMT ref: 0049ACE7
                                                                                                                                                                                                                            • Part of subcall function 0049ACE2: ReleaseDC.USER32(?,00000000), ref: 0049AD06
                                                                                                                                                                                                                          • OffsetRect.USER32(?,FFFF8300,FFFF8300), ref: 0047D4A5
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00007D00,00007D00), ref: 0047D4D6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prolog$OffsetRect$ModeRelease
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2301652080-0
                                                                                                                                                                                                                          • Opcode ID: f397cfcbb0cc5d850ca26412757d5ee9b7cdd0f18bc22ad0634c4d5eb6044a01
                                                                                                                                                                                                                          • Instruction ID: 05a0e4bee5bcae7c4267a455a40ba823ba8ea6e3056e17c9507e30540018d4e1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f397cfcbb0cc5d850ca26412757d5ee9b7cdd0f18bc22ad0634c4d5eb6044a01
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9913A71A10219AFCF04DF68C884ADE7BB9EF49304B10856AFC09DB256D778ED45CBA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043A780 Relevance: 4.6, APIs: 3, Instructions: 110windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0043A7A9
                                                                                                                                                                                                                          • IsWindow.USER32 ref: 0043A7D7
                                                                                                                                                                                                                          • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 0043A8A6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessagePeek$Window
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1210580970-0
                                                                                                                                                                                                                          • Opcode ID: 417869a9fc5c5121e3a14cb2698adac14fa41a9d05ca16320f53c05dad66ba48
                                                                                                                                                                                                                          • Instruction ID: c5a06cf9bef27d0f19bd0fd2b276cb50efc89ed88045e0c54692c1bd9ab10cfd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 417869a9fc5c5121e3a14cb2698adac14fa41a9d05ca16320f53c05dad66ba48
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C31A670740206AFD718EF24D884AABB768FF49348F04112EE55283241D734ED29CFE6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00471A80 Relevance: 4.6, APIs: 3, Instructions: 103COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000000), ref: 00471AB6
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 00471AC4
                                                                                                                                                                                                                            • Part of subcall function 0049680B: wsprintfA.USER32 ref: 00496841
                                                                                                                                                                                                                            • Part of subcall function 0049680B: GetClassInfoA.USER32(?,-00000058,?), ref: 0049686C
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00471AFC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassClientCursorInfoLoadObjectRectStockwsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3405140970-0
                                                                                                                                                                                                                          • Opcode ID: 3bcedf605ea00e0eec6aa9ff2180b0949d18c15a5defae04535c5d1133df7c4f
                                                                                                                                                                                                                          • Instruction ID: ebcc46c5f9db49abb90d681471fa7eab08049a7a0d5305846863ba999381a582
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3bcedf605ea00e0eec6aa9ff2180b0949d18c15a5defae04535c5d1133df7c4f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0331B432344200AFE710EB68DC46FAB77A9EBD8711F14441EF605DB2D1D678A80587A9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004A0E66 Relevance: 4.6, APIs: 3, Instructions: 90networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 004A0E6B
                                                                                                                                                                                                                            • Part of subcall function 0049E254: __EH_prolog.LIBCMT ref: 0049E259
                                                                                                                                                                                                                          • WSAStartup.WS2_32(00000101,?), ref: 004A0EA4
                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 004A0EEB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prolog$CleanupStartup
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2723797291-0
                                                                                                                                                                                                                          • Opcode ID: 6739ca4789bb9cb99aa86bc17c09cfc92ab085780b85203d4c274c7d5639da7d
                                                                                                                                                                                                                          • Instruction ID: 1e23fd2c857faa5c9131fe3ec6620206f72cad48a9a2f5ff02ad29ebd400ada8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6739ca4789bb9cb99aa86bc17c09cfc92ab085780b85203d4c274c7d5639da7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8431D671A04205AEDF30EF7684817AF7AE0AB1A314F10493FF15A9A6C0D778A980D759
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00473330 Relevance: 4.5, APIs: 3, Instructions: 45networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InternetSetOptionA.WININET(00000000,00000026,00000003,0000000C), ref: 0047336E
                                                                                                                                                                                                                          • InternetSetOptionA.WININET(?,0000002B,?,?), ref: 00473380
                                                                                                                                                                                                                          • InternetSetOptionA.WININET(?,0000002C,?,?), ref: 0047338E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: InternetOption
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3327645240-0
                                                                                                                                                                                                                          • Opcode ID: 3d4d33d97454ff378275b413fad3f6e4c28c8de5c3381e31575ff7893979b12d
                                                                                                                                                                                                                          • Instruction ID: 9b889414de0c491f9ef42f2b8e918d5a9947ef2c4520e9295585a61a5bcd3348
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d4d33d97454ff378275b413fad3f6e4c28c8de5c3381e31575ff7893979b12d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F601FFB5604301AFE324DF15DC85E6BF7E8EB88711F04882EF99997350D774AD058BA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00499581 Relevance: 4.5, APIs: 3, Instructions: 29windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 0049958E
                                                                                                                                                                                                                          • TranslateMessage.USER32(?), ref: 004995AE
                                                                                                                                                                                                                          • DispatchMessageA.USER32(?), ref: 004995B5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$CallbackDispatchDispatcherTranslateUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2960505505-0
                                                                                                                                                                                                                          • Opcode ID: 62b1891d3303a9ecdd65fe5eb894c325b4bce3f71c897bd7ea06067f1bc63486
                                                                                                                                                                                                                          • Instruction ID: ad9eca2c856e38a23e0d33f291d5be6ca01f399a2d8e6f082ed228e4e793b1a8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 62b1891d3303a9ecdd65fe5eb894c325b4bce3f71c897bd7ea06067f1bc63486
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E09233200500BFDB265B68AC4CD7B3BACEF82B1170A043EF402C6554C7A49C42CA69
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00433160 Relevance: 3.1, APIs: 2, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 00433240
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 0043324E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CursorLoadObjectStock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3794545487-0
                                                                                                                                                                                                                          • Opcode ID: c89de65ba6e5d308b237ab354b37a026eee9de5e819493d7412b56b6a2dfe641
                                                                                                                                                                                                                          • Instruction ID: d4d35b6d70666dfbad9c2a0565d353ebcffaf645b79b5370b8479e1cc731a480
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c89de65ba6e5d308b237ab354b37a026eee9de5e819493d7412b56b6a2dfe641
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90316971658710AFE314DF58CD41B6BB7E4EB88B04F108A2EFA5687380D779E9048B96
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00479270 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 00479342
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 00479350
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CursorLoadObjectStock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3794545487-0
                                                                                                                                                                                                                          • Opcode ID: 6c84be22af9144c1a0549d8077badc9b2a32efe4abeaf3e34f9e410946893d61
                                                                                                                                                                                                                          • Instruction ID: cab9865e9f2781add75667a1a1626141ee1c2bb0ef045af07ae93df7a802d31b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c84be22af9144c1a0549d8077badc9b2a32efe4abeaf3e34f9e410946893d61
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E316F71658701AFE314DB58CD41F6BB7E4EB89B10F108A1DFA4987380D779AC01CB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043BD50 Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00008002,00000000,00000000), ref: 0043BDBE
                                                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 0043BDDA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageParentSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 928151917-0
                                                                                                                                                                                                                          • Opcode ID: c0dfa999b05c87eaf21055a10d7e187d1b884b484c472344566daa91b2e7617c
                                                                                                                                                                                                                          • Instruction ID: 92fa27cf29c2121105e1151661805dbb58f2712055233cd41a47e4f1dfb1ef90
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0dfa999b05c87eaf21055a10d7e187d1b884b484c472344566daa91b2e7617c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A51170326002156BDB219E659C44B6BB798EF88764F05913BEE44D7341D738EC018AE9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00433290 Relevance: 3.0, APIs: 2, Instructions: 48timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KillTimer.USER32(?,000003E8), ref: 004332DF
                                                                                                                                                                                                                          • SetTimer.USER32(?,000003E8,?,00000000), ref: 004332F8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Timer$Kill
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3307318486-0
                                                                                                                                                                                                                          • Opcode ID: 1a96e16a656969e41c94d0cb606721381fd14768f7e3e6b24a8ea6e74f082cab
                                                                                                                                                                                                                          • Instruction ID: b1fc4f0707a40194cb7c2c60280d99515bd2d81a6b6480a377936eb977bade26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a96e16a656969e41c94d0cb606721381fd14768f7e3e6b24a8ea6e74f082cab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3501D3317087118FE764CF28D845B5BB7E8BB48706F04891EE986DB680DB79ED009B58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049EAC7 Relevance: 3.0, APIs: 2, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,00000000,0049A2D5,?,?,?,?,?,?,?,004911F7,?,?,?,?), ref: 0049EAD0
                                                                                                                                                                                                                          • SetErrorMode.KERNEL32(00000000,?,?,?,004911F7,?,?,?,?), ref: 0049EAD7
                                                                                                                                                                                                                            • Part of subcall function 0049EB2A: GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0049EB5B
                                                                                                                                                                                                                            • Part of subcall function 0049EB2A: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0049EBFC
                                                                                                                                                                                                                            • Part of subcall function 0049EB2A: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0049EC29
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorMode$FileModuleNamelstrcatlstrcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3389432936-0
                                                                                                                                                                                                                          • Opcode ID: f9b9db61c7a5dfab554cd523cfc8c42eaefc3711a314abf421a7ebdba58fd810
                                                                                                                                                                                                                          • Instruction ID: 6a7a32ae2cfd6e488b638d489a8e138681aca92eebe3559147f1803e5a42b7b4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9b9db61c7a5dfab554cd523cfc8c42eaefc3711a314abf421a7ebdba58fd810
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F03774A043148FDB24EF25D444B097FE4AF48714F0684AFB4458B3A2DBB8E841CB9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004880E9 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 004880FA
                                                                                                                                                                                                                            • Part of subcall function 00487FA1: GetVersionExA.KERNEL32 ref: 00487FC0
                                                                                                                                                                                                                          • HeapDestroy.KERNEL32 ref: 00488139
                                                                                                                                                                                                                            • Part of subcall function 0048BB75: HeapAlloc.KERNEL32(00000000,00000140,00488122,000003F8), ref: 0048BB82
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2507506473-0
                                                                                                                                                                                                                          • Opcode ID: 2503ebe698320e7e31290ffb1663357e973cd14da0d6e3120713f5fadc879e53
                                                                                                                                                                                                                          • Instruction ID: 5017cdb281cdf2a11587e4ace6143f2048557e73db53b382ddde6374e0857f7a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2503ebe698320e7e31290ffb1663357e973cd14da0d6e3120713f5fadc879e53
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 88F06D70614342AEDB607B31AC4A73F3995EB45786F608C3FF500C81E5EF688882975D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00444AA0 Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadImageA.USER32(?,?,00000001,00000020,00000020,00000000), ref: 00444ABB
                                                                                                                                                                                                                          • LoadImageA.USER32(?,?,00000001,00000010,00000010,00000000), ref: 00444ACD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ImageLoad
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 306446377-0
                                                                                                                                                                                                                          • Opcode ID: 8ceb21c99824edf60d649087f118b2fe32bb4a9d9e73719c45d5e6691bef20f5
                                                                                                                                                                                                                          • Instruction ID: abac79adffb22a453097abbfdab76aceeab91cf9ad0efbb92bf6ca8cf9e9c69a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ceb21c99824edf60d649087f118b2fe32bb4a9d9e73719c45d5e6691bef20f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30E0ED323413117BD620CE5A9C85F9BF7A9EB8EB10F140819B344AB1D1C2F1A4458669
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00496463 Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DefWindowProcA.USER32(?,?,?,?), ref: 0049648A
                                                                                                                                                                                                                          • CallWindowProcA.USER32(?,?,?,?,?), ref: 0049649F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ProcWindow$Call
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2316559721-0
                                                                                                                                                                                                                          • Opcode ID: 86b43fa292cdbc40acf15b401844db728aebaa2d082e308f95bf0686fd158476
                                                                                                                                                                                                                          • Instruction ID: 22cf8d0a524cf84b7d024d8b24acc2a7c09b567a298394519daa8143c3dc1bda
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 86b43fa292cdbc40acf15b401844db728aebaa2d082e308f95bf0686fd158476
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1EF0A536100208FFDF259F95EC08D9A7FBAFF19760B058469FA49C6520D736E820AB58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00499024 Relevance: 3.0, APIs: 2, Instructions: 27threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00499037
                                                                                                                                                                                                                          • SetWindowsHookExA.USER32(000000FF,00499379,00000000,00000000), ref: 00499047
                                                                                                                                                                                                                            • Part of subcall function 0049E254: __EH_prolog.LIBCMT ref: 0049E259
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentH_prologHookThreadWindows
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2183259885-0
                                                                                                                                                                                                                          • Opcode ID: 370c1dd8830519cfc7d75f8436e995c5391d063c5533d288f56c5fdb7e5bc3e4
                                                                                                                                                                                                                          • Instruction ID: d628b946f45e54ce8222ef04ba67a7d01fc0647e0ff8a396aa04e0a832601c25
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 370c1dd8830519cfc7d75f8436e995c5391d063c5533d288f56c5fdb7e5bc3e4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FF08C319006006EDF20BBBAAD0AB297D609B42714F09467EB5629B2D1CB6C4C40C79E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00496098 Relevance: 3.0, APIs: 2, Instructions: 25threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049E1BF: TlsGetValue.KERNEL32(004FB50C,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?,00000100,0043B1CC,0043B1CC), ref: 0049E1FE
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004960BA
                                                                                                                                                                                                                          • SetWindowsHookExA.USER32(00000005,00495EA2,00000000,00000000), ref: 004960CA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentHookThreadValueWindows
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 933525246-0
                                                                                                                                                                                                                          • Opcode ID: cb502aa032bfd2340053a6878e60f2e547ed02ae357b13b77387423cc0de7dab
                                                                                                                                                                                                                          • Instruction ID: 11586e8a35dceeaa9fa315c40f1057201d40944482acf1f335fb2a2a52f5a144
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cb502aa032bfd2340053a6878e60f2e547ed02ae357b13b77387423cc0de7dab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1DE06D71600B109ECB30AB66AD05B177EE4EB85B11F16863FF20592280D77998018F6D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00484355 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,00000000,00000000,0043B1CC), ref: 0048443C
                                                                                                                                                                                                                            • Part of subcall function 0048A894: InitializeCriticalSection.KERNEL32(00000000,00000000,00000010,'BI,004843EE,00000009,00000000,00000000,0043B1CC), ref: 0048A8D1
                                                                                                                                                                                                                            • Part of subcall function 0048A894: EnterCriticalSection.KERNEL32(00000010,00000010,'BI,004843EE,00000009,00000000,00000000,0043B1CC), ref: 0048A8EC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1616793339-0
                                                                                                                                                                                                                          • Opcode ID: 26edea2181c10053ba1145e8636934a75d0c0d8ca85fc2eae352eabd519e176a
                                                                                                                                                                                                                          • Instruction ID: 86283c4acc98fe7b1a6e991fffe1a6c6af70aa17fcc94df299ac07fce560d072
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26edea2181c10053ba1145e8636934a75d0c0d8ca85fc2eae352eabd519e176a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5421FD31600216ABDB10FF69DC42B9F77A4EB40B64F14492BF410E72C1D77C99418B9D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004959FF Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00495A04
                                                                                                                                                                                                                            • Part of subcall function 0049E1BF: TlsGetValue.KERNEL32(004FB50C,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?,00000100,0043B1CC,0043B1CC), ref: 0049E1FE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prologValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3700342317-0
                                                                                                                                                                                                                          • Opcode ID: 92f68996c776e67f7b1676afca3eb5330bc0d52cdabf0df5c4649ff4d6ab37ba
                                                                                                                                                                                                                          • Instruction ID: 4602b2638147eb9c532b6581d55967d4a120ae1ecc38122a27a30460c4de2c8c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92f68996c776e67f7b1676afca3eb5330bc0d52cdabf0df5c4649ff4d6ab37ba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 35215E72900609EFCF05DF54C481AEE7BB9FF45314F10406AF915AB641D778AE54CB94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00496126 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateWindowExA.USER32(00000000,00000000,00000000,00000000,00000080,0045F319,?,?,?,?,?,?), ref: 004961C4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                                                                          • Opcode ID: 4bec52f64fe7c8990b2704c5174b55cfda048568b246a2957fd7bd763ae2928b
                                                                                                                                                                                                                          • Instruction ID: 2d038ad7b23750d9ee6d0ac5f623a7ec0cbd87f093c953ee32d4156a2df905e4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4bec52f64fe7c8990b2704c5174b55cfda048568b246a2957fd7bd763ae2928b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E3318979A00219AFCF01DFA8C845ADEBBF1BF4C304B15446AF918E7310E7359A519FA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047BA32 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3519838083-0
                                                                                                                                                                                                                          • Opcode ID: b012ee643d14a94be24578590fe34480f234768dc72f492191978445917098f7
                                                                                                                                                                                                                          • Instruction ID: 6d7f56ab957bd4a9590addc78cc276577a89aca044633052e362f9950a78a92b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b012ee643d14a94be24578590fe34480f234768dc72f492191978445917098f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C218C32600109EFCF02AF98C800AEEBFB1FF08324F11855AF909A7261C775D921DB94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047B71C Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CopyRect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1989077687-0
                                                                                                                                                                                                                          • Opcode ID: 811d4921b4576ad4484f85cc646dccae08d74e6fac2123ee25c4e0691721539c
                                                                                                                                                                                                                          • Instruction ID: 492a9dd59f8c4714961b5ba571dc5419847678a0d479d8243d26a20adc57d4a2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 811d4921b4576ad4484f85cc646dccae08d74e6fac2123ee25c4e0691721539c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1601D27690011DAF8F09DF94DC448EEBFBAFB4C300F00812AF919A2220D7359A60DFA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00495C76 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 23af93383b65e2df15e3a4dea4a8eec5a64979c3bfa74a3f2fed7e783dd18718
                                                                                                                                                                                                                          • Instruction ID: e6f6436a75c23ce14bc255ce98c6e04f7b04387a5aaf6e376aaaca22132817c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23af93383b65e2df15e3a4dea4a8eec5a64979c3bfa74a3f2fed7e783dd18718
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30F01C32441A19FFCF136F819D019DF3F29AF09362F208426FE15A5111C739D961EBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00499B91 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadStringA.USER32(?,?,?,?), ref: 00499BA8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LoadString
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2948472770-0
                                                                                                                                                                                                                          • Opcode ID: 0a4db7574fc962220e25a5097f6229c0f412c8b9040d579257ca1d7a424ac2ec
                                                                                                                                                                                                                          • Instruction ID: dd2734b448a687ecc78574d1fed3a5e20be28e84e1faca8a7eb0940ca5ead7d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a4db7574fc962220e25a5097f6229c0f412c8b9040d579257ca1d7a424ac2ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ACD0A7765083619FCB11DF549808C4FBFA9BF59310B050C5EF48043152C328D804C765
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00498606 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShowWindow.USER32(?,?,0047F4A1,00000000,?,?,?,?,00000000), ref: 00498614
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ShowWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1268545403-0
                                                                                                                                                                                                                          • Opcode ID: 407976daf140c0765b4a7778e8c025abf9a2e9da00a0a95b3046e29d6754d0d4
                                                                                                                                                                                                                          • Instruction ID: e139fc5804687c6ba0075e5f3acd07779808de7eb9b0e102da3c294f91b22324
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 407976daf140c0765b4a7778e8c025abf9a2e9da00a0a95b3046e29d6754d0d4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DD09230604200EFCF099F64D948E1ABFB2BF96705F2495B9E0468A126DB36CC52EB09
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0D421854 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3227105288.000000000D420000.00000010.00000800.00020000.00000000.sdmp, Offset: 0D420000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_d420000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: x%
                                                                                                                                                                                                                          • API String ID: 0-3806519764
                                                                                                                                                                                                                          • Opcode ID: 2b95312fbb736a64c45e4ada1414b7126cc2af8994bdb6fd7f6b2a50a1c43857
                                                                                                                                                                                                                          • Instruction ID: a8d6540e644ca727628a89e10ea9295e71428e9b906d01936ee0afcf3f94bbc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b95312fbb736a64c45e4ada1414b7126cc2af8994bdb6fd7f6b2a50a1c43857
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E41E130A40321AFDB10CF55C892E7AB3A5FF89320F65C19AE9426B341D771EC52CB90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0D421077 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3227105288.000000000D420000.00000010.00000800.00020000.00000000.sdmp, Offset: 0D420000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_d420000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 420ac67b484a41769d5e7ff36f94528fdaea6e20208e51b81f2bc2888281d32b
                                                                                                                                                                                                                          • Instruction ID: a5bd5666f38df4be8583bb70cbd3dd120b40e6f07618bba7cde3a1cbfa484c58
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 420ac67b484a41769d5e7ff36f94528fdaea6e20208e51b81f2bc2888281d32b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC51B731A40321AFDB248F65C882B7AB3F5EF89350F90856FE515AB381C775D841CB61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0BF01C00 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3215517273.000000000BF00000.00000010.00000800.00020000.00000000.sdmp, Offset: 0BF00000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_bf00000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 88647789dfb716bc1fd303cb6061f38a771d6eac55d72f26adc47f7a280a3ea6
                                                                                                                                                                                                                          • Instruction ID: 88d79649bd29661af3d6df4b3b24be9ce9a5407051ca3c37899b5c04feda7e3b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88647789dfb716bc1fd303cb6061f38a771d6eac55d72f26adc47f7a280a3ea6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DD419D71E50204AFDB04CF55C8C1ABAB3B5FF98304F6481A8ED14AB391DB75AD42CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0BF0E400 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3215517273.000000000BF00000.00000010.00000800.00020000.00000000.sdmp, Offset: 0BF00000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_bf00000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 306a982e8d9c4e95e5545a3ca0719092e0c54f8db7272e18e666145a1bd91b4c
                                                                                                                                                                                                                          • Instruction ID: 0ce396b36e01864b08dda9ee1ed8a375546b427624afe9ba0302c9e9b0a64a47
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 306a982e8d9c4e95e5545a3ca0719092e0c54f8db7272e18e666145a1bd91b4c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E412736F506109FEB20CA14C952F75B3E4EB14B11F0448A8ED66AB7E0DF64EC50C7A1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0D421C94 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3227105288.000000000D420000.00000010.00000800.00020000.00000000.sdmp, Offset: 0D420000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_d420000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d6a3e711ebbc7f84a9a3ac06a6aea9e08859cc9f75472b12bd47eef61d03cf77
                                                                                                                                                                                                                          • Instruction ID: 32b83097cdf62e190b6cb8d18e071784649dca0b8ccc7d1cb1391b8c332cdd67
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6a3e711ebbc7f84a9a3ac06a6aea9e08859cc9f75472b12bd47eef61d03cf77
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33312431E14361DFDB208B68DC41B7AB3A5EF84265F5481AFE915DB781D630EC818B90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0D4215BA Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3227105288.000000000D420000.00000010.00000800.00020000.00000000.sdmp, Offset: 0D420000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_d420000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 99fc684cfd2e86a8110d181d62887710b30dc03252a743e7f29eae709afeb313
                                                                                                                                                                                                                          • Instruction ID: eb6f1716e39797431fb33f81baebbe83b496664c9f5fc86eac483f9835a7736c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99fc684cfd2e86a8110d181d62887710b30dc03252a743e7f29eae709afeb313
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C415E31A01320DFDB21CF54C981ABFB3B5FF89210F6A819AE9056B251D731EC52CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0D421DC7 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3227105288.000000000D420000.00000010.00000800.00020000.00000000.sdmp, Offset: 0D420000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_d420000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 366032ad236261353ccaa3fde3e9723e2bc0c04a43a14d4ff2a92ca5ae0e21dd
                                                                                                                                                                                                                          • Instruction ID: b34748929dc8543fa8f1f0b2f6bdb96a06916ca6edac9af13c45ac2312e3f0c1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 366032ad236261353ccaa3fde3e9723e2bc0c04a43a14d4ff2a92ca5ae0e21dd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5FE02B35B183609BDA116628FD919FAA389A740264F908227E502CB211DA06DE5346C1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0D426AFF Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3227105288.000000000D420000.00000010.00000800.00020000.00000000.sdmp, Offset: 0D420000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_d420000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 61f8ef2840745a95fec9515b2650f512de84c7b663eb13a82f90e028b43e1caa
                                                                                                                                                                                                                          • Instruction ID: 723528cfce6e457b9e9384d5512ea095ac27522caddf2af1a0d02cfd189141bc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61f8ef2840745a95fec9515b2650f512de84c7b663eb13a82f90e028b43e1caa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ABE01A367051559FCB10DF5DE880A6AF3E5FB88265F10832BE959C3B10CA60EC608AD2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0BF0266B Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3215517273.000000000BF00000.00000010.00000800.00020000.00000000.sdmp, Offset: 0BF00000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_bf00000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: b00d52a4acd3c516fca7663a8a445dd79aa1d2822defb19a15f1f4fcab9edbbc
                                                                                                                                                                                                                          • Instruction ID: ad0b5b2abe88f9aebb3636bc3e22962d94c4eb88de2ece8253c783fdf8f19c63
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b00d52a4acd3c516fca7663a8a445dd79aa1d2822defb19a15f1f4fcab9edbbc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14E04F36B182048FE720DE9DD880A56F3E4FF8C525B00466AE95AD7750DA20FC045BE1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390427 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439041F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391C17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391C0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439040F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439047F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439046F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390457 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390447 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043904BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043904B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390CB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043904AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390C9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390CEF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439053F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390537 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439051F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390D17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390D77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390D6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390D67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390D5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439054F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391DBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390DBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043905BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390DB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391DB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391DAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391DA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043905A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390DA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390597 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391D8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391DFF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391DEF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390DDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043905D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390DD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391DCF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043905CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390DCF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391DC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390E3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439063F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390637 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391E2F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391E1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391E07 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390677 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390E77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439066F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390667 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390E57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390E4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390E47 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390647 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043906B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439068F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390EFF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391EF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391EDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391ED7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043916CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391ECF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043916C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391EC7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390737 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F2F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439072F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391F27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390727 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439071F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F07 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391F77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391F6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F67 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F5F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439075F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390757 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390F4F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439074F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043917BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043907EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043907E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439081F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390817 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439080F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439007F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439087F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390877 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439086F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390867 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439085F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439185F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390857 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390057 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439184F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391847 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043918BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043908BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043908B7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439009F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439008F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439088F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391887 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390887 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390087 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043908FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043900F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043908F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043908EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043900EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043908E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439093F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439090F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390907 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439097F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390977 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390167 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439015F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043901AF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043901A7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439019F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390197 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043901FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043909FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043901E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043901DF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043909DF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043901D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043909CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043909C7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439022F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390227 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439021F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390217 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439020F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390A0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439026F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390267 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043902BF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043902CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439033F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390B27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439031F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391B0F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390B77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391B57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0439034F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04390347 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391BAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391BA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391B9F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391B97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043903FF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043903E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 04391BDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction ID: 935c3db3997b3fc8a6f9b186797500ee9a572a5dc8d24696a98aa5b8731ed9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb480f5c5f01dbd53eef73d60a3ed0ca31ceffcbcde0be47ac1a801d4c5bc53a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043903DF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043903D7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 043903CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3207337485.0000000004390000.00000010.00000800.00020000.00000000.sdmp, Offset: 04390000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_4390000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction ID: 0ced0c1f2813a99985704404f92646ca40e6a4e8c08510826b3eb313310fffc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36a86c55c3900084a42a9163942f372f2933c03040b480f4b583a2bcbde4090e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0CEF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0CE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0CDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0C7F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0C77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0C6F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0DF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC09F7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC09CF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0967 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0947 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0D3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0D37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0D2F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0D27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0D1F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0EF7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0EE7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0EDF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0ECF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0697 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0687 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC067F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0677 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0657 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0E57 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0E3F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0A37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC07EF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC07E7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC07DF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0BD7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0FBF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0FB7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0FAF Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0BA7 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0797 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0B97 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC078F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0B8F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0787 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0B87 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC077F Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0B77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0F77 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0F37 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0F27 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0CFC0F17 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3220599020.000000000CFC0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0CFC0000, based on PE: false
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_cfc0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction ID: d1619c00b02fbe36ef53e48c66d7f4e99f5432ee79237f809c75a75dca676c7e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6060a13771632b6c9fe7bc8c0aece9de1a1bd706654da59e8d9094c25579ceb7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00451A00 Relevance: 85.5, APIs: 47, Strings: 1, Instructions: 1494windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                            • Part of subcall function 0049A989: GetClipBox.GDI32(?,?), ref: 0049A990
                                                                                                                                                                                                                          • DPtoLP.GDI32 ref: 00451B1B
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00451B29
                                                                                                                                                                                                                          • DPtoLP.GDI32(?,?,00000002), ref: 00451B41
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00451BE0
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000002), ref: 00451C21
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00451C7E
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000002), ref: 00451CBF
                                                                                                                                                                                                                          • CreateRectRgnIndirect.GDI32(?), ref: 00451CEA
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00451D1E
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000002), ref: 00451D5F
                                                                                                                                                                                                                          • CreateRectRgnIndirect.GDI32(?), ref: 00451D85
                                                                                                                                                                                                                          • CreateRectRgnIndirect.GDI32(?), ref: 00451DB4
                                                                                                                                                                                                                          • GetCurrentObject.GDI32(?,00000006), ref: 00451DD0
                                                                                                                                                                                                                          • GetCurrentObject.GDI32(?,00000001), ref: 00451DE9
                                                                                                                                                                                                                          • GetCurrentObject.GDI32(?,00000002), ref: 00451E02
                                                                                                                                                                                                                            • Part of subcall function 0049A648: SetBkMode.GDI32(?,?), ref: 0049A661
                                                                                                                                                                                                                            • Part of subcall function 0049A648: SetBkMode.GDI32(?,?), ref: 0049A66F
                                                                                                                                                                                                                            • Part of subcall function 0049735F: GetScrollPos.USER32(00000000,004363A3), ref: 0049737D
                                                                                                                                                                                                                            • Part of subcall function 00451630: CreateFontIndirectA.GDI32(00000000), ref: 00451682
                                                                                                                                                                                                                          • FillRgn.GDI32(?,?,?), ref: 00451FE2
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 004520C7
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 004520D2
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000002), ref: 004520EF
                                                                                                                                                                                                                          • CreateRectRgnIndirect.GDI32(?), ref: 004520FA
                                                                                                                                                                                                                          • CombineRgn.GDI32(?,?,?,00000004), ref: 0045212B
                                                                                                                                                                                                                          • DPtoLP.GDI32(?,?,00000002), ref: 00452149
                                                                                                                                                                                                                            • Part of subcall function 0049A72F: SetMapMode.GDI32(?,?), ref: 0049A748
                                                                                                                                                                                                                            • Part of subcall function 0049A72F: SetMapMode.GDI32(?,?), ref: 0049A756
                                                                                                                                                                                                                          • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 00452188
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 0045221B
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 00452261
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0045229C
                                                                                                                                                                                                                          • DPtoLP.GDI32(?,?,00000001), ref: 00452328
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000001), ref: 00452447
                                                                                                                                                                                                                          • DPtoLP.GDI32(?,?,00000001), ref: 00452465
                                                                                                                                                                                                                            • Part of subcall function 0049AA5D: MoveToEx.GDI32(?,?,?,?), ref: 0049AA7F
                                                                                                                                                                                                                            • Part of subcall function 0049AA5D: MoveToEx.GDI32(?,?,?,?), ref: 0049AA93
                                                                                                                                                                                                                            • Part of subcall function 0049AAA9: MoveToEx.GDI32(?,?,?,00000000), ref: 0049AAC3
                                                                                                                                                                                                                            • Part of subcall function 0049AAA9: LineTo.GDI32(?,?,?), ref: 0049AAD4
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,00000000), ref: 0049A58E
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,?), ref: 0049A5A4
                                                                                                                                                                                                                            • Part of subcall function 00454C30: GetCurrentObject.GDI32(?), ref: 00454CFB
                                                                                                                                                                                                                            • Part of subcall function 00454C30: LPtoDP.GDI32(?,00000000,00000001), ref: 00454D48
                                                                                                                                                                                                                          • IntersectRect.USER32(?,00000000,?), ref: 004525B2
                                                                                                                                                                                                                          • IsRectEmpty.USER32(00000000), ref: 004525BD
                                                                                                                                                                                                                          • PatBlt.GDI32(?,00000000,?,?,?,00F00021), ref: 00452604
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,00000000,00000002), ref: 00452619
                                                                                                                                                                                                                          • CreateRectRgnIndirect.GDI32(00000000), ref: 00452624
                                                                                                                                                                                                                          • CombineRgn.GDI32(?,?,?,00000004), ref: 00452655
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000001), ref: 00452684
                                                                                                                                                                                                                          • DPtoLP.GDI32(?,?,00000001), ref: 004526A2
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00452740
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 00452768
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00452CD8
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 00452CE3
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000002), ref: 00452D00
                                                                                                                                                                                                                          • CreateRectRgnIndirect.GDI32(?), ref: 00452D0B
                                                                                                                                                                                                                          • CombineRgn.GDI32(?,?,?,00000004), ref: 00452D3C
                                                                                                                                                                                                                            • Part of subcall function 004542F0: SetRectEmpty.USER32(?), ref: 00454368
                                                                                                                                                                                                                            • Part of subcall function 004542F0: GetSysColor.USER32(0000000F), ref: 00454492
                                                                                                                                                                                                                            • Part of subcall function 004542F0: IntersectRect.USER32(?,?,?), ref: 004544F9
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00451EC6
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: __EH_prolog.LIBCMT ref: 0049AFDA
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: CreateSolidBrush.GDI32(?), ref: 0049AFF7
                                                                                                                                                                                                                            • Part of subcall function 0049AF85: __EH_prolog.LIBCMT ref: 0049AF8A
                                                                                                                                                                                                                            • Part of subcall function 0049AF85: CreatePen.GDI32(?,?,?), ref: 0049AFAD
                                                                                                                                                                                                                          • CreateRectRgnIndirect.GDI32(?), ref: 00451C46
                                                                                                                                                                                                                            • Part of subcall function 00453140: CopyRect.USER32(?,00000000), ref: 004531B7
                                                                                                                                                                                                                            • Part of subcall function 00453140: IsRectEmpty.USER32(?), ref: 004531C2
                                                                                                                                                                                                                            • Part of subcall function 00453140: GetClientRect.USER32(00000000,?), ref: 00453201
                                                                                                                                                                                                                            • Part of subcall function 00453140: DPtoLP.GDI32(?,?,00000002), ref: 00453213
                                                                                                                                                                                                                            • Part of subcall function 00453140: LPtoDP.GDI32(?,?,00000002), ref: 00453250
                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 00453039
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Create$IndirectIntersectObject$Empty$CurrentModeSelect$CombineH_prologMove$ClientColorFill$BeginBrushClipCopyFontLinePaintScrollSolidwsprintf
                                                                                                                                                                                                                          • String ID: 4#K
                                                                                                                                                                                                                          • API String ID: 3726329589-2206497575
                                                                                                                                                                                                                          • Opcode ID: 7cc725090a53740bca62a469900027072c4ecc3acca0c3153b32f0aecff64b91
                                                                                                                                                                                                                          • Instruction ID: 6e9d3ced3fe80cceacfdd26d3f1a8c4e4d240f0de493e52b5d4c71794db27ed8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7cc725090a53740bca62a469900027072c4ecc3acca0c3153b32f0aecff64b91
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EFD25B712083809FD724DF65C994FAFB7E9BBC9704F00491EF58A83291DB74A909CB66
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00439810 Relevance: 53.5, APIs: 29, Strings: 1, Instructions: 979windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00439882
                                                                                                                                                                                                                          • IsIconic.USER32(?), ref: 004398BA
                                                                                                                                                                                                                          • SetActiveWindow.USER32(?,?,?), ref: 004398E3
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043990D
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00439BDE
                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(?), ref: 00439D2E
                                                                                                                                                                                                                          • DestroyMenu.USER32(?), ref: 00439D39
                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(?), ref: 00439D53
                                                                                                                                                                                                                          • DestroyMenu.USER32(?), ref: 00439D62
                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(?), ref: 00439DC2
                                                                                                                                                                                                                          • DestroyMenu.USER32(?,000003EA,00000000,00000000,?,?,00000000,000007D9,00000000,00000000), ref: 00439DD1
                                                                                                                                                                                                                          • SetParent.USER32(?,?), ref: 00439E53
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?), ref: 00439F6B
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043A09C
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000806F,00000000,00000000), ref: 0043A0B1
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00008004,00000000,00000000), ref: 0043A0CE
                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(?), ref: 0043A11C
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043A191
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043A1E1
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043A231
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043A26E
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043A2F1
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0043A2FF
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 0043A340
                                                                                                                                                                                                                            • Part of subcall function 00439700: IsWindow.USER32(?), ref: 0043977B
                                                                                                                                                                                                                            • Part of subcall function 00439700: GetFocus.USER32 ref: 00439785
                                                                                                                                                                                                                            • Part of subcall function 00439700: IsChild.USER32(?,00000000), ref: 00439797
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043A39F
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00008076,00000000,00000000), ref: 0043A3B4
                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 0043A3C7
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 0043A3D1
                                                                                                                                                                                                                          • SetFocus.USER32(00000000), ref: 0043A3DC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Destroy$AcceleratorFocusTable$MenuMessageSend$Parent$ActiveChildIconic
                                                                                                                                                                                                                          • String ID: d
                                                                                                                                                                                                                          • API String ID: 3681805233-2564639436
                                                                                                                                                                                                                          • Opcode ID: bfec3878795f6ee55800b21fdc40860f26f079bf0014b7bfa4cd62efbbacb30e
                                                                                                                                                                                                                          • Instruction ID: 32965c9e9d3a1dae9ada6889ac9b7820c50d72c96a62f54d9342f6be45acf47b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bfec3878795f6ee55800b21fdc40860f26f079bf0014b7bfa4cd62efbbacb30e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6172AB716083419BD324DF25C881B6FB7E9EF89704F05492EF98997341DB78EC058BAA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00441AB0 Relevance: 50.0, APIs: 23, Strings: 5, Instructions: 986windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(?), ref: 00441AE9
                                                                                                                                                                                                                          • TranslateAcceleratorA.USER32(?,?,?,?), ref: 00441B43
                                                                                                                                                                                                                          • IsChild.USER32(?,?), ref: 00441B74
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00441CCF
                                                                                                                                                                                                                          • PostMessageA.USER32(?,000000A1,00000002,00000000), ref: 00441D59
                                                                                                                                                                                                                          • PostMessageA.USER32(?,000000A1,00000002,00000000), ref: 00441DC8
                                                                                                                                                                                                                          • IsChild.USER32(?,00000000), ref: 00441E71
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 00441E42
                                                                                                                                                                                                                            • Part of subcall function 004376E0: IsChild.USER32(?,?), ref: 0043775D
                                                                                                                                                                                                                            • Part of subcall function 004376E0: GetParent.USER32(?), ref: 00437777
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00442749
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ChildMessage$PostWindow$AcceleratorEnabledFocusParentSendTranslate
                                                                                                                                                                                                                          • String ID: 0$9$A$Z$hlp
                                                                                                                                                                                                                          • API String ID: 3372979518-114186910
                                                                                                                                                                                                                          • Opcode ID: 20fedb6e46ac6aad3cb2bdde098b8b7b43b3e9a2e7072b6a514ee2eee3c1162c
                                                                                                                                                                                                                          • Instruction ID: 1cc67658c70379d3f2c56e0d4c1768ee2be7e5eeee4bd07645a2b73467a1aaf9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20fedb6e46ac6aad3cb2bdde098b8b7b43b3e9a2e7072b6a514ee2eee3c1162c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3072F1706043429BFB24CF24C991B6BB3A4AF84704F10492FF94597390DB78EC86CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042A780 Relevance: 24.9, APIs: 16, Instructions: 860stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0042A7B4
                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(?,?,00000001), ref: 0042A819
                                                                                                                                                                                                                          • LHashValOfNameSys.OLEAUT32(00000001,00000000,?), ref: 0042A8B6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DefaultHashNameUserlstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2029592404-0
                                                                                                                                                                                                                          • Opcode ID: 599c7ce7fccc709ff0aee165d36a471f48c876653b2504b197f62053a9a869a1
                                                                                                                                                                                                                          • Instruction ID: 8bec6b12630514ceab86cf9c4fdc7ee487862f7aa1d87963e1ac748656e97bf2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 599c7ce7fccc709ff0aee165d36a471f48c876653b2504b197f62053a9a869a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB629EB4A00226DFCB10CF58E884AAEB7B5FF48310F65855EEC559B350D3389D92CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043CE90 Relevance: 18.4, APIs: 8, Strings: 2, Instructions: 859COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: x?L$x?L
                                                                                                                                                                                                                          • API String ID: 0-2026006276
                                                                                                                                                                                                                          • Opcode ID: f9af6fb0f022214a802f6d39bec297c5a1ad995425c4fc7fc4a6674f031f3f08
                                                                                                                                                                                                                          • Instruction ID: 3371ec7f75fa7edac6efba5dc9c23a550db16f4bcae2331c99b9ca49f9db4b8e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9af6fb0f022214a802f6d39bec297c5a1ad995425c4fc7fc4a6674f031f3f08
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A662D471A083419BD728DF24D880B6FB7E5AF88314F15552EF88A97341DB38E906CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043B9C0 Relevance: 18.3, APIs: 12, Instructions: 265threadwindownetworkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 0043B9E3
                                                                                                                                                                                                                          • IsWindow.USER32(000203FE), ref: 0043B9FF
                                                                                                                                                                                                                          • SendMessageA.USER32(000203FE,000083E7,?,00000000), ref: 0043BA18
                                                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 0043BA2D
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00443441,?,?,0043B2F5), ref: 0043BB01
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,00443441,?,?,0043B2F5), ref: 0043BB55
                                                                                                                                                                                                                          • DestroyCursor.USER32(000503F7), ref: 0043BBA4
                                                                                                                                                                                                                          • DestroyCursor.USER32(00010401), ref: 0043BBBB
                                                                                                                                                                                                                          • IsWindow.USER32(000203FE), ref: 0043BBD2
                                                                                                                                                                                                                          • DestroyCursor.USER32(?), ref: 0043BC81
                                                                                                                                                                                                                          • WSACleanup.WS2_32 ref: 0043BCCC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CursorDestroy$FreeLibraryWindow$CleanupCurrentExitMessageProcessSendThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2560087610-0
                                                                                                                                                                                                                          • Opcode ID: 12cfbe6fbff9a1f37016544d08509fdf3ea4fc511975b537fdb294b86dc55a43
                                                                                                                                                                                                                          • Instruction ID: 67d9ed53ebf44df2a95f7c23b63baba2a782ec013be71dbe6dd662b35c13dc00
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 12cfbe6fbff9a1f37016544d08509fdf3ea4fc511975b537fdb294b86dc55a43
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08A159706007029BC724EF65C8C5BABB7A5FF48304F54593EE66A87391DB38B941CB98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004746B0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 300timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?), ref: 004746DA
                                                                                                                                                                                                                            • Part of subcall function 0049417B: InterlockedDecrement.KERNEL32(-000000F4), ref: 0049418F
                                                                                                                                                                                                                            • Part of subcall function 00494557: lstrlenA.KERNEL32(004DBB40,0043B1CC,004DBB40,0043B2A5,004C3EDC,00000000,?,?,?,?,?,?,00000000,004A21D8,000000FF), ref: 00494568
                                                                                                                                                                                                                            • Part of subcall function 00493EF0: InterlockedIncrement.KERNEL32(-000000F4), ref: 00493F05
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • From: %sTo: %sCc: %sSubject: %sDate: %s, xrefs: 0047494E
                                                                                                                                                                                                                          • MIME-Version: 1.0Content-type: multipart/mixed; boundary="#BOUNDARY#", xrefs: 00474A38
                                                                                                                                                                                                                          • %+.2d%.2d, xrefs: 0047472B
                                                                                                                                                                                                                          • From: %sTo: %sSubject: %sDate: %s, xrefs: 00474994
                                                                                                                                                                                                                          • MIME-Version: 1.0Content-type: text/plain; charset=", xrefs: 00474A3F
                                                                                                                                                                                                                          • wwww, xrefs: 00474707
                                                                                                                                                                                                                          • Reply-To: %s, xrefs: 004749EA
                                                                                                                                                                                                                          • "Content-Transfer-Encoding: base64, xrefs: 00474A63
                                                                                                                                                                                                                          • %a, %d %b %Y %H:%M:%S , xrefs: 0047474D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Interlocked$DecrementIncrementInformationTimeZonelstrlen
                                                                                                                                                                                                                          • String ID: "Content-Transfer-Encoding: base64$%+.2d%.2d$%a, %d %b %Y %H:%M:%S $From: %sTo: %sCc: %sSubject: %sDate: %s$From: %sTo: %sSubject: %sDate: %s$MIME-Version: 1.0Content-type: multipart/mixed; boundary="#BOUNDARY#"$MIME-Version: 1.0Content-type: text/plain; charset="$Reply-To: %s$wwww
                                                                                                                                                                                                                          • API String ID: 2250446393-2763696259
                                                                                                                                                                                                                          • Opcode ID: c6d6a96b3aff5ded7b7334326da732a1a6b9dc6522979892184b7d23d464d0e4
                                                                                                                                                                                                                          • Instruction ID: f30b8c5370c5404d358783c0598ef0357326b915bb4d742f62e567ff10a8d8fd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6d6a96b3aff5ded7b7334326da732a1a6b9dc6522979892184b7d23d464d0e4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D0C1D7701483869FC724EB55C456FAFBBE4AFD8308F04892EF19943281EB789549CB67
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043EAD0 Relevance: 15.4, APIs: 10, Instructions: 430COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ed19e625ceb6cfe48566b8e4aee1e74a81600be5f9b93af504ee3fe5079fa23b
                                                                                                                                                                                                                          • Instruction ID: e4312d5c989aa6823e1cb0e200dd64f89cee11f9f615751bde65d831578d83e4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed19e625ceb6cfe48566b8e4aee1e74a81600be5f9b93af504ee3fe5079fa23b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3EC1F3767046188FE710EF2AEC85A6BB3A4FB88314F504D2FE446C7381D736E9068799
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00456CE0 Relevance: 12.1, APIs: 8, Instructions: 88clipboardmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,?), ref: 00456D57
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000,00000001), ref: 00456D73
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00456D95
                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00456D9D
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00456DA9
                                                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 00456DB1
                                                                                                                                                                                                                          • SetClipboardData.USER32(0000C1C2,00000000), ref: 00456DC3
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 00456DC9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClipboardGlobal$AllocCloseDataEmptyFreeLockOpenUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 453615576-0
                                                                                                                                                                                                                          • Opcode ID: 301230828b42d6b2afcc08f54926efc97fa004470066f033b0ab1e73fc70848c
                                                                                                                                                                                                                          • Instruction ID: 70df6f6f731790be7ed9eb909fd1dfce485a6b4a41149a7d734a5d69da310726
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 301230828b42d6b2afcc08f54926efc97fa004470066f033b0ab1e73fc70848c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A31C271304211AFD304EB65DC85B6BBBA8FB89711F454A2EF85283391DB38D808CB69
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00494C1D Relevance: 12.1, APIs: 8, Instructions: 72stringfileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00494C22
                                                                                                                                                                                                                          • GetFullPathNameA.KERNEL32(?,00000104,?,?,?,?), ref: 00494C40
                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,?,00000104), ref: 00494C4F
                                                                                                                                                                                                                          • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00494C83
                                                                                                                                                                                                                          • CharUpperA.USER32(?), ref: 00494C94
                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00494CAA
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00494CB6
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,?), ref: 00494CC6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CharCloseFileFirstFullH_prologInformationNamePathUpperVolumelstrcpylstrcpyn
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 304730633-0
                                                                                                                                                                                                                          • Opcode ID: ef4ae3f166cf3b39e75458403905bfe01d33eacd2c3e2724c1b73b3192597524
                                                                                                                                                                                                                          • Instruction ID: f780ac1278824cd048f9481abca04edefcb7da056b88525bdd7787029c46be5f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef4ae3f166cf3b39e75458403905bfe01d33eacd2c3e2724c1b73b3192597524
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96218C72501019BBCB10AFA1DC48EEF7F7CEF46365F018126F919D21A0D7348A46CBA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00474CC0 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 341sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00474D28
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00474D32
                                                                                                                                                                                                                          • SetLastError.KERNEL32(0000274C,004CAED8), ref: 00474E67
                                                                                                                                                                                                                            • Part of subcall function 00473F50: select.WS2_32 ref: 00473F84
                                                                                                                                                                                                                          • Sleep.KERNEL32(000000FA,?), ref: 00474D6A
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 00474D9C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountTick$ErrorLastSleepselect
                                                                                                                                                                                                                          • String ID: QUIT
                                                                                                                                                                                                                          • API String ID: 3590696308-1580285122
                                                                                                                                                                                                                          • Opcode ID: 3fc068fef442b6a76a5c4b6d846e8eee626e713c4bb58660c2663535c56db9fe
                                                                                                                                                                                                                          • Instruction ID: c776c22a0b3a29b3641f10487e13004c986025de0b9d4493d4fd83342647c82e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3fc068fef442b6a76a5c4b6d846e8eee626e713c4bb58660c2663535c56db9fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 55C1E5716087819FCB20DF64C880BAEBBD5BBC5318F044A2EF49997381D738E945C79A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00432160 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114filewindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00493EF0: InterlockedIncrement.KERNEL32(-000000F4), ref: 00493F05
                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?,*.*), ref: 004321FA
                                                                                                                                                                                                                            • Part of subcall function 0049155A: __EH_prolog.LIBCMT ref: 0049155F
                                                                                                                                                                                                                            • Part of subcall function 0049417B: InterlockedDecrement.KERNEL32(-000000F4), ref: 0049418F
                                                                                                                                                                                                                          • SendMessageA.USER32 ref: 004322A0
                                                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,00000010), ref: 004322AC
                                                                                                                                                                                                                          • FindClose.KERNEL32(?), ref: 004322BF
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001102,00000002,?), ref: 004322D1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$FileInterlockedMessageSend$CloseDecrementFirstH_prologIncrementNext
                                                                                                                                                                                                                          • String ID: *.*
                                                                                                                                                                                                                          • API String ID: 2486832813-438819550
                                                                                                                                                                                                                          • Opcode ID: 7e6950d43454b18473f261782f1891aa3449a03a0e6da8398e63dfd2c67b7a7d
                                                                                                                                                                                                                          • Instruction ID: 8bad119461e6721061eb451112d450a7c8af0e05fea833e1790a267577b33e5b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7e6950d43454b18473f261782f1891aa3449a03a0e6da8398e63dfd2c67b7a7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9641A0B1104341ABC710DF65CC45FABB7E8BB98714F048E2EF6A587290DBB8D909CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00456E30 Relevance: 10.6, APIs: 7, Instructions: 89clipboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00456E5D
                                                                                                                                                                                                                          • GetClipboardData.USER32(0000C1C2), ref: 00456E76
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 00456E82
                                                                                                                                                                                                                          • GlobalSize.KERNEL32(00000000), ref: 00456EB8
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000,00000000), ref: 00456EC0
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00456ED8
                                                                                                                                                                                                                          • CloseClipboard.USER32 ref: 00456EDE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Clipboard$Global$Close$DataLockOpenSizeUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2237123812-0
                                                                                                                                                                                                                          • Opcode ID: 90ac11d59d60701928933bffb07f33c94748e45d9c9bf417d886375bdb8f89ff
                                                                                                                                                                                                                          • Instruction ID: 9241ca5bce79c4f1ecc5255e3d5f91cb6e354bd14793ba5e09b4278ff6d07678
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 90ac11d59d60701928933bffb07f33c94748e45d9c9bf417d886375bdb8f89ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2121A532700201ABDB10AB65EC94E7F77D9EF89395B05053AF906C3341EB39D808CB69
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00442CA0 Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049846F: GetWindowLongA.USER32(?,000000F0), ref: 0049847B
                                                                                                                                                                                                                          • IsIconic.USER32(?), ref: 00442CC6
                                                                                                                                                                                                                          • IsZoomed.USER32(?), ref: 00442CD4
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00442CF2
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000000), ref: 00442D00
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000001), ref: 00442D06
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00442D34
                                                                                                                                                                                                                          • ShowWindow.USER32(?,00000005,?,00439761,00000000,?,?,?,?,?,000003E9,00000000,00000000), ref: 00442D43
                                                                                                                                                                                                                            • Part of subcall function 00498606: ShowWindow.USER32(?,?,0047F4A1,00000000,?,?,?,?,00000000), ref: 00498614
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$MetricsShowSystem$IconicLongRectZoomed
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4099700322-0
                                                                                                                                                                                                                          • Opcode ID: 2528aad1d9df4d970d09478fe7480769644c5dcc4b9f36ae41e0124b42fa8270
                                                                                                                                                                                                                          • Instruction ID: 20f3e9d1e29204e648a41194c50a5b42e0ddb36de9ee9edb9f819d70dd5b77db
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2528aad1d9df4d970d09478fe7480769644c5dcc4b9f36ae41e0124b42fa8270
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0011EB71700300ABFA34AF769D45B6F7AA8DF81701F45483EF90196281DABDD8058B6D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043B3A0 Relevance: 6.1, APIs: 4, Instructions: 94fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindNextFileA.KERNEL32(?,?), ref: 0043B3F2
                                                                                                                                                                                                                          • FindClose.KERNEL32 ref: 0043B401
                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 0043B40D
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0043B46B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1164774033-0
                                                                                                                                                                                                                          • Opcode ID: 52f041e69a9a265075e7d73fbabf8e221752ec1d015ffdb7668060ff7ee38319
                                                                                                                                                                                                                          • Instruction ID: 5f9457d5fe587e349110496e0f2bed9a370259570d892b1217b04add5facd10d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 52f041e69a9a265075e7d73fbabf8e221752ec1d015ffdb7668060ff7ee38319
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48212B325047118BD3318A24C8407BB7794EBAD324F19262AEF6987381E73DDD0283CE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004977D5 Relevance: 6.0, APIs: 4, Instructions: 38keyboardwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049846F: GetWindowLongA.USER32(?,000000F0), ref: 0049847B
                                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 004977F9
                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00497802
                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 0049780B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 00497821
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: State$LongMessageSendWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1063413437-0
                                                                                                                                                                                                                          • Opcode ID: 4e0495f3cd2b46ebe556f30763fcfcd69333e2b5c4a31cd36f5c9e3b42c7ab58
                                                                                                                                                                                                                          • Instruction ID: 5dd6e4dd2ade437ba762000fa1e6ae6c9f1b1eb13f096b2445e20218451ec45f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e0495f3cd2b46ebe556f30763fcfcd69333e2b5c4a31cd36f5c9e3b42c7ab58
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0DF02732B143462AEF2072762C4EFFA0D158F44BE5F01003FBB00AA1D28A98880283FC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00455540 Relevance: 4.8, APIs: 3, Instructions: 308keyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 00455560
                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00455570
                                                                                                                                                                                                                          • CopyRect.USER32(00000000,00000000), ref: 00455645
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: State$CopyRect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4142901696-0
                                                                                                                                                                                                                          • Opcode ID: f143b97be823400272b38da2c7e27d026a56485a705307fd04a779dea718b8a3
                                                                                                                                                                                                                          • Instruction ID: 8992310fa63c9c437602fad3dd39002f2fef12ddb00f96d0e0c2921d7c50c403
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f143b97be823400272b38da2c7e27d026a56485a705307fd04a779dea718b8a3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9A1C170704B019BD628EA15D8A1F3FB3E6EBC8706F10481FF94297382D769EC49875A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00485CEA Relevance: 4.6, APIs: 3, Instructions: 75timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLocalTime.KERNEL32(?), ref: 00485CF7
                                                                                                                                                                                                                          • GetSystemTime.KERNEL32(?), ref: 00485D01
                                                                                                                                                                                                                          • GetTimeZoneInformation.KERNEL32(?), ref: 00485D56
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Time$InformationLocalSystemZone
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2475273158-0
                                                                                                                                                                                                                          • Opcode ID: ed75485047a6c4c6ee87f219495b52c42ff9caa80881d4fd155f94d111e962bd
                                                                                                                                                                                                                          • Instruction ID: 98eaa6c9b805d351d885af7ac96142c02d1a9203a38ff26f027e884226c53928
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ed75485047a6c4c6ee87f219495b52c42ff9caa80881d4fd155f94d111e962bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A21516990191A95CB20BBA4D808AFF76F9FB09710F408952FD11A6294E3789D86C76C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004436F0 Relevance: 4.5, APIs: 3, Instructions: 49keyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00443721
                                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 00443736
                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 0044374B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: State
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1649606143-0
                                                                                                                                                                                                                          • Opcode ID: 1932642ee5db87fa275145d98cba50889f12f7e3f16c02a7185fde08b3c360b2
                                                                                                                                                                                                                          • Instruction ID: a6c448fd1ccc8d291aba5f650a7d8202bc62df41af6c0e8c5df8886019c689d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1932642ee5db87fa275145d98cba50889f12f7e3f16c02a7185fde08b3c360b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E01D6DFC0015516FF281E6595087F645410751F53F56C073C6CD37B91D54C0F8623AA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047C7D6 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindResourceA.KERNEL32(?,?,000000F0), ref: 0047C7F5
                                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 0047C801
                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 0047C80C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Resource$FindLoadLock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2752051264-0
                                                                                                                                                                                                                          • Opcode ID: dad094d1b5d468edfdf605f37cf576b95162872a0ffe7f7b2314bad9a980070c
                                                                                                                                                                                                                          • Instruction ID: dbe4e2b2a96c22eb6d0132c395cb328f5be32e60d5080c8f42c9dfb991fc4651
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dad094d1b5d468edfdf605f37cf576b95162872a0ffe7f7b2314bad9a980070c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 40F096362052019FDB106F119C48E6B7BA8DFC57A2B0A843EF905D2261DB24CC05C776
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047B4D3 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d97d75d0fdc907d223f73707c0b48ff1a5c571fc79c9ea3d1d9a2a43cdfbbb62
                                                                                                                                                                                                                          • Instruction ID: eae1164c6c9489c292312339ab8bb34277e59ce51784566d0fa6350c164bd30f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d97d75d0fdc907d223f73707c0b48ff1a5c571fc79c9ea3d1d9a2a43cdfbbb62
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2AF01971500109BACF01AF65DC08BEE3F69FB1434CB48C026F819D6221DB39DA569B99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004993D1 Relevance: 4.5, APIs: 3, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetKeyState.USER32(00000010), ref: 004993F8
                                                                                                                                                                                                                          • GetKeyState.USER32(00000011), ref: 00499401
                                                                                                                                                                                                                          • GetKeyState.USER32(00000012), ref: 0049940A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: State
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1649606143-0
                                                                                                                                                                                                                          • Opcode ID: 32be07796237ff5d0e52f56d14b4085fc47ff899b75f5126aeade747427b5ef2
                                                                                                                                                                                                                          • Instruction ID: f35a5115967e224d9ed95ea7a6b07557114865a2b2b8214c885efea88012e44f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 32be07796237ff5d0e52f56d14b4085fc47ff899b75f5126aeade747427b5ef2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 89E092359182799EEE32974A8A00FE56E905B207D0F01C47FEA44AF196C6A8CC839779
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00496A71 Relevance: 3.4, APIs: 2, Instructions: 422COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00496A76
                                                                                                                                                                                                                          • GetVersion.KERNEL32(00000007,?,?,00000000,00000000,?,0000C000,00000000,00000000,00000007), ref: 00496C29
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prologVersion
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1836448879-0
                                                                                                                                                                                                                          • Opcode ID: 311ca844854dbca428db6510e202d827215d5dafa060af5f46efee0fffcbf7df
                                                                                                                                                                                                                          • Instruction ID: a8746671b3a218ca448ce0e59ce56ffb995559c62af803114997f5f655ce92c6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 311ca844854dbca428db6510e202d827215d5dafa060af5f46efee0fffcbf7df
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17E18A70600218EFDF15DF65C880BBE7FA9AF04314F21852BF816DA291D738EA01DB69
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043F1A0 Relevance: 3.2, APIs: 2, Instructions: 209windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Iconic
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 110040809-0
                                                                                                                                                                                                                          • Opcode ID: bf749908f97805fd42aa584d69113fd57680cff65c74d278e11a9de4d85dd031
                                                                                                                                                                                                                          • Instruction ID: a8cb80ada899d0b3ed48fdc582db2d65bea29ff8f66c34fa05236a050b1dff56
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf749908f97805fd42aa584d69113fd57680cff65c74d278e11a9de4d85dd031
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F819A7A214701CBD354CF28D480B8AB7E5FBA9314F10886EE59ACB350D376E896CB65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00443540 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00443550
                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 0044355C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                          • Opcode ID: ea337403c9e3a478394b758e6f9c9c62fbb70d856c6f5da94008434a658d420d
                                                                                                                                                                                                                          • Instruction ID: e9aff3ea2dcc802c17bef8bf03de226cbaf807af10cca8e7023a164ee45ec355
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea337403c9e3a478394b758e6f9c9c62fbb70d856c6f5da94008434a658d420d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AD0A7755001006BE3119F79DD086BE3A99A744311FC80A34FA2CC12E0F63ED9588551
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044C090 Relevance: 2.8, Strings: 2, Instructions: 257COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: MTrk$d
                                                                                                                                                                                                                          • API String ID: 0-4044675371
                                                                                                                                                                                                                          • Opcode ID: b5750c6923c999bc3a0aa9cdeff3ea18d39ba73c212d8cabc00f08241fd7be74
                                                                                                                                                                                                                          • Instruction ID: 734e36ac11afddc584484bd176ab81865264dc9fb6c6c9d87f61bbe1ef15cb27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5750c6923c999bc3a0aa9cdeff3ea18d39ba73c212d8cabc00f08241fd7be74
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B591B371B017059FE758CF69C8C056AB7E2EFC8304B18853EE84ACB741EA78E905CB55
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045D980 Relevance: 2.5, APIs: 1, Instructions: 1006COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 2c8e5f5eeebfdbc9a244c686ab53b7d8541f417cc9bd80b0a3c41551c0376eb2
                                                                                                                                                                                                                          • Instruction ID: dcc7fbc756ac36b8882e6ee679b4000f7c7d0f0d6c1f2f2bf2c4f1cb0ffc7949
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c8e5f5eeebfdbc9a244c686ab53b7d8541f417cc9bd80b0a3c41551c0376eb2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08927A71604B418FD329CF2AC0906A7FBE2EF99304F14892ED9DB87B52D635B849CB45
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004459E0 Relevance: 2.1, APIs: 1, Instructions: 638COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: bda6e99bcdf2f84c47a825b3b9ba0733117865372fa97bba923acf0968d9a74f
                                                                                                                                                                                                                          • Instruction ID: 9e269527cded5f57d3dfe4a6634791690e71133196ebf2183f118ec9487c75e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bda6e99bcdf2f84c47a825b3b9ba0733117865372fa97bba923acf0968d9a74f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F332A371E006159FDF14DFA8C881BAEB7B1FF49314F24466AE406A7382DB38AD41CB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048F43D Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0008F3F7), ref: 0048F442
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                          • Opcode ID: b3e83c8744e29fb3a7f0e0da1c5911993c4700fce666cd889317951608f545dc
                                                                                                                                                                                                                          • Instruction ID: e08aff4563d9b7e3a9bdeef118068ccbb6c2dacb1905dacf2d8f35b1ea6a2c87
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b3e83c8744e29fb3a7f0e0da1c5911993c4700fce666cd889317951608f545dc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBA002B4541A49CB87006F60EC0951D7E70F64B742727857BAC01C12A9DF76445DDB5D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048F44F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32 ref: 0048F454
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                                                          • Opcode ID: 68762cd01b147ca84fccf11755a936cbf644ea7d9f81e904a3a09a149b359e78
                                                                                                                                                                                                                          • Instruction ID: 67678f12102dce85a8b6797ac7a64788d599f207612be667fe6048a4feb4d0ff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 68762cd01b147ca84fccf11755a936cbf644ea7d9f81e904a3a09a149b359e78
                                                                                                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045F7D0 Relevance: .9, Instructions: 903COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 7588268db9ad160e2392b48f534035be178d540a008719f74208fe9ed0531eb1
                                                                                                                                                                                                                          • Instruction ID: 4eab84c97b1e0898aa879f2e8f14c6f463391907f17d5d0cdf52f10a7be19ec3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7588268db9ad160e2392b48f534035be178d540a008719f74208fe9ed0531eb1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6352B8767447095BD308CE9ACC9159FF3E3ABC8304F498A3CE955C3346EEB8E90A8655
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00490141 Relevance: .4, Instructions: 417COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 96eee27f32437e687c8f6ab780d959661f25eeb4f2d71737570521a073278917
                                                                                                                                                                                                                          • Instruction ID: 92e9e460556c2a00a3235bb0895b25caad10d0a044c7f520ecb34a7bcf1a2092
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96eee27f32437e687c8f6ab780d959661f25eeb4f2d71737570521a073278917
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4CE1DC31E54219DEEF25CFA8C8067FEBFB5AB44304F68407BD541A6292D37D8982CB19
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00443DB0 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: dfc607564ea207d4eeb8509fb0284ad2cf7cd10a357d3806119f7c3d997d257d
                                                                                                                                                                                                                          • Instruction ID: ee7d1b84d8e713c31170e7fbe87e2e2e2ff07e4f170679d2f9139e1bd0e47485
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfc607564ea207d4eeb8509fb0284ad2cf7cd10a357d3806119f7c3d997d257d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B5C1CE31A086844FF725CE09C0653ABB7E2AFD1B46FA8881FE1C147352D7399E59C74A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048C3C6 Relevance: .3, Instructions: 259COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                                                                                                                                                                          • Instruction ID: d61e1f5032697caabf67041998196059342d1ef9777809b9a4f9f071182a7d48
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8B18B75A0021ADFDB15DF04C1D0AADBBA1FF58318F24C5AED81A5B342D735EA42CBA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0046E830 Relevance: .2, Instructions: 229COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cab88bb81d6f1a3f294bb195b69a7ed404116198194961875d31482ad394f9ff
                                                                                                                                                                                                                          • Instruction ID: 451f26469ff72f1176f48422239dd94ce0aea5f5bbc05631b5d374c49759cb42
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cab88bb81d6f1a3f294bb195b69a7ed404116198194961875d31482ad394f9ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BBA1F775A087418FC314CF2AC49085AFBF2BFC8714F198A6DE99987325E770E945CB42
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0046DD90 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: c85e5f8c1b8543d5e31b2507d484f8634bc59b4117db2810bbc7b5cb86d4c726
                                                                                                                                                                                                                          • Instruction ID: 2015478b2fcfddb9b6e4593167d6402d800ffd282edd910fa5c5aa0566764816
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c85e5f8c1b8543d5e31b2507d484f8634bc59b4117db2810bbc7b5cb86d4c726
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD81083954A7819FC711CF29C0D04A6FBE2BF9E204F5C999DE9C50B316D231A91ACB92
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00484AF0 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e65a41849ba1dff17564a555de7faa284a3be694d3db7f60d411abc468340149
                                                                                                                                                                                                                          • Instruction ID: dbb5366b000314ec7a2bf5d981d462b5c50c2ddc0f61605bdcb359fcebbe180e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e65a41849ba1dff17564a555de7faa284a3be694d3db7f60d411abc468340149
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E11127B720005743D714AA2ED4B03BFE399EBC533472C4A7BD1418B348D62AF9459708
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00429E90 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 049a3748405ddd25ffe2edf579d1304c72e9d31b5454db365513ef84930926e9
                                                                                                                                                                                                                          • Instruction ID: 7ff5f7ff838659ebf37fb2ed16742e0bac22b7c16e1416fe1fc2a730a37c16e9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 049a3748405ddd25ffe2edf579d1304c72e9d31b5454db365513ef84930926e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7F037752002115BD7209F15F444757F7A8AFC4715F15441EE98587344E739EC81CBA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045CDE0 Relevance: 80.0, APIs: 53, Instructions: 459windowsleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDC.USER32(?), ref: 0045CE02
                                                                                                                                                                                                                            • Part of subcall function 00444BD0: EnumDisplaySettingsA.USER32(00000000,000000FF,?), ref: 00444BDF
                                                                                                                                                                                                                          • SetStretchBltMode.GDI32(00000000,00000000), ref: 0045CE15
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 0045CE22
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 0045CE27
                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0045CE78
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0045CE8C
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0045CEB6
                                                                                                                                                                                                                          • PatBlt.GDI32(?,00000000,00000000,?,?,00F00021), ref: 0045CED8
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0045CEE8
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0045CEF4
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0045CF42
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0045CF7A
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0045CF96
                                                                                                                                                                                                                          • BitBlt.GDI32(?,?,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 0045CFBB
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045CFC7
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0045CFCE
                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0045D012
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0045D01E
                                                                                                                                                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,?,?,00000000,00CC0020), ref: 0045D043
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045D04F
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045D057
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 0045D06C
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 0045D075
                                                                                                                                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 0045D08B
                                                                                                                                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 0045D0A3
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045D0B3
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045D0C3
                                                                                                                                                                                                                          • SetBkColor.GDI32(00000000,?), ref: 0045D0D5
                                                                                                                                                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 0045D0F6
                                                                                                                                                                                                                          • SetBkColor.GDI32(00000000,?), ref: 0045D102
                                                                                                                                                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00330008), ref: 0045D11F
                                                                                                                                                                                                                          • BitBlt.GDI32(?,?,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 0045D144
                                                                                                                                                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,008800C6), ref: 0045D161
                                                                                                                                                                                                                          • BitBlt.GDI32(?,?,00000000,?,?,00000000,00000000,00000000,00EE0086), ref: 0045D186
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045D192
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0045D199
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045D1A5
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0045D1AC
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0045D1B9
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0045D1BC
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045D1F5
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0045D1FC
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0045D206
                                                                                                                                                                                                                          • StretchBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,?,?,00CC0020), ref: 0045D26A
                                                                                                                                                                                                                          • BitBlt.GDI32(00000000,?,?,?,?,?,00000000,00000000,00CC0020), ref: 0045D294
                                                                                                                                                                                                                          • SelectObject.GDI32(?,?), ref: 0045D2A4
                                                                                                                                                                                                                          • Sleep.KERNEL32(0000000A), ref: 0045D2F0
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0045D2F6
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0045D323
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0045D330
                                                                                                                                                                                                                          • DeleteDC.GDI32(?), ref: 0045D337
                                                                                                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 0045D33E
                                                                                                                                                                                                                            • Part of subcall function 0045C900: GetClientRect.USER32(?,?), ref: 0045C927
                                                                                                                                                                                                                            • Part of subcall function 0045C900: __ftol.LIBCMT ref: 0045C9FE
                                                                                                                                                                                                                            • Part of subcall function 0045C900: __ftol.LIBCMT ref: 0045CA11
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$Select$Delete$Create$Compatible$Bitmap$ColorCountStretchTick__ftol$ClientDisplayEnumModeRectReleaseSettingsSleepWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1975044605-0
                                                                                                                                                                                                                          • Opcode ID: 35004d2ce6643808f4352c46c6606e4f97be6478d1197ae710208b5784a554f5
                                                                                                                                                                                                                          • Instruction ID: 8d5470b0f0da5df08cdd0889194bcebb8e8e393eedce9c7e109d930121f97ddf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35004d2ce6643808f4352c46c6606e4f97be6478d1197ae710208b5784a554f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DE02F5B1204700AFD320DF65CC85F6BBBE9FB89B04F14891DFA9693290D774E8458B69
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00461740 Relevance: 42.4, APIs: 19, Strings: 5, Instructions: 356windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004442F0: SendMessageA.USER32(?,00000143,00000000,?), ref: 00444313
                                                                                                                                                                                                                          • GetProfileStringA.KERNEL32(windows,device,,,,,?,000001F4), ref: 00461799
                                                                                                                                                                                                                          • GetProfileStringA.KERNEL32(devices,00000000,004CFA44,?,00001000), ref: 004617D8
                                                                                                                                                                                                                          • GetProfileStringA.KERNEL32(devices,?,,,,,?,000000C8), ref: 0046181A
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000143,00000000), ref: 004618DB
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000014E,?,00000000), ref: 00461918
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000014E,?,00000000), ref: 004619BB
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 004619D4
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 004619FA
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00461A20
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00461A53
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00461A7E
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00461A94
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000014E,?,00000000), ref: 00461AAB
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00461AEF
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00461B02
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00461B2C
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00461B52
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 00461B93
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00461BA4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$wsprintf$ProfileString
                                                                                                                                                                                                                          • String ID: ,,,$device$devices$none$windows
                                                                                                                                                                                                                          • API String ID: 2373861888-528626633
                                                                                                                                                                                                                          • Opcode ID: d19af382b0ea328882aa4758d0aaa35c762a29c170eaa384822f489d9330e078
                                                                                                                                                                                                                          • Instruction ID: da4147c6a40fd03e2bf293dfac97c22e305dcdd4aeb7fbef2f96b088c545911a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d19af382b0ea328882aa4758d0aaa35c762a29c170eaa384822f489d9330e078
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5C1C5B12407016BD624EF74CC82FEB77A8AB84B14F04091EF55A971D1EE78FA04CB59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049F158 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 47registryclipboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(Native), ref: 0049F176
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(OwnerLink), ref: 0049F17F
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(ObjectLink), ref: 0049F189
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(Embedded Object), ref: 0049F193
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(Embed Source), ref: 0049F19D
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(Link Source), ref: 0049F1A7
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 0049F1B1
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 0049F1BB
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(FileName), ref: 0049F1C5
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(FileNameW), ref: 0049F1CF
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 0049F1D9
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 0049F1E3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClipboardFormatRegister
                                                                                                                                                                                                                          • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                                                                                                                          • API String ID: 1228543026-2889995556
                                                                                                                                                                                                                          • Opcode ID: 24f47ffa3c57490f04063e557974a579f62488852a52d017c57adf9c6779e5f7
                                                                                                                                                                                                                          • Instruction ID: 7f6b16f3de1fa81200b56f8c4806148627779a260d9962ed00ee03a00fb92154
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24f47ffa3c57490f04063e557974a579f62488852a52d017c57adf9c6779e5f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50016B70A44744AA8B346F769D09956BFE0EDC1B103224E2FD09587650DEFCA505CFA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00465880 Relevance: 38.0, APIs: 25, Instructions: 452windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 00465908
                                                                                                                                                                                                                            • Part of subcall function 0049D0A5: SetBkColor.GDI32(?,?), ref: 0049D0B4
                                                                                                                                                                                                                            • Part of subcall function 0049D0A5: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 0049D0E6
                                                                                                                                                                                                                          • GetSysColor.USER32(00000014), ref: 00465940
                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00465972
                                                                                                                                                                                                                          • GetSysColor.USER32(00000016), ref: 0046598B
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0046599B
                                                                                                                                                                                                                          • DrawEdge.USER32(?,?,00000002,0000000F), ref: 004659D4
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?), ref: 00465BDE
                                                                                                                                                                                                                          • RealizePalette.GDI32(?), ref: 00465C01
                                                                                                                                                                                                                          • GetSysColor.USER32(00000014), ref: 00465C19
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00465C2B
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 004658E1
                                                                                                                                                                                                                            • Part of subcall function 0049D07B: SetBkColor.GDI32(?,?), ref: 0049D085
                                                                                                                                                                                                                            • Part of subcall function 0049D07B: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 0049D09B
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00465A38
                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 00465A71
                                                                                                                                                                                                                          • GetSysColor.USER32(00000016), ref: 00465A86
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 00465A92
                                                                                                                                                                                                                          • InflateRect.USER32(?,?,?), ref: 00465AD3
                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 00465AD7
                                                                                                                                                                                                                          • Rectangle.GDI32(?,?,?,?,?), ref: 00465B1E
                                                                                                                                                                                                                          • DrawEdge.USER32(?,?,00000002,0000000F), ref: 00465B59
                                                                                                                                                                                                                          • DrawEdge.USER32(?,?,00000002,0000000F), ref: 00465C60
                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 00465CBD
                                                                                                                                                                                                                          • CreatePen.GDI32(00000000,00000001,00000000), ref: 00465CC4
                                                                                                                                                                                                                          • InflateRect.USER32(?,?,?), ref: 00465D03
                                                                                                                                                                                                                          • Rectangle.GDI32(?,?,?,?,?), ref: 00465D21
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,00000026), ref: 00465D57
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$InflateRect$DrawEdge$CapsDeviceRectangleText$CreatePaletteRealize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3119264602-0
                                                                                                                                                                                                                          • Opcode ID: 099d7dbb63d5cc2955a3cb864faab5a510b8c38f0bbe3905c72ed44ee1017dfd
                                                                                                                                                                                                                          • Instruction ID: 8412926e936fe0ac2ff2eb9cef6ea21f6b9327f412388a5bbeb5e08037dea22f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 099d7dbb63d5cc2955a3cb864faab5a510b8c38f0bbe3905c72ed44ee1017dfd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87F15AB1204701AFDB14DF64C884E6BB7E9FF88B14F044A2EF65687291EB74E805CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043A920 Relevance: 33.3, APIs: 22, Instructions: 293windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 0043A9AF
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0043AA06
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0043AA16
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0043AA49
                                                                                                                                                                                                                          • GlobalSize.KERNEL32(00000000), ref: 0043AA93
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000,00000000), ref: 0043AA9B
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043AAB4
                                                                                                                                                                                                                          • GetTopWindow.USER32(?), ref: 0043AAF1
                                                                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 0043AB0A
                                                                                                                                                                                                                          • SetParent.USER32(?,?), ref: 0043AB36
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000806F,00000000,00000000), ref: 0043AB81
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00008076,00000000,00000000), ref: 0043AB90
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0043ABA3
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00008004,00000000,00000000), ref: 0043ABBC
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 0043ABC4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 0043ABF4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000130C,00000000,00000000), ref: 0043AC02
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043AC4E
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 0043AC58
                                                                                                                                                                                                                          • SetFocus.USER32(?,00000000), ref: 0043AC70
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0043AC7B
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0043AC82
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$MessageSend$GlobalParent$Focus$FreeLockLongRectSizeUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 300820980-0
                                                                                                                                                                                                                          • Opcode ID: f7567b2caf288a4c1f15b8de0455682d03eecb9262969db79708c5e7ff7f1e4b
                                                                                                                                                                                                                          • Instruction ID: f488fec26b9fd2e511a45f9f121b54b661249e032c8b6eec86f03b14e23b95f6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f7567b2caf288a4c1f15b8de0455682d03eecb9262969db79708c5e7ff7f1e4b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ECA16FB1244700AFD714EF69CC85B2BBBE9BF88704F14991DF69187391CB78E8018B5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043FF30 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 245COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowRgn.USER32(?,00000000,00000001), ref: 0043FF61
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0043FF8E
                                                                                                                                                                                                                          • BeginPath.GDI32(?), ref: 00440017
                                                                                                                                                                                                                          • MulDiv.KERNEL32(7FFF0000,?,00007FFF), ref: 00440030
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,?,00007FFF), ref: 0044003F
                                                                                                                                                                                                                          • MulDiv.KERNEL32(3FFF0000,?,00007FFF), ref: 00440067
                                                                                                                                                                                                                          • MulDiv.KERNEL32(00000000,?,00007FFF), ref: 00440076
                                                                                                                                                                                                                          • EndPath.GDI32(?), ref: 00440091
                                                                                                                                                                                                                          • PathToRegion.GDI32(?), ref: 0044009C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Path$Window$BeginRectRegion
                                                                                                                                                                                                                          • String ID: gfff$gfff$|BL
                                                                                                                                                                                                                          • API String ID: 3989698161-890740537
                                                                                                                                                                                                                          • Opcode ID: 1d30d10d250d7089b0210360bdf1411f71b9d863a404ecf4954aff461b867c3f
                                                                                                                                                                                                                          • Instruction ID: a3968bf0828849cac744bcded8a622e30b270297c3092d65e875cbce4530d475
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d30d10d250d7089b0210360bdf1411f71b9d863a404ecf4954aff461b867c3f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5581C2B15083419FD718DF25CC45E6BBBE9FBD9704F04492EF58683290EA38A849C7A6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045EE40 Relevance: 31.7, APIs: 21, Instructions: 205COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WaitForMultipleObjects.KERNEL32(00000002,?,00000000,000022B8), ref: 0045EE55
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0045EE78
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0045EE86
                                                                                                                                                                                                                          • waveOutUnprepareHeader.WINMM(?,?,00000020), ref: 0045EEA8
                                                                                                                                                                                                                          • waveOutPrepareHeader.WINMM(?,?,00000020), ref: 0045EEF1
                                                                                                                                                                                                                          • waveOutWrite.WINMM(?,?,00000020), ref: 0045EEFE
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0045EF08
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0045EF16
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0045EF45
                                                                                                                                                                                                                          • ReleaseSemaphore.KERNEL32(?,00000014,00000000), ref: 0045EF63
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 0045EF6A
                                                                                                                                                                                                                          • waveOutPause.WINMM(?), ref: 0045EF79
                                                                                                                                                                                                                          • waveOutReset.WINMM(?), ref: 0045EF83
                                                                                                                                                                                                                          • waveOutUnprepareHeader.WINMM(?,00000000,00000020), ref: 0045EFA1
                                                                                                                                                                                                                          • waveOutUnprepareHeader.WINMM(?,?,00000020), ref: 0045EFC6
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(004DC5B0), ref: 0045EFDC
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(004DC5B0), ref: 0045F038
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0045F066
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0045F06C
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 0045F072
                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 0045F078
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$wave$EnterHeaderLeave$CloseHandleUnprepare$DeleteMultipleObjectsPausePrepareReleaseResetSemaphoreWaitWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 361331667-0
                                                                                                                                                                                                                          • Opcode ID: 15dc3499da7c9d19da00e084a6bd91f98e7d7a92a6d28f63291decfbc4505316
                                                                                                                                                                                                                          • Instruction ID: 306ad664430060b9e18bc50afaef768d6a4d0b077c975bb0d8bcef8355176082
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15dc3499da7c9d19da00e084a6bd91f98e7d7a92a6d28f63291decfbc4505316
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E71F876600219AFCB14DF64DC88AAA3BA9FF48705F09452AFD05D7351C738EE05CB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00447C60 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 183windowmemoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStockObject.GDI32(0000000F), ref: 00447CB4
                                                                                                                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00447CC7
                                                                                                                                                                                                                          • SelectPalette.GDI32(?,00000000,00000000), ref: 00447D22
                                                                                                                                                                                                                          • RealizePalette.GDI32(?), ref: 00447D2C
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000028), ref: 00447D36
                                                                                                                                                                                                                          • SelectPalette.GDI32(?,?,00000000), ref: 00447D4C
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00447D54
                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000000,00000000), ref: 00447D83
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00447DD9
                                                                                                                                                                                                                          • GlobalReAlloc.KERNEL32(00000000,?,00000002), ref: 00447DE2
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00447DEF
                                                                                                                                                                                                                          • GetDIBits.GDI32(?,?,00000000,?,00000000,00000000,00000000), ref: 00447E12
                                                                                                                                                                                                                          • SelectPalette.GDI32(?,?,00000000), ref: 00447E25
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 00447E2C
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00447E33
                                                                                                                                                                                                                            • Part of subcall function 0049ACE2: __EH_prolog.LIBCMT ref: 0049ACE7
                                                                                                                                                                                                                            • Part of subcall function 0049ACE2: ReleaseDC.USER32(?,00000000), ref: 0049AD06
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Palette$Select$AllocBitsLockObjectUnlock$FreeH_prologRealizeReleaseStock
                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                          • API String ID: 3986717603-3887548279
                                                                                                                                                                                                                          • Opcode ID: ae8d0c0868c203d4f2793542d6b32d4c99559098cd67896400ab5151b9b9dd01
                                                                                                                                                                                                                          • Instruction ID: d938b59693ed916a9720cdbf1af929da3a881fcb97ca2f282d5c29fe7d4a8996
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae8d0c0868c203d4f2793542d6b32d4c99559098cd67896400ab5151b9b9dd01
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 70617A726083509FD320DF54CC44B6BBBE8FB89710F15892DFA8597290D778E805CBA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042FCC0 Relevance: 30.1, APIs: 16, Strings: 1, Instructions: 384windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                            • Part of subcall function 0049A989: GetClipBox.GDI32(?,?), ref: 0049A990
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 0042FD05
                                                                                                                                                                                                                          • GetCurrentObject.GDI32(?,00000002), ref: 0042FD4A
                                                                                                                                                                                                                          • GetCurrentObject.GDI32(?,00000001), ref: 0042FD5D
                                                                                                                                                                                                                          • GetClientRect.USER32 ref: 0042FDE2
                                                                                                                                                                                                                          • CreatePen.GDI32(-00000003,00000000,?), ref: 0042FDFE
                                                                                                                                                                                                                          • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 0042FEC2
                                                                                                                                                                                                                            • Part of subcall function 0049AE4A: __EH_prolog.LIBCMT ref: 0049AE4F
                                                                                                                                                                                                                            • Part of subcall function 0049AE4A: EndPaint.USER32(?,?,?,?,0042EB43), ref: 0049AE6C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentH_prologObjectPaintRect$BeginClientClipCreateEmpty
                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                          • API String ID: 3506841274-1553575800
                                                                                                                                                                                                                          • Opcode ID: 1878aa16e6c77d7d8ba05ab1d56f910a4429d9952ffb82fa31968db0d090c2de
                                                                                                                                                                                                                          • Instruction ID: f93db94e530f798652e7968d008045cf521b6979d9e6b0eb024095e4cddaf464
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1878aa16e6c77d7d8ba05ab1d56f910a4429d9952ffb82fa31968db0d090c2de
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BEE18FB11083009BC714DF55D884E6FBBF9EB89710F954A2EF59583290DB38E809CBA7
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00449F10 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 223windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateDIBitmap.GDI32(?,?,00000004,?,?,00000000), ref: 00449F97
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 00449FAF
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 00449FB4
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00449FBD
                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00449FD0
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00449FE2
                                                                                                                                                                                                                          • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00449FFF
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0044A00B
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0044A014
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0044A01C
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0044A01F
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 0044A025
                                                                                                                                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 0044A05D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateObject$Select$BitmapCompatibleDelete
                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                          • API String ID: 1878064223-3887548279
                                                                                                                                                                                                                          • Opcode ID: bcbf7c17f18983012c637880c501b017cc815d4c56a609065765deb21d2305a4
                                                                                                                                                                                                                          • Instruction ID: 902840a3583b672dd778e7e33b55d084b43351939e0c50591fb50717c270e2f2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcbf7c17f18983012c637880c501b017cc815d4c56a609065765deb21d2305a4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 697155B5604304AFD320CF59D884A2BFBF9FB89710F54892EE64683640D735F8948B6A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004A0AEF Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 210memorystringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,#K), ref: 004A0B68
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 004A0B8D
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 004A0B93
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,#K), ref: 004A0BBA
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 004A0BDF
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 004A0BE5
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,0000F108,?,00000100,004B00D8,#K), ref: 004A0C42
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 004A0C67
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 004A0C6D
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?), ref: 004A0C92
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?), ref: 004A0CB7
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(?), ref: 004A0CBD
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?), ref: 004A0CE9
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001,?,?), ref: 004A0D0C
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32(00000000), ref: 004A0D12
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocByteCharMultiStringWidelstrlen
                                                                                                                                                                                                                          • String ID: #K
                                                                                                                                                                                                                          • API String ID: 792254170-3147201509
                                                                                                                                                                                                                          • Opcode ID: d6b3841e8e8affc1f77ec00d9f23b78e328c90f551ee151d8c0c85812f1e8f2d
                                                                                                                                                                                                                          • Instruction ID: 61356538c718759829983dfa68b701cafb5dad4cecd147420638e60206452ae7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6b3841e8e8affc1f77ec00d9f23b78e328c90f551ee151d8c0c85812f1e8f2d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09716E75900208EFCB11DFA5CC4199EBBB4FF1A364B20856AF814DB351D739DA42CBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00497AD6 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 174windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049846F: GetWindowLongA.USER32(?,000000F0), ref: 0049847B
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00497B01
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 00497B24
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00497B3D
                                                                                                                                                                                                                          • GetWindowLongA.USER32(00000000,000000F0), ref: 00497B50
                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 00497B9D
                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 00497BA7
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 00497BB0
                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 00497BCC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                                                                                                                          • String ID: ($@
                                                                                                                                                                                                                          • API String ID: 808654186-1311469180
                                                                                                                                                                                                                          • Opcode ID: 9134c1e040f457c1f359d31b2ac23fd2d27556b2ff88947fd6a40f18dd2cb337
                                                                                                                                                                                                                          • Instruction ID: e7a3505c9ed8f4fd489140fbeb9fa7db64e99fef404a0d75ecb5159c3c330618
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9134c1e040f457c1f359d31b2ac23fd2d27556b2ff88947fd6a40f18dd2cb337
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA519471914219AFCF10DBA8DC85FEEBFB9AF49314F194126E911F3280D734E9058B68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00461DD0 Relevance: 25.9, APIs: 17, Instructions: 351windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00496595: GetWindowTextLengthA.USER32(?), ref: 004965A2
                                                                                                                                                                                                                            • Part of subcall function 00496595: GetWindowTextA.USER32(?,00000000,00000000), ref: 004965BA
                                                                                                                                                                                                                          • __ftol.LIBCMT ref: 00461E46
                                                                                                                                                                                                                          • __ftol.LIBCMT ref: 00461E9C
                                                                                                                                                                                                                          • __ftol.LIBCMT ref: 00461EF2
                                                                                                                                                                                                                          • __ftol.LIBCMT ref: 00461F48
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00461F69
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00461F83
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0046204B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0046207D
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0046209A
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004620BA
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004620D4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 004620EC
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0046210B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00462174
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 004621D9
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 0046221B
                                                                                                                                                                                                                            • Part of subcall function 00498395: GetDlgItem.USER32(?,?), ref: 004983A3
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00462247
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$__ftol$TextWindow$ItemLength
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2143175130-0
                                                                                                                                                                                                                          • Opcode ID: 870d715facc86fc13c8d9cf2be999d1858e60754ee6abb7dcf94d9339c3b8b83
                                                                                                                                                                                                                          • Instruction ID: 25286d2ab0b88dc29c20291888976900e7f127f7fed75dbcf5029116097ff82b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 870d715facc86fc13c8d9cf2be999d1858e60754ee6abb7dcf94d9339c3b8b83
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05D1D3B1244B01BBD624EF74CC42FAB77A4AF84700F104D2EF19A962D1EB79E545CB4A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043B5A0 Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 335librarystringregistryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?,004DBC18,?,?,?,?,?,?,?,00000000,004DBB40,00000000), ref: 0043B686
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(?,?,00000000,?,?,004DBC10,004C0204,?,?,?,?,?,?,00000000,004DBB40,00000000), ref: 0043B6C3
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 0043B6F9
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,004DBB40,00000000), ref: 0043B704
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,00000000,004DBB40,00000000), ref: 0043B712
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,?,?,?,?,?,00000000,004DBB40,00000000), ref: 0043B811
                                                                                                                                                                                                                          • LoadTypeLib.OLEAUT32(?,00000000), ref: 0043B835
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,?,?,?,?,00000000,004DBB40,00000000), ref: 0043B88B
                                                                                                                                                                                                                          • RegisterTypeLib.OLEAUT32(00000000,?,00000000), ref: 0043B8AE
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,004DBB40,00000000), ref: 0043B911
                                                                                                                                                                                                                          • CLSIDFromString.OLE32(00000000,00000000,?,00000000,00000001,?,?,?,?,?,?,?,?,?,00000000,004DBB40), ref: 0043B936
                                                                                                                                                                                                                          • UnRegisterTypeLib.OLEAUT32(00000000,?,00000000,00000000,00000001), ref: 0043B95C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$LoadTypelstrlen$FreeRegister$AddressFromProcString
                                                                                                                                                                                                                          • String ID: DllRegisterServer$DllUnregisterServer
                                                                                                                                                                                                                          • API String ID: 2572237918-2931954178
                                                                                                                                                                                                                          • Opcode ID: 54fb12a9590de2fa9ebea2c2b95cdd7015b2652f3476ce06a4078a84c08d7783
                                                                                                                                                                                                                          • Instruction ID: ec3f4b3164954e427575b358b084a1c38c343599549bd720e4c81452a106e867
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54fb12a9590de2fa9ebea2c2b95cdd7015b2652f3476ce06a4078a84c08d7783
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8AB1B471900209ABDF14EFA5C885FAF77B8EF98314F14452EF915A7241D7389E05C7A4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047B3A5 Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 68libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(USER32,?,?,?,0047B4DE), ref: 0047B3C7
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 0047B3DF
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 0047B3F0
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 0047B401
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 0047B412
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 0047B423
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 0047B434
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                          • String ID: EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                                                                                                                          • API String ID: 667068680-2376520503
                                                                                                                                                                                                                          • Opcode ID: 26be020b7ffbf876e2c605e34e5bedcf5bd32c283ce0daa1b752bb93894071ff
                                                                                                                                                                                                                          • Instruction ID: 69277f4a7fc0a7be020c2f4dc9189a29a31b263a52dc2d22eece70e359377e11
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26be020b7ffbf876e2c605e34e5bedcf5bd32c283ce0daa1b752bb93894071ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10115E70A00215AEC3119F65EFC1ABABEA8F20A745364843FD008D2293D73844A5DBED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048259E Relevance: 24.3, APIs: 16, Instructions: 319windowkeyboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Focus$MessageParentStateWindow$BeepDialogH_prologItemNext
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1894107442-0
                                                                                                                                                                                                                          • Opcode ID: 0cd48e65f839db92a4d52d70f36653542045ce96dd682e0f927397da56a4ae4b
                                                                                                                                                                                                                          • Instruction ID: d7ec69c06a27fe64afb3f51bf618f1f6a46d2d125f99ff0b93cf208a2064b116
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cd48e65f839db92a4d52d70f36653542045ce96dd682e0f927397da56a4ae4b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AA1E331900205ABDF217B65CA44BAF7BA5AF04364F144C2BFC02A72A1DBBDDC81875D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00463120 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 372COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                            • Part of subcall function 004626B0: GetWindowExtEx.GDI32(?,?), ref: 004626D3
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000064,?), ref: 004631DB
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00463269
                                                                                                                                                                                                                          • DPtoLP.GDI32(?,?,00000002), ref: 0046327E
                                                                                                                                                                                                                          • OffsetRect.USER32 ref: 004632CD
                                                                                                                                                                                                                          • Rectangle.GDI32(?,?,?,?,?), ref: 0046330B
                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 00463363
                                                                                                                                                                                                                          • FillRect.USER32(?,00000032,?), ref: 004633A6
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000002), ref: 0046344F
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 00463456
                                                                                                                                                                                                                          • CreateRectRgnIndirect.GDI32(?), ref: 0046349A
                                                                                                                                                                                                                            • Part of subcall function 0049A999: SelectClipRgn.GDI32(?,00000000), ref: 0049A9BB
                                                                                                                                                                                                                            • Part of subcall function 0049A999: SelectClipRgn.GDI32(?,?), ref: 0049A9D1
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000001), ref: 004634DA
                                                                                                                                                                                                                          • DPtoLP.GDI32(?,?,00000001), ref: 00463501
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$ClipFillSelect$BeginClientCreateEmptyH_prologIndirectOffsetPaintRectangleWindow
                                                                                                                                                                                                                          • String ID: 2
                                                                                                                                                                                                                          • API String ID: 2521159323-450215437
                                                                                                                                                                                                                          • Opcode ID: ad98856ed0de1abf38f5ef168056450f057dbe78902d26e503a45e001eeac27f
                                                                                                                                                                                                                          • Instruction ID: 048a00451b0464e604d5b328293d9b85a3af4b7de29af02b20f9274c48c9fac0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad98856ed0de1abf38f5ef168056450f057dbe78902d26e503a45e001eeac27f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BE13CB12087409FD324DF69C880A6BB7E5BFC8704F408A2EF59A83351EB74E905CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044F9D0 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 279COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetProfileStringA.KERNEL32(windows,device,,,,,?,000001F4), ref: 0044FA4F
                                                                                                                                                                                                                          • GetProfileStringA.KERNEL32(devices,00000000,004CFA44,?,00001000), ref: 0044FA83
                                                                                                                                                                                                                          • GetProfileStringA.KERNEL32(devices,?,,,,,?,000000C8), ref: 0044FB0A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ProfileString
                                                                                                                                                                                                                          • String ID: ,,,$device$devices$none$windows
                                                                                                                                                                                                                          • API String ID: 1468043044-528626633
                                                                                                                                                                                                                          • Opcode ID: ab906fc7ce52aa9d4af882f2a4aa8673adb7ea3abac1292b0163ca253662dda0
                                                                                                                                                                                                                          • Instruction ID: 4f9bbb491e179ba6514c776789c6a356e8e83645f5bbf5988420754df9d0f9cb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab906fc7ce52aa9d4af882f2a4aa8673adb7ea3abac1292b0163ca253662dda0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3DB1A5751083809FD724DB64C885F9FB7E4EF95718F400A2EF89983391D7789A09C766
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049217D Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 119registryclipboardwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049E1BF: TlsGetValue.KERNEL32(004FB50C,0043B1CC,00000100,0049DC46,0049D53B,00499B97,00000100,00499B30,00000000,?,00000100,0043B1CC,0043B1CC), ref: 0049E1FE
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 004921D5
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 004921E1
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 004921ED
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 004921F9
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(commdlg_help), ref: 00492205
                                                                                                                                                                                                                          • RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 00492211
                                                                                                                                                                                                                            • Part of subcall function 004982F8: SetWindowLongA.USER32(?,000000FC,00000000), ref: 00498327
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 00492304
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClipboardFormatRegister$LongMessageSendValueWindow
                                                                                                                                                                                                                          • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                                                                                                                                                                          • API String ID: 3913284445-3888057576
                                                                                                                                                                                                                          • Opcode ID: 59b9a4f9fe5298d82ba2e24169602672b44b36b260401e424ae0603ce01e0850
                                                                                                                                                                                                                          • Instruction ID: bffb3f661724373cf0b795135fbf2eb17ac5defb623a56830848b69d01fd1ee8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 59b9a4f9fe5298d82ba2e24169602672b44b36b260401e424ae0603ce01e0850
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D418D30600208AFCF25AF25DE49BBA3FE5EB85794F15047BF805572A0C7B89850CBAD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044A170 Relevance: 22.8, APIs: 15, Instructions: 305windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00444BD0: EnumDisplaySettingsA.USER32(00000000,000000FF,?), ref: 00444BDF
                                                                                                                                                                                                                          • SetStretchBltMode.GDI32(?,00000000), ref: 0044A184
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0044A209
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0044A221
                                                                                                                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 0044A262
                                                                                                                                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 0044A278
                                                                                                                                                                                                                          • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0044A2D6
                                                                                                                                                                                                                          • StretchBlt.GDI32(?,000000FF,?,?,?,?,00000000,00000000,?,?,00660046), ref: 0044A32F
                                                                                                                                                                                                                          • StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,008800C6), ref: 0044A369
                                                                                                                                                                                                                          • StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00660046), ref: 0044A3A3
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0044A41B
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0044A428
                                                                                                                                                                                                                          • StretchBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,?), ref: 0044A46B
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0044A477
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0044A47E
                                                                                                                                                                                                                          • DrawIconEx.USER32(?,?,?,?,?,?,00000000,00000000,00000003), ref: 0044A4BD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Stretch$Create$CompatibleObject$Select$BitmapDeleteDisplayDrawEnumIconModeSettings
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1298110373-0
                                                                                                                                                                                                                          • Opcode ID: f71fb34bfff6bc1cc02500310c739fe01b46c48b208e0e23da5492386fc0937e
                                                                                                                                                                                                                          • Instruction ID: 02a91ec0fff417edd08742c5fc15eb625019c98546ad85c553808d6afd754b75
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f71fb34bfff6bc1cc02500310c739fe01b46c48b208e0e23da5492386fc0937e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5EB15B71244704AFE710DB64CC85F6BB7E9FB89714F108A1DFAA683290D774EC118BA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045BE50 Relevance: 22.8, APIs: 15, Instructions: 255windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CopyRect.USER32(?,?), ref: 0045BE86
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: __EH_prolog.LIBCMT ref: 0049AFDA
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: CreateSolidBrush.GDI32(?), ref: 0049AFF7
                                                                                                                                                                                                                          • FillRect.USER32(?,?,00000000), ref: 0045BEC4
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000002E), ref: 0045BEED
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000002D), ref: 0045BEF3
                                                                                                                                                                                                                          • DrawFrameControl.USER32(?,?,00000003,?), ref: 0045BF66
                                                                                                                                                                                                                          • DrawEdge.USER32(?,?,0000000A,0000000F), ref: 0045BF79
                                                                                                                                                                                                                          • InflateRect.USER32(?,00FFFFFD,00000001), ref: 0045BF94
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0045BFB8
                                                                                                                                                                                                                          • Rectangle.GDI32(?,?,?,?,?), ref: 0045C00B
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000001,00000001), ref: 0045C075
                                                                                                                                                                                                                          • GetSysColor.USER32(00000014), ref: 0045C07B
                                                                                                                                                                                                                          • OffsetRect.USER32(?,000000FF,000000FF), ref: 0045C0A3
                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 0045C0A9
                                                                                                                                                                                                                          • InflateRect.USER32(?,000000FF,000000FF), ref: 0045C0F2
                                                                                                                                                                                                                          • DrawFocusRect.USER32(?,?), ref: 0045C101
                                                                                                                                                                                                                            • Part of subcall function 00496595: GetWindowTextLengthA.USER32(?), ref: 004965A2
                                                                                                                                                                                                                            • Part of subcall function 00496595: GetWindowTextA.USER32(?,00000000,00000000), ref: 004965BA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$ColorDraw$InflateMetricsOffsetSystemTextWindow$BrushControlCopyCreateEdgeFillFocusFrameH_prologLengthRectangleSolid
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4239342997-0
                                                                                                                                                                                                                          • Opcode ID: 09c2253e8db595b07a1de014dcd7c43a3d8305218a5a764fc4a2628cd9b3401c
                                                                                                                                                                                                                          • Instruction ID: b9705fd128904379c5292f1b3db7c073ce887fe57ca9b6a3ceb175a7d20d9813
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09c2253e8db595b07a1de014dcd7c43a3d8305218a5a764fc4a2628cd9b3401c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8A16971208345AFC704DF64C889A6BBBE8FF88714F004A2DF99587391DBB4E945CB96
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049FFAE Relevance: 21.4, APIs: 14, Instructions: 385stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0049FFB3
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 0049FFE4
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 004A0287
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 004A02AE
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 004A0312
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004A0327
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 004A033C
                                                                                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 004A0377
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 004A0387
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$ClearFreeString$ChangeH_prologTypelstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 344392101-0
                                                                                                                                                                                                                          • Opcode ID: e6fbc28861c5fe55211ff46b70d9340240d7910779a390bd812bec420de74fbd
                                                                                                                                                                                                                          • Instruction ID: 4fd7b2318dd73f640628215f546b084cdc4ef1a45435606d1d57bc5b81862f1a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e6fbc28861c5fe55211ff46b70d9340240d7910779a390bd812bec420de74fbd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCE19D71D0020ADFDF10DFA8D884AEEBBB4FF16304F14442AE911A7291D7799D52CBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045EA60 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 331threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 0045EBCB
                                                                                                                                                                                                                          • CreateSemaphoreA.KERNEL32(00000000,00000014,00000014,00000000), ref: 0045EBE0
                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(?), ref: 0045EC0B
                                                                                                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,0045EE40,?,00000004,?), ref: 0045EC40
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(004DC5B0), ref: 0045EC52
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(004DC5B0,-000000FC,00000000,00000000), ref: 0045EE05
                                                                                                                                                                                                                          • ResumeThread.KERNEL32(?), ref: 0045EE13
                                                                                                                                                                                                                          • ReleaseSemaphore.KERNEL32(?,00000014,00000000), ref: 0045EE25
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateCriticalSection$SemaphoreThread$EnterEventInitializeLeaveReleaseResume
                                                                                                                                                                                                                          • String ID: RIFF$WAVE$data$fmt
                                                                                                                                                                                                                          • API String ID: 1802393137-4212202414
                                                                                                                                                                                                                          • Opcode ID: c4d2e32c78263919e3957e3df38045a1bccfc4301430d5a9e37dd3f06bc467cf
                                                                                                                                                                                                                          • Instruction ID: 36b83032757f2a8ba781054de55788e6e60e71cb15603c55810394e3c96c900f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c4d2e32c78263919e3957e3df38045a1bccfc4301430d5a9e37dd3f06bc467cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 21B1C2B56003019BC718DF25DC95B2B77E6FB84309F14462EFD4697382E678EA08CB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048FE32 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 221COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CompareStringW.KERNEL32(00000000,00000000,004B386C,00000001,004B386C,00000001,00000000,023C11FC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,004830E3), ref: 0048FE70
                                                                                                                                                                                                                          • CompareStringA.KERNEL32(00000000,00000000,004B3868,00000001,004B3868,00000001), ref: 0048FE8D
                                                                                                                                                                                                                          • CompareStringA.KERNEL32(00468760,00468800,004688B0,00000000,0H,00000000,00000000,023C11FC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,004830E3), ref: 0048FEEB
                                                                                                                                                                                                                          • GetCPInfo.KERNEL32(00000000,00000000,00000000,023C11FC,0000000C,00000000,0000000C,00000000,000001D0,00000000,00000000,004830E3,00000000), ref: 0048FF3C
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000), ref: 0048FFBB
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 0049001C
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,?,00000000,00000000), ref: 0049002F
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0049007B
                                                                                                                                                                                                                          • CompareStringW.KERNEL32(00468526,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00490093
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharCompareMultiStringWide$Info
                                                                                                                                                                                                                          • String ID: h8K$l8K$0H
                                                                                                                                                                                                                          • API String ID: 1651298574-1231221313
                                                                                                                                                                                                                          • Opcode ID: 519e8c9c4836614daf48d98acb08bb7a2a81a1138f5b34041e302b78ded9a178
                                                                                                                                                                                                                          • Instruction ID: a151a0fd353a2d0ec012de30e759141da59e9aa8ed2ad2d346df21b914e07df1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 519e8c9c4836614daf48d98acb08bb7a2a81a1138f5b34041e302b78ded9a178
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C671A031900249AFCF21AF54DD45AEF7FB6EB06310F14443BFB50A2260D7398855DB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00477550 Relevance: 20.0, APIs: 13, Instructions: 460COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 499691e4f0755b9b585c5b3bbdf190a4fc34427dfa5478b23e7747fca992f188
                                                                                                                                                                                                                          • Instruction ID: 8c5fbbbc83338a9c8e635c7a10a377237e0c28eae20ac8e9528c394c45686865
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 499691e4f0755b9b585c5b3bbdf190a4fc34427dfa5478b23e7747fca992f188
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23E17AB23047059FD320DF68D880AABB3E8FB88315F50892EF596CB341D775E8158BA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042CBA0 Relevance: 19.9, APIs: 13, Instructions: 372COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: d69474277717117593971b6b6793d7212ed9d25b5b86e273eceba822080c95d1
                                                                                                                                                                                                                          • Instruction ID: 8fb12a8d5ff7e89c1217cf037cd802e6690d660563fc2546bb95c0542287d663
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d69474277717117593971b6b6793d7212ed9d25b5b86e273eceba822080c95d1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24D17A747047209FD724DF28D8C1A6BBBE5EB48318FA4492EE556C7690D638EC41CB1A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00477110 Relevance: 19.9, APIs: 13, Instructions: 371windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001036,00000000,00000000), ref: 00477338
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001003,00000000,00000124), ref: 00477392
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001003,00000002,0000012C), ref: 004773D8
                                                                                                                                                                                                                          • ImageList_SetBkColor.COMCTL32(?,00000000), ref: 00477441
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001208,00000000,00000000), ref: 00477471
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001024,00000000,?), ref: 00477488
                                                                                                                                                                                                                          • IsWindow.USER32(00000000), ref: 004773FD
                                                                                                                                                                                                                            • Part of subcall function 0042BF00: GetSysColor.USER32(0000000F), ref: 0042BF0D
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001026,00000000,00000000), ref: 004774A2
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001001,00000000,00000000), ref: 004774BC
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F89), ref: 004774EC
                                                                                                                                                                                                                          • LoadCursorA.USER32(?,000007D8), ref: 00477503
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 00477510
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000103E,00000000,00000000), ref: 0047751E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CursorLoad$Color$ImageList_Window
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1757432420-0
                                                                                                                                                                                                                          • Opcode ID: 659f72c83ad50227a175429bab0aaf3381cc863a0fa5e78c2d85bc4443292b43
                                                                                                                                                                                                                          • Instruction ID: 7f319907b611c1f3f9e8d984ea451bf13b85798312e01b5f80dc71dd74462d18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 659f72c83ad50227a175429bab0aaf3381cc863a0fa5e78c2d85bc4443292b43
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 69C16F70704706ABE724DB75CC81FA7B7E8AB44744F44892DFA59C7381EB68E801CB69
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00440310 Relevance: 19.9, APIs: 13, Instructions: 369COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                            • Part of subcall function 0049A989: GetClipBox.GDI32(?,?), ref: 0049A990
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 0044035F
                                                                                                                                                                                                                          • CreateRectRgn.GDI32 ref: 004403C1
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0044044A
                                                                                                                                                                                                                            • Part of subcall function 0049AE4A: __EH_prolog.LIBCMT ref: 0049AE4F
                                                                                                                                                                                                                            • Part of subcall function 0049AE4A: EndPaint.USER32(?,?,?,?,0042EB43), ref: 0049AE6C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$H_prologPaint$BeginClientClipCreateEmpty
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2708814891-0
                                                                                                                                                                                                                          • Opcode ID: 27b48cae31975b3d969922d310faae77c3bb934f7c27dbc8b5d203e8b4bccc35
                                                                                                                                                                                                                          • Instruction ID: f55acfcfbb2007634a4ed4b157f05342ce656291e50d60ebfc4fa63ee60b45a9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 27b48cae31975b3d969922d310faae77c3bb934f7c27dbc8b5d203e8b4bccc35
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 58D17E711083419FD314DF65C984A6FBBE8FBC8704F048A2EF59993281DB78E919CB96
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004563E0 Relevance: 19.8, APIs: 13, Instructions: 320windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCapture.USER32 ref: 004563FE
                                                                                                                                                                                                                          • SetCapture.USER32(?,?,?,?,?,?,?,?,?,004A3828,000000FF,00455C3D,?,?,?,?), ref: 0045641B
                                                                                                                                                                                                                            • Part of subcall function 0049AC70: __EH_prolog.LIBCMT ref: 0049AC75
                                                                                                                                                                                                                            • Part of subcall function 0049AC70: GetDC.USER32(00000001), ref: 0049AC9E
                                                                                                                                                                                                                            • Part of subcall function 004626B0: GetWindowExtEx.GDI32(?,?), ref: 004626D3
                                                                                                                                                                                                                            • Part of subcall function 0049AB9E: GetWindowExtEx.GDI32(?,0047D2C2,00000000,?,?,?,0047D2C2,?), ref: 0049ABAF
                                                                                                                                                                                                                            • Part of subcall function 0049AB9E: GetViewportExtEx.GDI32(?,?,?,0047D2C2,?), ref: 0049ABBC
                                                                                                                                                                                                                            • Part of subcall function 0049AB9E: MulDiv.KERNEL32(0047D2C2,00000000,00000000), ref: 0049ABE1
                                                                                                                                                                                                                            • Part of subcall function 0049AB9E: MulDiv.KERNEL32(46892C46,00000000,00000000), ref: 0049ABFC
                                                                                                                                                                                                                            • Part of subcall function 0049A72F: SetMapMode.GDI32(?,?), ref: 0049A748
                                                                                                                                                                                                                            • Part of subcall function 0049A72F: SetMapMode.GDI32(?,?), ref: 0049A756
                                                                                                                                                                                                                            • Part of subcall function 0049A6A4: SetROP2.GDI32(?,?), ref: 0049A6BD
                                                                                                                                                                                                                            • Part of subcall function 0049A6A4: SetROP2.GDI32(?,?), ref: 0049A6CB
                                                                                                                                                                                                                            • Part of subcall function 0049A648: SetBkMode.GDI32(?,?), ref: 0049A661
                                                                                                                                                                                                                            • Part of subcall function 0049A648: SetBkMode.GDI32(?,?), ref: 0049A66F
                                                                                                                                                                                                                            • Part of subcall function 0049AF85: __EH_prolog.LIBCMT ref: 0049AF8A
                                                                                                                                                                                                                            • Part of subcall function 0049AF85: CreatePen.GDI32(?,?,?), ref: 0049AFAD
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,00000000), ref: 0049A58E
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,?), ref: 0049A5A4
                                                                                                                                                                                                                          • GetCapture.USER32 ref: 004564E1
                                                                                                                                                                                                                          • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 00456500
                                                                                                                                                                                                                          • DispatchMessageA.USER32(?), ref: 00456541
                                                                                                                                                                                                                          • DispatchMessageA.USER32(?), ref: 0045655D
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 004565A4
                                                                                                                                                                                                                          • GetCapture.USER32 ref: 004565CC
                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 004565F4
                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 00456650
                                                                                                                                                                                                                          • DPtoLP.GDI32 ref: 00456694
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000000,?,00000000,?,?,?,00000000,?,?,?), ref: 0045671D
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 004567AB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Capture$Mode$Message$DispatchH_prologInvalidateObjectRectReleaseSelectWindow$ClientCreateScreenViewport
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 453157188-0
                                                                                                                                                                                                                          • Opcode ID: e933a80f71b7f1b31d7ec3d92d4684c17f8c68fe2f189fe48b358dc7b14fcb67
                                                                                                                                                                                                                          • Instruction ID: 23997f01abb5eb2076317475d8e98297d213594d138c33631fab2ed2ccf82938
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e933a80f71b7f1b31d7ec3d92d4684c17f8c68fe2f189fe48b358dc7b14fcb67
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06B1A571104700AFD714EB65C885F6FBBE9AF88749F50091EF55283292DB38ED09CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042F380 Relevance: 19.7, APIs: 10, Strings: 1, Instructions: 426COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                            • Part of subcall function 0049A989: GetClipBox.GDI32(?,?), ref: 0049A990
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 0042F3C7
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0042F3DF
                                                                                                                                                                                                                          • InflateRect.USER32(?,?,?), ref: 0042F49D
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 0042F507
                                                                                                                                                                                                                          • CreateRectRgn.GDI32(?,?,?,?), ref: 0042F521
                                                                                                                                                                                                                          • FillRgn.GDI32(?,?,?), ref: 0042F6D6
                                                                                                                                                                                                                          • GetCurrentObject.GDI32(?,00000006), ref: 0042F755
                                                                                                                                                                                                                            • Part of subcall function 0049A530: GetStockObject.GDI32(?), ref: 0049A539
                                                                                                                                                                                                                            • Part of subcall function 0049A530: SelectObject.GDI32(0042C895,00000000), ref: 0049A553
                                                                                                                                                                                                                            • Part of subcall function 0049A530: SelectObject.GDI32(0042C895,00000000), ref: 0049A55E
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000001,00000001), ref: 0042F833
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000002,00000002), ref: 0042F8C7
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000001,00000001), ref: 0042F87A
                                                                                                                                                                                                                            • Part of subcall function 0049A700: SetTextColor.GDI32(?,?), ref: 0049A71A
                                                                                                                                                                                                                            • Part of subcall function 0049A700: SetTextColor.GDI32(?,?), ref: 0049A728
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Object$Offset$ColorSelectText$BeginClientClipCreateCurrentEmptyFillH_prologInflateIntersectPaintStock
                                                                                                                                                                                                                          • String ID: 4#K
                                                                                                                                                                                                                          • API String ID: 4264835570-2206497575
                                                                                                                                                                                                                          • Opcode ID: f67822e826f165d0405fc270aa392180029320a3148bd293a91b3959884c833d
                                                                                                                                                                                                                          • Instruction ID: 0ba94a3fe0052f614be724cd5a8f31c64b3e7b838cd032da9e7bbe3a6775b420
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f67822e826f165d0405fc270aa392180029320a3148bd293a91b3959884c833d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BB0269712083809FD724DF65D884AABB7F5ABD8304F804D2EF19683291DB78E949CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00432B50 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 130stringprocessCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,?), ref: 00432BE8
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,\shell\open\command,80000000,.htm,?,?,?,?), ref: 00432C27
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00432C7C
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,004C3D78), ref: 00432CC5
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000000,?), ref: 00432CCD
                                                                                                                                                                                                                          • WinExec.KERNEL32(?,?), ref: 00432CD5
                                                                                                                                                                                                                            • Part of subcall function 0049417B: InterlockedDecrement.KERNEL32(-000000F4), ref: 0049418F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrcat$DecrementExecExecuteInterlockedShelllstrlen
                                                                                                                                                                                                                          • String ID: "%1"$.htm$\shell\open\command$mailto:$open
                                                                                                                                                                                                                          • API String ID: 51986957-2182632014
                                                                                                                                                                                                                          • Opcode ID: 81b783c74e691c2e03cdccf52e92aaee4d2461c64130230791de19cd3d412760
                                                                                                                                                                                                                          • Instruction ID: 592ba8a4e752b79bf3fc70ee7029284f3edc9e43f00df10c320a4cae0803ba25
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81b783c74e691c2e03cdccf52e92aaee4d2461c64130230791de19cd3d412760
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30410432104302ABC720EF65DD85FAFB7E4ABD8714F104A2EF55593280E778A945C7AA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00449570 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 405COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InflateRect.USER32(?,?,?), ref: 00449616
                                                                                                                                                                                                                            • Part of subcall function 00449340: SetRect.USER32(?,00000000,00000032,00000032,?), ref: 00449429
                                                                                                                                                                                                                            • Part of subcall function 00449340: OffsetRect.USER32(?,?,?), ref: 00449436
                                                                                                                                                                                                                            • Part of subcall function 00449340: IntersectRect.USER32(?,?,?), ref: 00449452
                                                                                                                                                                                                                            • Part of subcall function 00449340: IsRectEmpty.USER32(?), ref: 0044945D
                                                                                                                                                                                                                          • InflateRect.USER32(?,?,?), ref: 00449689
                                                                                                                                                                                                                          • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 0044988D
                                                                                                                                                                                                                          • GetClipRgn.GDI32(?,00000000), ref: 0044989C
                                                                                                                                                                                                                          • CreatePolygonRgn.GDI32 ref: 0044991A
                                                                                                                                                                                                                          • SelectClipRgn.GDI32(?,?), ref: 004499FD
                                                                                                                                                                                                                          • CreatePolygonRgn.GDI32(?,00000005,00000002), ref: 00449A20
                                                                                                                                                                                                                          • SelectClipRgn.GDI32(?,?), ref: 00449AA1
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00449AB7
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$ClipCreate$InflatePolygonSelect$DeleteEmptyIntersectObjectOffset
                                                                                                                                                                                                                          • String ID: gfff
                                                                                                                                                                                                                          • API String ID: 1105800552-1553575800
                                                                                                                                                                                                                          • Opcode ID: 0297e4ffc0bb3d36be33b66bb70ba4c4a9ab143551340238d6d4419f75dd8c5b
                                                                                                                                                                                                                          • Instruction ID: fca301324d7bb993fd39ad9b1bb9e3b24a1718df5709395eab9b15f920d7157b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0297e4ffc0bb3d36be33b66bb70ba4c4a9ab143551340238d6d4419f75dd8c5b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEF115B46083419FD324DF19C980B6BBBE5FBC9304F148A2EF99987391E774A805CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00494FC1 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00494FC6
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000002A), ref: 00495077
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(?,?,00000000,?,?), ref: 00495101
                                                                                                                                                                                                                          • CreateDialogIndirectParamA.USER32(?,?,?,Function_00094E09,00000000), ref: 00495133
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
                                                                                                                                                                                                                          • String ID: Helv$MS Sans Serif$MS Shell Dlg
                                                                                                                                                                                                                          • API String ID: 2364537584-2894235370
                                                                                                                                                                                                                          • Opcode ID: 3790d4644832b8af46d377ba25a471de4e84943b12378d7182911e329a3475a1
                                                                                                                                                                                                                          • Instruction ID: 438a986d15db31479099dd12456aa7304a6e639fedc13811adad871503a84b8d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3790d4644832b8af46d377ba25a471de4e84943b12378d7182911e329a3475a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE615A71D0060ADFCF15EFA4D886AAEBFB1BF04315F24443FE505A6291DB388A45CB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047BD3F Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 121comstringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0047BD44
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0047BD77
                                                                                                                                                                                                                          • GetStockObject.GDI32(0000000D), ref: 0047BD82
                                                                                                                                                                                                                          • GetObjectA.GDI32(?,0000003C,?), ref: 0047BDB0
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0047BDCD
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001), ref: 0047BDF2
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,0000005A), ref: 0047BE48
                                                                                                                                                                                                                          • OleCreateFontIndirect.OLEAUT32(00000020,004AFFF8,?), ref: 0047BE74
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$Stock$ByteCapsCharCreateDeviceFontH_prologIndirectMultiWidelstrlen
                                                                                                                                                                                                                          • String ID: $4#K
                                                                                                                                                                                                                          • API String ID: 2666205934-1417036357
                                                                                                                                                                                                                          • Opcode ID: aebd26edf4cca5a41d7ed8efb62f7c5ad493ea7257ff9cb5442fc577a69dec72
                                                                                                                                                                                                                          • Instruction ID: f2f0063010d3e70a31c9bbd29ae666fe764ba1c7b96baf897220f690ebd8a402
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aebd26edf4cca5a41d7ed8efb62f7c5ad493ea7257ff9cb5442fc577a69dec72
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6414A75D012199FCF20DFA5C885AEEBFB8EF49304F24812AE514E3241E7388A49CB94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00429880 Relevance: 16.8, APIs: 11, Instructions: 316COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 004298A7
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(00000000), ref: 004298D6
                                                                                                                                                                                                                          • VariantCopyInd.OLEAUT32(00000000), ref: 004298DE
                                                                                                                                                                                                                          • SafeArrayGetElement.OLEAUT32(?,?,?), ref: 0042995E
                                                                                                                                                                                                                            • Part of subcall function 004433E0: HeapAlloc.KERNEL32(00890000,00000000,00000008,?,?,00429841,00000008,?), ref: 004433F1
                                                                                                                                                                                                                          • VariantCopyInd.OLEAUT32(?), ref: 00429B06
                                                                                                                                                                                                                          • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 00429B1F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$CopyInit$AllocArrayChangeElementHeapSafeType
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3823512745-0
                                                                                                                                                                                                                          • Opcode ID: b565231144af55ee6c7f7288e9e4a4d220eea96e8be03da040c4dca10f21c855
                                                                                                                                                                                                                          • Instruction ID: 27be9ae4e55e69036e5aaa3361be4b09c95afedc779c16a1d9499239f72ca336
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b565231144af55ee6c7f7288e9e4a4d220eea96e8be03da040c4dca10f21c855
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BC1A074E0031ADFCB14CF95E884AAEBBB4FF89704F54842AE855AB350D7389D42CB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00447FA0 Relevance: 16.8, APIs: 11, Instructions: 265windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00447FDD
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,00000064), ref: 00448012
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,?,00000064), ref: 0044803D
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32 ref: 00448077
                                                                                                                                                                                                                          • GetSystemPaletteEntries.GDI32(?,00000000,000000FF,00000004), ref: 004480B1
                                                                                                                                                                                                                          • CreatePalette.GDI32(00000000), ref: 004480BC
                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32(?,?,?), ref: 0044811C
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0044814F
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 00448188
                                                                                                                                                                                                                          • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 004481EB
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 004482B3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Create$Compatible$Palette$BitmapCapsDeviceEntriesFreeGlobalObjectStretchSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3563226738-0
                                                                                                                                                                                                                          • Opcode ID: 53e26db8749f9d20139e0efef8514cd0064e01b621aea6f85eed4d5ab806072d
                                                                                                                                                                                                                          • Instruction ID: 6b3ed7ddcf5642d810fcc26351ea694d032f778dc2dbc2a60fc492fb4f090c5c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 53e26db8749f9d20139e0efef8514cd0064e01b621aea6f85eed4d5ab806072d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E91A3711083449FD710EF65C885B6FBBE8AB95704F144A2EF59583281DB78EC08CB9B
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00465350 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTextExtentPoint32A.GDI32(?,?,?,00000090), ref: 004653CF
                                                                                                                                                                                                                          • GetTextExtentPoint32A.GDI32(?,?,?,00000090), ref: 004653F4
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0046547E
                                                                                                                                                                                                                          • SetRect.USER32(00000080,?,?,?,?), ref: 004654B3
                                                                                                                                                                                                                          • SetRect.USER32(00000070,?,?,?,?), ref: 004654F8
                                                                                                                                                                                                                          • SetRect.USER32(00000060,?,?,?,?), ref: 0046556B
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000001), ref: 00465596
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000000), ref: 0046559C
                                                                                                                                                                                                                          • OffsetRect.USER32(00000080,00000000,00000000), ref: 004655B4
                                                                                                                                                                                                                          • OffsetRect.USER32(00000080,00000000,00000000), ref: 004655C2
                                                                                                                                                                                                                          • OffsetRect.USER32(00000080,00000000,00000000), ref: 004655D4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Offset$ExtentMetricsPoint32SystemText$Window
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1551820068-0
                                                                                                                                                                                                                          • Opcode ID: f530bc695d93801a438fe9c39098477ff23e5e06a1b99b3735f121892eb78240
                                                                                                                                                                                                                          • Instruction ID: ffaaae7d4451757fd24d81114d43e49a8d5d45b88b94fc80c827692a3d512a51
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f530bc695d93801a438fe9c39098477ff23e5e06a1b99b3735f121892eb78240
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E912571200B05AFD318CF29C985A6AF7E6FB88700F148A2DA99AC7754EB74FC058B55
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045CA90 Relevance: 16.7, APIs: 11, Instructions: 197windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0045CACE
                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 0045CB32
                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 0045CB9E
                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 0045CC17
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0045CC43
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045CC59
                                                                                                                                                                                                                          • SetStretchBltMode.GDI32(?,00000000), ref: 0045CC8D
                                                                                                                                                                                                                          • StretchBlt.GDI32(?,?,?,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 0045CCC4
                                                                                                                                                                                                                          • BitBlt.GDI32(?,00000000,?,?,?,00000000,00000000,00000000,00CC0020), ref: 0045CCF3
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: __EH_prolog.LIBCMT ref: 0049AFDA
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: CreateSolidBrush.GDI32(?), ref: 0049AFF7
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0045CCFB
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0045CD08
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Fill$CreateObjectSelectStretch$BrushClientCompatibleDeleteH_prologModeSolid
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1645634290-0
                                                                                                                                                                                                                          • Opcode ID: 61ea1c049e2034b901d22a83db0340dbaab8165aa2cd5e14d4d5f1386f7abe22
                                                                                                                                                                                                                          • Instruction ID: f963ec24ee2ddc47a71774dc20d116d900ae28dbb9b3ffff66aa406ef8c1d58c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 61ea1c049e2034b901d22a83db0340dbaab8165aa2cd5e14d4d5f1386f7abe22
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E714BB42047409FC720DF64D884F6BBBE8BB88705F144A1EF59A93251D738E849CB2A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00435B60 Relevance: 16.7, APIs: 11, Instructions: 169windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Mode$ColorCurrentObject$FillPolyStretchText
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 544274770-0
                                                                                                                                                                                                                          • Opcode ID: 10363a4dce9f77fef7d33e86573c1ee5603e968b6fcdeb71cac1051ccea501cf
                                                                                                                                                                                                                          • Instruction ID: 775a97c5d57d07746a3a260bc57fbdded17a0f9ccb7a14c4a6ed50c1810a4e91
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10363a4dce9f77fef7d33e86573c1ee5603e968b6fcdeb71cac1051ccea501cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A513D71210F019BC764DB74C888BABB7A5EF88705F155A1DE26F87260DB38F885CB58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045B7C0 Relevance: 16.6, APIs: 11, Instructions: 149windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0045B7FD
                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32 ref: 0045B832
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0045B862
                                                                                                                                                                                                                            • Part of subcall function 0049A519: SelectObject.GDI32(?,?), ref: 0049A521
                                                                                                                                                                                                                          • PatBlt.GDI32(?,00000000,00000000,?,?,00000042), ref: 0045B89A
                                                                                                                                                                                                                          • GetObjectA.GDI32(00000000,00000018,?), ref: 0045B8B5
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0045B8C0
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0045B8D0
                                                                                                                                                                                                                          • BitBlt.GDI32(?,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 0045B8F3
                                                                                                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 0045B8FF
                                                                                                                                                                                                                          • DeleteDC.GDI32(00000000), ref: 0045B902
                                                                                                                                                                                                                          • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 0045B92B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$CompatibleCreateSelect$BeginBitmapClientDeleteH_prologPaintRect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1593221388-0
                                                                                                                                                                                                                          • Opcode ID: 40960f297df99fb79bedcd3a1d45e1b17af1e94d3f229e08af64c1ef75294442
                                                                                                                                                                                                                          • Instruction ID: f706a4682609a73938d529486024a787dd1b9fcc158af86bfb43dea163861695
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 40960f297df99fb79bedcd3a1d45e1b17af1e94d3f229e08af64c1ef75294442
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E9513D71208345AFD710DFA5CC89F6BBBE8EBC9714F04892DF69583281D778E8048B66
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00435130 Relevance: 15.3, APIs: 10, Instructions: 312windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0043516F
                                                                                                                                                                                                                          • CreateCompatibleBitmap.GDI32 ref: 004351CB
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 004351FB
                                                                                                                                                                                                                          • CreateRectRgn.GDI32(00000000,00000000,00000001,?), ref: 00435290
                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000000,00000001,?), ref: 004352B9
                                                                                                                                                                                                                            • Part of subcall function 0042EFD0: __ftol.LIBCMT ref: 0042F0E9
                                                                                                                                                                                                                            • Part of subcall function 0042EFD0: __ftol.LIBCMT ref: 0042F0F6
                                                                                                                                                                                                                          • FillRgn.GDI32(?,?,?), ref: 0043532C
                                                                                                                                                                                                                          • PatBlt.GDI32(?,00000000,00000000,00000001,?,00F00021), ref: 0043539F
                                                                                                                                                                                                                            • Part of subcall function 0042BF00: GetSysColor.USER32(0000000F), ref: 0042BF0D
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: __EH_prolog.LIBCMT ref: 0049AFDA
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: CreateSolidBrush.GDI32(?), ref: 0049AFF7
                                                                                                                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 0043541B
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 00435459
                                                                                                                                                                                                                          • BitBlt.GDI32(?,00000000,00000000,00000001,?,?,00000000,00000000,00CC0020), ref: 004354B8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Create$CompatibleRect$__ftol$BitmapBrushClientColorFillH_prologObjectSolid
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2289681609-0
                                                                                                                                                                                                                          • Opcode ID: ad332d27dc3eba995f70caca61070a9303ba03bffe73cf50b595ed73bdd01231
                                                                                                                                                                                                                          • Instruction ID: 883e5938afd30ad0258d737d795b2f2fe6c3b2bc6edee1c7612ef815b02fd59b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ad332d27dc3eba995f70caca61070a9303ba03bffe73cf50b595ed73bdd01231
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FC1A3711087419FC724DB65C885F6BBBE8AF98748F04492EF486C3291DB78E848CB67
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00446DE0 Relevance: 15.3, APIs: 10, Instructions: 288COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(00FFFFFF), ref: 00446F3F
                                                                                                                                                                                                                          • GetWindowRect.USER32(?), ref: 00446F69
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 00446F97
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 00446FA5
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00447013
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00447024
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00447039
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000001), ref: 0044704F
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004470DA
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000000,00000001), ref: 004470F4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Window$BrushCreateCursorLoadMetricsObjectOffsetSolidStockSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3805611468-0
                                                                                                                                                                                                                          • Opcode ID: 5f7ad2f2be75b15074bf3994fa82755810eecfa900db2e0909fe5be181f2cfc5
                                                                                                                                                                                                                          • Instruction ID: 9445b2d0c43b743ba38e07470e12aed52fadd824cc5341e2cac741d93b91def6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5f7ad2f2be75b15074bf3994fa82755810eecfa900db2e0909fe5be181f2cfc5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00A1E4702047019FE724DF75C885F6FBBE6AB85704F10492EF1568B381EB79E8058B5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00434D20 Relevance: 15.2, APIs: 10, Instructions: 198windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                            • Part of subcall function 0049A989: GetClipBox.GDI32(?,?), ref: 0049A990
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00434D6E
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00434D86
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 00434DB6
                                                                                                                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00434DED
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 00434E13
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00434E68
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 00434E73
                                                                                                                                                                                                                          • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 00434EB1
                                                                                                                                                                                                                          • DPtoLP.GDI32(?,?,00000002), ref: 00434F36
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00434F98
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$EmptyIntersect$BeginClientClipCompatibleCreateH_prologObjectPaintWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 29348440-0
                                                                                                                                                                                                                          • Opcode ID: fc22a2ce9d8c8785d9fb791c1b38d7683683c1fc55c9a8f756a89b4bd365bacb
                                                                                                                                                                                                                          • Instruction ID: 10e1c33e8212d06f133328a80d3d945b04998be29ea9fb60f5b6cc1ae0f41c50
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc22a2ce9d8c8785d9fb791c1b38d7683683c1fc55c9a8f756a89b4bd365bacb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A68127B55083419FC724DF65C984AABBBE9FBC8704F048E2EF59A83250D734E909CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00429F10 Relevance: 15.2, APIs: 10, Instructions: 196comstringregistryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00429F5C
                                                                                                                                                                                                                          • LoadTypeLib.OLEAUT32(00000000,00000003), ref: 00429F84
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,00000001), ref: 00429F9B
                                                                                                                                                                                                                            • Part of subcall function 004946B3: MultiByteToWideChar.KERNEL32(00000000,00000000,0043B931,000000FF,00000000,0043B931,00000001,0043B931,?,00000000,00000001), ref: 004946D0
                                                                                                                                                                                                                          • GetUserDefaultLCID.KERNEL32(00000000,00000003,?,00000001,?,?,00000001,?,?,00000001), ref: 00429FD6
                                                                                                                                                                                                                          • LHashValOfNameSys.OLEAUT32(00000001,00000000), ref: 00429FDF
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0042A032
                                                                                                                                                                                                                          • RegisterTypeLib.OLEAUT32(00000003,00000000,00000000), ref: 0042A059
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000017,004AFFC8,00000000,?,?), ref: 0042A0A3
                                                                                                                                                                                                                          • CoCreateInstance.OLE32(?,00000000,00000007,004AFFC8,00000000), ref: 0042A0BD
                                                                                                                                                                                                                          • OleRun.OLE32(00000000), ref: 0042A0C7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: lstrlen$CreateInstanceType$ByteCharDefaultHashLoadMultiNameRegisterUserWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4079641114-0
                                                                                                                                                                                                                          • Opcode ID: b04a394371b3d749b4887ffa934b0cabeb9fceb684cdb21c2374b86045a754f8
                                                                                                                                                                                                                          • Instruction ID: d3dc4b948f4c9687c1ccc29d4dbd2f670cd6dd9b311956382f784002602a9007
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b04a394371b3d749b4887ffa934b0cabeb9fceb684cdb21c2374b86045a754f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB518C71A00219ABCB10DFA1DC44F9F77B8EF46354F10446AF905E7240E779AE05CBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00445690 Relevance: 15.2, APIs: 10, Instructions: 179COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004456AD
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004456BC
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00445715
                                                                                                                                                                                                                          • EqualRect.USER32(?,?), ref: 00445745
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00445763
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 004457DA
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,00000000), ref: 004457F4
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,00000000), ref: 0044580C
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000000,?), ref: 00445826
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000000,?), ref: 0044583E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Offset$Window$EqualIntersect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2638238157-0
                                                                                                                                                                                                                          • Opcode ID: a32b08c1929314e598a761d771b6433d6cfd61f8b7e5b2a8e14d618a0e63d158
                                                                                                                                                                                                                          • Instruction ID: 622570418eae40463f2dee40853b9bbc7f0c6a757c13ff1e9030701b6b0aad1e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a32b08c1929314e598a761d771b6433d6cfd61f8b7e5b2a8e14d618a0e63d158
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BD511CB56083069FD708CF28C98096BBBE9AFC8744F004A2EF985D3355EA74ED05CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045C200 Relevance: 15.1, APIs: 10, Instructions: 86COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000002E), ref: 0045C211
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000002D), ref: 0045C217
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000A), ref: 0045C21D
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000000A), ref: 0045C228
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000009), ref: 0045C236
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000009), ref: 0045C242
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0045C267
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0045C26D
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,00000000), ref: 0045C292
                                                                                                                                                                                                                          • SetRect.USER32(?,?,00000000,?,?), ref: 0045C2C4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MetricsSystem$Rect$Window$Parent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3457858938-0
                                                                                                                                                                                                                          • Opcode ID: b47e249002807a906196f94ce17070bb6f29a12a2c7c2779dbe6a0c0df621eb2
                                                                                                                                                                                                                          • Instruction ID: 578cd9ec70cd57718a5d67283b2fef9e1d127e85838097f2c3d97865d2fc4f10
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b47e249002807a906196f94ce17070bb6f29a12a2c7c2779dbe6a0c0df621eb2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 87218671A043095FD704DFB8DC8592F7BA9EBC8700F00492EB945D7281D7B4ED098BA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047EB83 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __ftol$ModeRelease
                                                                                                                                                                                                                          • String ID: W
                                                                                                                                                                                                                          • API String ID: 1379597261-655174618
                                                                                                                                                                                                                          • Opcode ID: e4fde9f10b38656c9f59151b2e01dc65baa85b0b8e2b1f1716685c7cf3fcfaa8
                                                                                                                                                                                                                          • Instruction ID: 2a4f21153a55d969e1fba3600643cae1c166d8256731162999d1ecdfa928d0c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4fde9f10b38656c9f59151b2e01dc65baa85b0b8e2b1f1716685c7cf3fcfaa8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F6414874A01209EFCB05CF99C588AEEBFB4FF09700F15819AE85AAB391C7349A10CF14
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049A17E Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0049A19A
                                                                                                                                                                                                                          • GetStockObject.GDI32(0000000D), ref: 0049A1A2
                                                                                                                                                                                                                          • GetObjectA.GDI32(00000000,0000003C,?), ref: 0049A1AF
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 0049A1BE
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0049A1D5
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000048,00000000), ref: 0049A1E1
                                                                                                                                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 0049A1EC
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                                                                                                                          • String ID: System
                                                                                                                                                                                                                          • API String ID: 46613423-3470857405
                                                                                                                                                                                                                          • Opcode ID: 5b7204348e1e224dca2ce418f07068fb601fba3ce4f96cabeedaf226e6d6b9bf
                                                                                                                                                                                                                          • Instruction ID: 166f161c4142beb22483cbbf682e8e2c27540756be15922a797c4f1ece7e07c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5b7204348e1e224dca2ce418f07068fb601fba3ce4f96cabeedaf226e6d6b9bf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 06118231A40318ABEF109BA5CC46FAE7F78EB05B41F044036FA05E61C0D7B49D518BA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048F5F2 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(user32.dll,?,00000000,?,00488385,?,Microsoft Visual C++ Runtime Library,00012010,?,004B35F8,?,004B3648,?,?,?,Runtime Error!Program: ), ref: 0048F604
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0048F61C
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0048F62D
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0048F63A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                          • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                                                                                                          • API String ID: 2238633743-4044615076
                                                                                                                                                                                                                          • Opcode ID: 87a90e919de46be3988205eb0e78cc64a3d33b71c7f7ace89e93ef66061c6202
                                                                                                                                                                                                                          • Instruction ID: 3d65a872824aaa314e44176fbc3b6f5371b7c7b0e85e251295b561ff691f01b2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 87a90e919de46be3988205eb0e78cc64a3d33b71c7f7ace89e93ef66061c6202
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33017571700641AF8701AFB5DC80A7B7A98EA55691714493FA100E2230EF788856CBAD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00497FA8 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(COMCTL32.DLL,00000800,00000000,00000400,004982A2,?,00020000), ref: 00497FB1
                                                                                                                                                                                                                          • LoadLibraryA.KERNEL32(COMCTL32.DLL), ref: 00497FBA
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 00497FCE
                                                                                                                                                                                                                          • #17.COMCTL32 ref: 00497FE9
                                                                                                                                                                                                                          • #17.COMCTL32 ref: 00498005
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00498011
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$AddressFreeHandleLoadModuleProc
                                                                                                                                                                                                                          • String ID: COMCTL32.DLL$InitCommonControlsEx
                                                                                                                                                                                                                          • API String ID: 1437655972-4218389149
                                                                                                                                                                                                                          • Opcode ID: ae639c67074baa2b8513422c85876bdf0683a8c7410819c2d0ce2ca1a1db9fb0
                                                                                                                                                                                                                          • Instruction ID: dac87a90df459006d91034894ef7c6ef44c911270869101fe122c2000a12b3de
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae639c67074baa2b8513422c85876bdf0683a8c7410819c2d0ce2ca1a1db9fb0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17F0A933708212578A219F78DD48B5B7E9CAF9676170B083AF540E3250CF28DC05976D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00440FB0 Relevance: 13.9, APIs: 9, Instructions: 387windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsChild.USER32(?,?), ref: 00440FE8
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00441079
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 004411AB
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 004411BD
                                                                                                                                                                                                                            • Part of subcall function 0049862D: IsWindowEnabled.USER32(?), ref: 00498637
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0044120E
                                                                                                                                                                                                                          • IsChild.USER32(?,?), ref: 0044122E
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 004413D7
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F1,00000001,00000000), ref: 004413F4
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0044144F
                                                                                                                                                                                                                            • Part of subcall function 004376E0: IsChild.USER32(?,?), ref: 0043775D
                                                                                                                                                                                                                            • Part of subcall function 004376E0: GetParent.USER32(?), ref: 00437777
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ParentWindow$Child$EnabledMessageSendVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2452671399-0
                                                                                                                                                                                                                          • Opcode ID: d54841c0ad1e209909a3947908e7efe8e904effbc3854339977f27814ddac8b5
                                                                                                                                                                                                                          • Instruction ID: ba65d1bcf2cff33cbf13fed19c193f40b1ab66de27f19b58ed6b1626537b2afe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d54841c0ad1e209909a3947908e7efe8e904effbc3854339977f27814ddac8b5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33E1BB716043518FE720DF65C881B6BB7E4BF85704F044A2EF985973A1DB38E845CB9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042EFD0 Relevance: 13.8, APIs: 9, Instructions: 271COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00449F10: CreateDIBitmap.GDI32(?,?,00000004,?,?,00000000), ref: 00449F97
                                                                                                                                                                                                                            • Part of subcall function 00449F10: CreateCompatibleDC.GDI32(?), ref: 00449FAF
                                                                                                                                                                                                                            • Part of subcall function 00449F10: CreateCompatibleDC.GDI32(?), ref: 00449FB4
                                                                                                                                                                                                                            • Part of subcall function 00449F10: SelectObject.GDI32(00000000,?), ref: 00449FBD
                                                                                                                                                                                                                            • Part of subcall function 00449F10: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00449FD0
                                                                                                                                                                                                                            • Part of subcall function 00449F10: SelectObject.GDI32(00000000,00000000), ref: 00449FE2
                                                                                                                                                                                                                            • Part of subcall function 00449F10: BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00449FFF
                                                                                                                                                                                                                            • Part of subcall function 00449F10: SelectObject.GDI32(00000000,?), ref: 0044A00B
                                                                                                                                                                                                                            • Part of subcall function 00449F10: DeleteDC.GDI32(00000000), ref: 0044A014
                                                                                                                                                                                                                            • Part of subcall function 00449F10: SelectObject.GDI32(00000000,?), ref: 0044A01C
                                                                                                                                                                                                                            • Part of subcall function 00449F10: DeleteDC.GDI32(00000000), ref: 0044A01F
                                                                                                                                                                                                                          • __ftol.LIBCMT ref: 0042F0E9
                                                                                                                                                                                                                          • __ftol.LIBCMT ref: 0042F0F6
                                                                                                                                                                                                                          • CreateRectRgn.GDI32(00000000,?,00000000,?), ref: 0042F165
                                                                                                                                                                                                                          • CombineRgn.GDI32(?,?,004B149C,00000004), ref: 0042F18B
                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,?,?,?), ref: 0042F1D6
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 0042F1EE
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 0042F219
                                                                                                                                                                                                                          • CreateRectRgn.GDI32(00000000,?,?,00000000), ref: 0042F2BB
                                                                                                                                                                                                                          • CombineRgn.GDI32(?,?,004B149C,00000004), ref: 0042F2E1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Create$Rect$ObjectSelect$Compatible$BitmapCombineDelete__ftol$EmptyIntersect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 909876544-0
                                                                                                                                                                                                                          • Opcode ID: 4768baa98747442043b044b97dff5c9483b4a345f8175cad9dd31dca8dc158ad
                                                                                                                                                                                                                          • Instruction ID: f85937cbec01994e539646b8237a9232e2da53239d58c7576f2911b5dc072a51
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4768baa98747442043b044b97dff5c9483b4a345f8175cad9dd31dca8dc158ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 86A17CB16083419FD314CF29C984A6BBBF8FBC8740F944A2DF59583290EB74D848CB96
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00453140 Relevance: 13.7, APIs: 9, Instructions: 186COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CopyRect.USER32(?,00000000), ref: 004531B7
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 004531C2
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00453201
                                                                                                                                                                                                                          • DPtoLP.GDI32(?,?,00000002), ref: 00453213
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000002), ref: 00453250
                                                                                                                                                                                                                          • CreateRectRgnIndirect.GDI32(?), ref: 00453268
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 0045328D
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000002), ref: 0045329F
                                                                                                                                                                                                                            • Part of subcall function 0049AF85: __EH_prolog.LIBCMT ref: 0049AF8A
                                                                                                                                                                                                                            • Part of subcall function 0049AF85: CreatePen.GDI32(?,?,?), ref: 0049AFAD
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,00000000), ref: 0049A58E
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,?), ref: 0049A5A4
                                                                                                                                                                                                                            • Part of subcall function 0049A530: GetStockObject.GDI32(?), ref: 0049A539
                                                                                                                                                                                                                            • Part of subcall function 0049A530: SelectObject.GDI32(0042C895,00000000), ref: 0049A553
                                                                                                                                                                                                                            • Part of subcall function 0049A530: SelectObject.GDI32(0042C895,00000000), ref: 0049A55E
                                                                                                                                                                                                                            • Part of subcall function 0049A6A4: SetROP2.GDI32(?,?), ref: 0049A6BD
                                                                                                                                                                                                                            • Part of subcall function 0049A6A4: SetROP2.GDI32(?,?), ref: 0049A6CB
                                                                                                                                                                                                                          • Rectangle.GDI32(?,?,?,?,?), ref: 00453313
                                                                                                                                                                                                                            • Part of subcall function 0049A999: SelectClipRgn.GDI32(?,00000000), ref: 0049A9BB
                                                                                                                                                                                                                            • Part of subcall function 0049A999: SelectClipRgn.GDI32(?,?), ref: 0049A9D1
                                                                                                                                                                                                                            • Part of subcall function 0049AF6F: DeleteObject.GDI32(00000000), ref: 0049AF7E
                                                                                                                                                                                                                            • Part of subcall function 0049ACE2: __EH_prolog.LIBCMT ref: 0049ACE7
                                                                                                                                                                                                                            • Part of subcall function 0049ACE2: ReleaseDC.USER32(?,00000000), ref: 0049AD06
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ObjectSelect$Rect$ClipCreateH_prolog$ClientCopyDeleteEmptyIndirectOffsetRectangleReleaseStock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2841338838-0
                                                                                                                                                                                                                          • Opcode ID: ddfe65da0c986c9bef8af49fa17cee679f72588ccd744f747f084603db460531
                                                                                                                                                                                                                          • Instruction ID: b283d084e118133ed53d0b2d43ea0a6aeb14473eec7e5ab3a8379d54878a3d28
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddfe65da0c986c9bef8af49fa17cee679f72588ccd744f747f084603db460531
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EE613C71208300AFC714DF65C885A6BFBE9EFC8758F44491DF59683291DB78E908CBA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048B794 Relevance: 13.7, APIs: 9, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000100,004B386C,00000001,00000000,00000000,771AE860,004FBCBC,?,?,00486BA6,00200020,?), ref: 0048B7D6
                                                                                                                                                                                                                          • LCMapStringA.KERNEL32(00000000,00000100,004B3868,00000001,00000000,00000000,?,00486BA6,00200020,?,?,?,?,?), ref: 0048B7F2
                                                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,?,00200020,00486BA6,?,771AE860,004FBCBC,?,?,00486BA6,00200020,?), ref: 0048B83B
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,004FBCBD,?,00200020,00000000,00000000,771AE860,004FBCBC,?,?,00486BA6,00200020,?), ref: 0048B873
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00200020,?,00000000,?,00486BA6,00200020,?), ref: 0048B8CB
                                                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,00486BA6,00200020,?), ref: 0048B8E1
                                                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,?,00486BA6,00000000,00486BA6,?,?,00486BA6,00200020,?), ref: 0048B914
                                                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,00486BA6,00200020,?), ref: 0048B97C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: String$ByteCharMultiWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 352835431-0
                                                                                                                                                                                                                          • Opcode ID: 96725f63ed373632db1018471eea2ca55c1b1b04cfc5b67495eaf2892c58ff81
                                                                                                                                                                                                                          • Instruction ID: f7c4f7cad9afb17c688d7401a81039e2fa5e4399aca679f8ba346177f8fbccd1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 96725f63ed373632db1018471eea2ca55c1b1b04cfc5b67495eaf2892c58ff81
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0051A171900209EFCF21AF55CC45AEF7FB8FB49750F24452AFA24A1260D3398D61DBA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00445440 Relevance: 13.6, APIs: 9, Instructions: 118COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCapture.USER32 ref: 00445446
                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 00445483
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 004454AC
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 004454B2
                                                                                                                                                                                                                            • Part of subcall function 0049AADE: ScreenToClient.USER32(?,?), ref: 0049AAF2
                                                                                                                                                                                                                            • Part of subcall function 0049AADE: ScreenToClient.USER32(?,?), ref: 0049AAFB
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004454D5
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,00000000), ref: 004454F3
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,00000000), ref: 0044550B
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000000,?), ref: 00445529
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000000,?), ref: 00445549
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Offset$Client$Screen$CaptureParent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 838496554-0
                                                                                                                                                                                                                          • Opcode ID: f2e05c8f12fc5d4d9f5abe950c02f874fdaf609cae67c84d8749a2edc5f2ebb3
                                                                                                                                                                                                                          • Instruction ID: ca753bb9fa296073d4805172ff94a77b39485876971ec0afa16d14e3da2e0a91
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2e05c8f12fc5d4d9f5abe950c02f874fdaf609cae67c84d8749a2edc5f2ebb3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6441F875204301AFD718DF68D984D7FB7E9ABC8704F00891EF596C3255DA74ED088B66
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004952A5 Relevance: 13.6, APIs: 9, Instructions: 113COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 004952AA
                                                                                                                                                                                                                          • FindResourceA.KERNEL32(?,00000000,00000005), ref: 004952E2
                                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,?,00000000), ref: 004952EA
                                                                                                                                                                                                                            • Part of subcall function 004960E4: UnhookWindowsHookEx.USER32(?), ref: 00496109
                                                                                                                                                                                                                          • LockResource.KERNEL32(?,?,00000000,?,?,?,00000000), ref: 004952F7
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(?), ref: 0049532A
                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 00495338
                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 004953C6
                                                                                                                                                                                                                          • GetActiveWindow.USER32 ref: 004953D1
                                                                                                                                                                                                                          • SetActiveWindow.USER32(?,?,?,00000000,?,?,?,00000000), ref: 004953DF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Resource$ActiveEnable$EnabledFindH_prologHookLoadLockUnhookWindows
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 401145483-0
                                                                                                                                                                                                                          • Opcode ID: a9b14619811dcdb9b6f7c98cd112d0e4365e02798f1e8e8c3662a6a04f75736e
                                                                                                                                                                                                                          • Instruction ID: 2ebab9275eac024116f615c93bd5f6ca2c81b89919aa124e7f9379e8365ae45e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a9b14619811dcdb9b6f7c98cd112d0e4365e02798f1e8e8c3662a6a04f75736e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C41A031900B04DFCF22AF65CC49A6FBFB5BF45715F24062FE902A2291DBB99940CB59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00442D50 Relevance: 13.6, APIs: 9, Instructions: 85windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,00000001,?,?,?,?), ref: 00442D6A
                                                                                                                                                                                                                          • GetTopWindow.USER32(?), ref: 00442D70
                                                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 00442D81
                                                                                                                                                                                                                          • GetWindowLongA.USER32(00000000,000000EC), ref: 00442D92
                                                                                                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00442DE5
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00442DFA
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 00442E05
                                                                                                                                                                                                                          • InvalidateRect.USER32(00000000,00000000,00000000,?,?,?,?), ref: 00442E16
                                                                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 00442E1B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Window$Invalidate$ClientEmptyIntersectLongVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 938479747-0
                                                                                                                                                                                                                          • Opcode ID: 80ae4265e8698c9570198430c21ae0cab8a6f4ad8ea427178e8ef9e3b4690bc3
                                                                                                                                                                                                                          • Instruction ID: 61c53812f15de6383d42ebc138b2db9fc5f620e891d9803aefc01ebafb58f713
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80ae4265e8698c9570198430c21ae0cab8a6f4ad8ea427178e8ef9e3b4690bc3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 90219F72600302AFD711DF55CD84D6BBBACFF8D705B044A2DF54593241DB78E9098BAA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00491C12 Relevance: 13.6, APIs: 9, Instructions: 80windowstringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,0000000C,?,?,00447269,?,-00000001,00000000,?,?,?,004C8B88), ref: 00491C1C
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 00491C37
                                                                                                                                                                                                                            • Part of subcall function 004960E4: UnhookWindowsHookEx.USER32(?), ref: 00496109
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(?), ref: 00491C60
                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 00491C72
                                                                                                                                                                                                                          • GetOpenFileNameA.COMDLG32(?,?), ref: 00491C9D
                                                                                                                                                                                                                          • GetSaveFileNameA.COMDLG32(?,?), ref: 00491CA4
                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000001), ref: 00491CBB
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00491CC1
                                                                                                                                                                                                                          • SetFocus.USER32(?), ref: 00491CCF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$EnableFileFocusName$EnabledHookOpenSaveUnhookWindowslstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3606897497-0
                                                                                                                                                                                                                          • Opcode ID: 35ea496cd6f768575a50c47dc6c72bf35729668df90c8270ed238df66f7290eb
                                                                                                                                                                                                                          • Instruction ID: d8a5f55dbf026dbff0d6098180df8f5d82087c94c3d9dc1c4509c11e8f0c200d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35ea496cd6f768575a50c47dc6c72bf35729668df90c8270ed238df66f7290eb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B21A131640701ABDF21AB72EC4AB5B7FE8AF41314F15443FF55282261DB79E800CB59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00457230 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 157COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 0045726F
                                                                                                                                                                                                                          • CreateFontIndirectA.GDI32(00000028), ref: 004572D8
                                                                                                                                                                                                                          • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 0045731F
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateExtentFontIndirectPoint32Textwsprintf
                                                                                                                                                                                                                          • String ID: ($4#K$4#K$x?L
                                                                                                                                                                                                                          • API String ID: 3175173087-1076753953
                                                                                                                                                                                                                          • Opcode ID: bf9570754576d8df2107772ea79654bc0b2b77e2679a8283cd7c2d5875b8237f
                                                                                                                                                                                                                          • Instruction ID: 9caa653bda03f3c98650e4e45bbb82433d9457bc56cb9cf847b58ddc17df5f09
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bf9570754576d8df2107772ea79654bc0b2b77e2679a8283cd7c2d5875b8237f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0751C7712083458FC324DF24C885B6FBBE5FB89315F144A2DF89683382DB759909CB96
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049C9FE Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 140windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000019F,00000000,00000000), ref: 0049CA22
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0049CA29
                                                                                                                                                                                                                            • Part of subcall function 0049846F: GetWindowLongA.USER32(?,000000F0), ref: 0049847B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000187,00000000,00000000), ref: 0049CA7C
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000111,?,?), ref: 0049CACD
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000185,00000000,00000000), ref: 0049CB58
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$LongParentWindow
                                                                                                                                                                                                                          • String ID: $-FC
                                                                                                                                                                                                                          • API String ID: 779260966-1372638570
                                                                                                                                                                                                                          • Opcode ID: 3ca1f8022e55f5db2deddf800d658205b79deea290e10be108598719dc000c71
                                                                                                                                                                                                                          • Instruction ID: bc001db667a24e137b96c255880463f8e4b2be65f37f5b16185a9388134508a6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3ca1f8022e55f5db2deddf800d658205b79deea290e10be108598719dc000c71
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF31B3702007586FCE24BA368CC5D3F7E9DEB89799B11093EF546D32C1DA69EC0246AD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004477F0 Relevance: 12.4, APIs: 8, Instructions: 368windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreatePopupMenu.USER32 ref: 0044796E
                                                                                                                                                                                                                          • AppendMenuA.USER32(?,?,00000000,?), ref: 00447AD1
                                                                                                                                                                                                                          • AppendMenuA.USER32(?,00000000,00000000,?), ref: 00447B09
                                                                                                                                                                                                                          • ModifyMenuA.USER32(?,00000000,00000000,00000000,00000000), ref: 00447B27
                                                                                                                                                                                                                          • AppendMenuA.USER32(?,?,00000000,?), ref: 00447B85
                                                                                                                                                                                                                          • ModifyMenuA.USER32(?,?,?,?,?), ref: 00447BAA
                                                                                                                                                                                                                          • AppendMenuA.USER32(?,?,?,?), ref: 00447BF2
                                                                                                                                                                                                                          • ModifyMenuA.USER32(?,?,?,?,?), ref: 00447C17
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$Append$Modify$CreatePopup
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3846898120-0
                                                                                                                                                                                                                          • Opcode ID: f847cb6d54bf3b4f4ba57a75e3defa9be5a910628b504dff543b23883d0c6d9c
                                                                                                                                                                                                                          • Instruction ID: 42bad23355f7fd11399fba979261ffa3dcca68a615a7af64b9da2e19612554bd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f847cb6d54bf3b4f4ba57a75e3defa9be5a910628b504dff543b23883d0c6d9c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FDD19DB15083519BE714DF19D880A6BBBE4FF89718F05452EF98993341E738ED02CB9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00488261 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004882CE
                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(000000F4,004B35F8,00000000,?,00000000), ref: 004883A4
                                                                                                                                                                                                                          • WriteFile.KERNEL32(00000000), ref: 004883AB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$HandleModuleNameWrite
                                                                                                                                                                                                                          • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                                                                                          • API String ID: 3784150691-4022980321
                                                                                                                                                                                                                          • Opcode ID: 062558d409ddb948c265ba6818953ba7756337fc930580110e06d6ebb00964e3
                                                                                                                                                                                                                          • Instruction ID: b8989f5a6d73e65dc2a16bc1224cdcb012752823390ad523c2b7378e1c73685e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 062558d409ddb948c265ba6818953ba7756337fc930580110e06d6ebb00964e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF31C672A00208AFDF20FB65CC49FDE376CEB85704F9408AFF544D6141DA79AA508B5D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044E010 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: accept
                                                                                                                                                                                                                          • String ID: %s:%d$P
                                                                                                                                                                                                                          • API String ID: 3005279540-612342447
                                                                                                                                                                                                                          • Opcode ID: 97dd4c1b0ede2638870db6de37cc4f614da119d2515ea3f8c16d9126b7619fc2
                                                                                                                                                                                                                          • Instruction ID: f2c66dbbffdb705c3651540414754207b552890382c466f8aaa2fdf4fd54d2aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97dd4c1b0ede2638870db6de37cc4f614da119d2515ea3f8c16d9126b7619fc2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E31B8311146019FE720EB29DC88DBFB7E8FFD5324F044A2DF5A1922D0E774990A8B55
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042A330 Relevance: 12.3, APIs: 8, Instructions: 323COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VariantInit.OLEAUT32(?), ref: 0042A36E
                                                                                                                                                                                                                          • VariantCopyInd.OLEAUT32(?,?), ref: 0042A37E
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0042A6CE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$ClearCopyInit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1785138364-0
                                                                                                                                                                                                                          • Opcode ID: 7678565cd954c5f5e7b51c5bd16b3b6dfdadce8f361b4643fbcdce695a21c262
                                                                                                                                                                                                                          • Instruction ID: c08d9738d94bc9060b4564af8f7d81aa64f94513550ed6cfe637e1d9a4e06fd4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7678565cd954c5f5e7b51c5bd16b3b6dfdadce8f361b4643fbcdce695a21c262
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7BB1D235B002269FDB10DF58E8486AFB765EF05300F58446AEC419B350D37ADCA2CB9B
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00470A90 Relevance: 12.3, APIs: 8, Instructions: 306COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: __ftol
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 495808979-0
                                                                                                                                                                                                                          • Opcode ID: 325912a85be792d8388927cec17e617a7e33ed8f8cd8df04ac7ecaf390675167
                                                                                                                                                                                                                          • Instruction ID: 3aad9ccd993f7bfee0a0b769b723874831640bf74c62794cf64cc434e03bf39f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 325912a85be792d8388927cec17e617a7e33ed8f8cd8df04ac7ecaf390675167
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CFD16272908342DFD301AF21D18925ABFB0FFD5744FA60D99E0D56626AE3308578CF86
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004444D0 Relevance: 12.2, APIs: 8, Instructions: 181windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                            • Part of subcall function 0049A989: GetClipBox.GDI32(?,?), ref: 0049A990
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 0044451D
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0044452E
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: __EH_prolog.LIBCMT ref: 0049AFDA
                                                                                                                                                                                                                            • Part of subcall function 0049AFD5: CreateSolidBrush.GDI32(?), ref: 0049AFF7
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,00000000), ref: 0049A58E
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,?), ref: 0049A5A4
                                                                                                                                                                                                                          • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 00444578
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00444591
                                                                                                                                                                                                                          • LoadBitmapA.USER32(?,?), ref: 004445C8
                                                                                                                                                                                                                          • GetObjectA.GDI32(?,00000018,?), ref: 00444617
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0044463D
                                                                                                                                                                                                                          • BitBlt.GDI32(?,?,?,?,?,?,00000000,00000000,00CC0020), ref: 004446CF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Object$CreateH_prologRectSelect$BeginBitmapBrushClientClipColorCompatibleEmptyLoadPaintSolid
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1390316934-0
                                                                                                                                                                                                                          • Opcode ID: caa80af2a302b5467a055cacd3da9e7141d1f0099c71db8ea789f03f9279948f
                                                                                                                                                                                                                          • Instruction ID: 3565a412ced714e0c7757929f526e8bbf5e2b1190635cf38e28be8594b31765a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: caa80af2a302b5467a055cacd3da9e7141d1f0099c71db8ea789f03f9279948f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C615C711083819FD714DB65C845FABBBE8FBC9714F058A2DF59983280DB78E904CB66
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004624E0 Relevance: 12.2, APIs: 8, Instructions: 162COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,00000058), ref: 004624F8
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,0000005A), ref: 00462501
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,0000006E), ref: 00462512
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,0000006F), ref: 0046252F
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,00000070), ref: 00462544
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,00000071), ref: 00462559
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,00000008), ref: 0046256E
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,0000000A), ref: 00462583
                                                                                                                                                                                                                            • Part of subcall function 004622C0: __ftol.LIBCMT ref: 004622C5
                                                                                                                                                                                                                            • Part of subcall function 004622F0: __ftol.LIBCMT ref: 004622F5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsDevice$__ftol
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1555043975-0
                                                                                                                                                                                                                          • Opcode ID: 23b101afc92fe87e9e1d8a6055822e8bfbe829276afc9eef0700966b46ffbf01
                                                                                                                                                                                                                          • Instruction ID: d5d9de5588e233fceb294d0592ce8c046e5e4bb8f74e8ea2ea262221f6e20d78
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 23b101afc92fe87e9e1d8a6055822e8bfbe829276afc9eef0700966b46ffbf01
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37516870508B40ABD300EF6AC955A6FBBE4FFC9304F01495DFA8456290EBB5D9248B97
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00487BB8 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00487BD3
                                                                                                                                                                                                                          • GetEnvironmentStrings.KERNEL32 ref: 00487BE7
                                                                                                                                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 00487C13
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000), ref: 00487C4B
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00487C6D
                                                                                                                                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00487C86
                                                                                                                                                                                                                          • GetEnvironmentStrings.KERNEL32 ref: 00487C99
                                                                                                                                                                                                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00487CD7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1823725401-0
                                                                                                                                                                                                                          • Opcode ID: e540c7db4f715bbba95ffb17873f0567fd934ea03e29b763b7327363f31f263a
                                                                                                                                                                                                                          • Instruction ID: e31f742eac5a426dffe49d2ed1a28658141ce66ee8058355f878540a0d94a657
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e540c7db4f715bbba95ffb17873f0567fd934ea03e29b763b7327363f31f263a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 953190B390C2555FA7207F759C9483FBA9CE7863587260D3BF552C3600E629CC8197A9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045B6E0 Relevance: 12.1, APIs: 8, Instructions: 77COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 0045B7B1
                                                                                                                                                                                                                            • Part of subcall function 0049862D: IsWindowEnabled.USER32(?), ref: 00498637
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0045B707
                                                                                                                                                                                                                          • PtInRect.USER32(?,?,?), ref: 0045B71C
                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0045B72D
                                                                                                                                                                                                                          • WindowFromPoint.USER32(?,?), ref: 0045B73D
                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 0045B757
                                                                                                                                                                                                                          • GetCapture.USER32 ref: 0045B771
                                                                                                                                                                                                                          • SetCapture.USER32(?), ref: 0045B77C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Capture$ClientRectReleaseWindow$EnabledFromPointScreen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3076215760-0
                                                                                                                                                                                                                          • Opcode ID: 29b32b50d0989cdd148b721d73c178f3b2d94cb9c1fecdba7c3f358fc283bb1a
                                                                                                                                                                                                                          • Instruction ID: 4ec27f9ed4554b1f2fbcb159cb79b86ef9555d444ae8a395d168119ba464e8d7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 29b32b50d0989cdd148b721d73c178f3b2d94cb9c1fecdba7c3f358fc283bb1a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6E21D6351006049FC320EB18D845EAF7BA9EBC9705F18492EFC4182252E739ED098BA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00498AB0 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(?), ref: 00498AD0
                                                                                                                                                                                                                          • lstrcmpA.KERNEL32(?,?), ref: 00498ADC
                                                                                                                                                                                                                          • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 00498AEE
                                                                                                                                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00498B11
                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 00498B19
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00498B26
                                                                                                                                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 00498B33
                                                                                                                                                                                                                          • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 00498B51
                                                                                                                                                                                                                            • Part of subcall function 0049B937: GlobalFlags.KERNEL32(?), ref: 0049B941
                                                                                                                                                                                                                            • Part of subcall function 0049B937: GlobalUnlock.KERNEL32(?,?,?,?,004384C0,?,?,?,?,?,?,?,?,00442E8D), ref: 0049B958
                                                                                                                                                                                                                            • Part of subcall function 0049B937: GlobalFree.KERNEL32(?), ref: 0049B963
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 168474834-0
                                                                                                                                                                                                                          • Opcode ID: dc590082aec7ee734e7445407573d3662ff92690891d1ffd45d5f76c805c259a
                                                                                                                                                                                                                          • Instruction ID: 4830a4d8c7141da021297debfaae3aacee74366891249c2d5f7572bec2ca25d0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dc590082aec7ee734e7445407573d3662ff92690891d1ffd45d5f76c805c259a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B3118271100104BADF216B76CD46EAFBFADEB86744F04442EB60992121DA399D51D729
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00432A30 Relevance: 12.1, APIs: 8, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00432A4C
                                                                                                                                                                                                                          • PtInRect.USER32(?,?,?), ref: 00432A61
                                                                                                                                                                                                                          • ReleaseCapture.USER32 ref: 00432A71
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000000), ref: 00432A7F
                                                                                                                                                                                                                          • GetCapture.USER32 ref: 00432A8F
                                                                                                                                                                                                                          • SetCapture.USER32(?), ref: 00432A9A
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000000), ref: 00432ABB
                                                                                                                                                                                                                          • SetCapture.USER32(?), ref: 00432AC5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CaptureRect$Invalidate$ClientRelease
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3559558096-0
                                                                                                                                                                                                                          • Opcode ID: 38859da31a9657821c1508519b8669e8025641dfd8b6b37a954dcaed0f571c3a
                                                                                                                                                                                                                          • Instruction ID: 92c009b2cce40925d0c7e01a79743577b9c2a616963fbd89023e6df9e5a2317e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 38859da31a9657821c1508519b8669e8025641dfd8b6b37a954dcaed0f571c3a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C0112A75500710AFD730AB68DC48FAB7BB9BB4C704F04892EF59686291D779E8088B5C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004370D0 Relevance: 10.8, APIs: 7, Instructions: 268windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043710D
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0043711F
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000130B,00000000,00000000), ref: 00437147
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004371D1
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,00000001,?), ref: 004371F4
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 004373BC
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,00000001,?), ref: 004373DD
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Window$Invalidate$MessageParentSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 236041146-0
                                                                                                                                                                                                                          • Opcode ID: 05ce50c82e87c42e4fba25c98ab6a2788bc7ec1f6cef26054c1aebeecd2c77b1
                                                                                                                                                                                                                          • Instruction ID: 2f8e39922ef59d756ed5510e01207489bc8ed0d4a811735d2a0aa44044cdd455
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 05ce50c82e87c42e4fba25c98ab6a2788bc7ec1f6cef26054c1aebeecd2c77b1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9191B3B16043059BD734DF658C40B6F77E4AF88718F05452EFD859B382EB38E9068B9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00463960 Relevance: 10.8, APIs: 7, Instructions: 260windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0046398D
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00463999
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004639AA
                                                                                                                                                                                                                            • Part of subcall function 0049AB1A: ClientToScreen.USER32(0042DFC8,?), ref: 0049AB2E
                                                                                                                                                                                                                            • Part of subcall function 0049AB1A: ClientToScreen.USER32(0042DFC8,?), ref: 0049AB37
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 004639BC
                                                                                                                                                                                                                            • Part of subcall function 0049AADE: ScreenToClient.USER32(?,?), ref: 0049AAF2
                                                                                                                                                                                                                            • Part of subcall function 0049AADE: ScreenToClient.USER32(?,?), ref: 0049AAFB
                                                                                                                                                                                                                            • Part of subcall function 0049AC70: __EH_prolog.LIBCMT ref: 0049AC75
                                                                                                                                                                                                                            • Part of subcall function 0049AC70: GetDC.USER32(00000001), ref: 0049AC9E
                                                                                                                                                                                                                          • SendMessageA.USER32 ref: 004639EF
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,00000000), ref: 0049A58E
                                                                                                                                                                                                                            • Part of subcall function 0049A56C: SelectObject.GDI32(0042C895,?), ref: 0049A5A4
                                                                                                                                                                                                                          • GetTextExtentPoint32A.GDI32(?,004C0270,00000001,?), ref: 00463A1C
                                                                                                                                                                                                                          • EqualRect.USER32(?,?), ref: 00463BDA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Client$Screen$Rect$ObjectParentSelect$EqualExtentH_prologMessagePoint32SendText
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 98060165-0
                                                                                                                                                                                                                          • Opcode ID: 07006848ce3899abb64adb6835105e900a165b7748285bb51a1da1fa94d0d35f
                                                                                                                                                                                                                          • Instruction ID: ca41dbc437ae36ad7b63c723af45f41ab588fd36a5243506befebb33cbd028c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07006848ce3899abb64adb6835105e900a165b7748285bb51a1da1fa94d0d35f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1915D712083419FC718CF69C881A6BBBE5EBC8704F144A2EF596C3351E778EA05CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047CAA7 Relevance: 10.7, APIs: 7, Instructions: 231memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0047CAAC
                                                                                                                                                                                                                          • MapDialogRect.USER32(?,?), ref: 0047CB32
                                                                                                                                                                                                                          • SysAllocStringLen.OLEAUT32(?,00000000), ref: 0047CB53
                                                                                                                                                                                                                          • CLSIDFromString.OLE32(0000FFFC,?), ref: 0047CC3E
                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(0000FFFC,?), ref: 0047CC46
                                                                                                                                                                                                                          • SetWindowPos.USER32(00000004,?,00000000,00000000,00000000,00000000,00000013,00000001,?,00000004,00000000), ref: 0047CCE2
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(?), ref: 0047CD35
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: String$From$AllocDialogFreeH_prologProgRectWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 493809305-0
                                                                                                                                                                                                                          • Opcode ID: 0cc05f2622b8454d8ead34e12a1647e4d2538e4dbb9a5dfc5d1cb217888667fc
                                                                                                                                                                                                                          • Instruction ID: 41fd135219b57df7dda1f63a9aaaa569a3c281681cddcee28ff5805159c193d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0cc05f2622b8454d8ead34e12a1647e4d2538e4dbb9a5dfc5d1cb217888667fc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 39A11A7190021ADFDB14DFA5D984AEEBBF4FF08304F14812EE819A7250E7749A55CBA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00449340 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetRect.USER32(?,00000000,00000032,00000032,?), ref: 00449429
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 00449436
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00449452
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 0044945D
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 0044949A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Offset$EmptyIntersect
                                                                                                                                                                                                                          • String ID: 2
                                                                                                                                                                                                                          • API String ID: 765610062-450215437
                                                                                                                                                                                                                          • Opcode ID: c47ab85a8b36f5cee4cbb4eadc317566fa1aa1a197caf98aa48ee27562baf13e
                                                                                                                                                                                                                          • Instruction ID: 9b27c32741f8b02b1d932fe01817c38e17ae90f20e7e316c6b02c616e657e65e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c47ab85a8b36f5cee4cbb4eadc317566fa1aa1a197caf98aa48ee27562baf13e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 696104B56083419FD714DF29C884A6BBBE9BBC8354F148A2EF98987320D734E905CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00480961 Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00480966
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00480A0B
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00480A8C
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00480A9B
                                                                                                                                                                                                                          • SysFreeString.OLEAUT32(00000000), ref: 00480AAA
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00480AB4
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 00480AC5
                                                                                                                                                                                                                            • Part of subcall function 0048018A: __EH_prolog.LIBCMT ref: 0048018F
                                                                                                                                                                                                                            • Part of subcall function 0048018A: VariantClear.OLEAUT32(00000007), ref: 004806E3
                                                                                                                                                                                                                            • Part of subcall function 0048018A: VariantClear.OLEAUT32(?), ref: 004808F0
                                                                                                                                                                                                                            • Part of subcall function 0047AFE9: VariantCopy.OLEAUT32(?,?), ref: 0047AFF1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$Clear$FreeString$H_prolog$Copy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3345578691-0
                                                                                                                                                                                                                          • Opcode ID: a43c060564d2f2f980aea0375387e09fca8ee7231b91e3622fe904bf64b7a87c
                                                                                                                                                                                                                          • Instruction ID: e0c6e850c461c9c7f3ed18b470691a77ae5f65d1b455e78c0e098fffbaeba4db
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a43c060564d2f2f980aea0375387e09fca8ee7231b91e3622fe904bf64b7a87c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 455137B1900309EFDB54DFA4C884BEEBBB8FF08305F14452AE116A7291D774A949CF64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00461BD0 Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00461BEB
                                                                                                                                                                                                                            • Part of subcall function 00498648: EnableWindow.USER32(?,00000000), ref: 00498656
                                                                                                                                                                                                                            • Part of subcall function 00498395: GetDlgItem.USER32(?,?), ref: 004983A3
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00461C25
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00461C3C
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00461C8D
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00461CC7
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00461CF4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F0,00000000,00000000), ref: 00461D2A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$EnableItemWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 607626308-0
                                                                                                                                                                                                                          • Opcode ID: 69166cc63f2d4fe84f456496db6fbcdfb25c4dd81574fbfc53f523400cef12a3
                                                                                                                                                                                                                          • Instruction ID: 503b1f18660a8c9b85aa4d3f6ae2842a0d01dc745262c77b67d5b9ba67a897c9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69166cc63f2d4fe84f456496db6fbcdfb25c4dd81574fbfc53f523400cef12a3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE315E713C070066DA34AA7A8C96FAF26599BD2F04F10092EB216AF1D2DDB9BC41971D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00497DDD Relevance: 10.6, APIs: 7, Instructions: 122windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00497E11
                                                                                                                                                                                                                          • PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 00497E3A
                                                                                                                                                                                                                          • UpdateWindow.USER32(?), ref: 00497E56
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000121,00000000,?), ref: 00497E7C
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000036A,00000000,00000001), ref: 00497E9B
                                                                                                                                                                                                                          • UpdateWindow.USER32(?), ref: 00497EDE
                                                                                                                                                                                                                          • PeekMessageA.USER32(00000000,00000000,00000000,00000000,00000000), ref: 00497F11
                                                                                                                                                                                                                            • Part of subcall function 0049846F: GetWindowLongA.USER32(?,000000F0), ref: 0049847B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2853195852-0
                                                                                                                                                                                                                          • Opcode ID: b698ade6be91819bd49faeabd87228eb9a9dd7d9eb664c0eeb043c6276c10591
                                                                                                                                                                                                                          • Instruction ID: 216cfebb608bf13a64eef3409e0d22be91175ae8ba6db204c36ff77f7e00012f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b698ade6be91819bd49faeabd87228eb9a9dd7d9eb664c0eeb043c6276c10591
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0541BE306083419BCF209F268808A2BBFE4EFC5B04F140A7EF59196291D77ACD45CB9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00427D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 97processsynchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000044,?), ref: 00427DD7
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00427DEF
                                                                                                                                                                                                                          • WaitForInputIdle.USER32(?,000003E8), ref: 00427E01
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00427E12
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00427E19
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandleWait$CreateIdleInputObjectProcessSingle
                                                                                                                                                                                                                          • String ID: D
                                                                                                                                                                                                                          • API String ID: 2811420030-2746444292
                                                                                                                                                                                                                          • Opcode ID: f82e22adf3c9b0d7c40b99c43a627ab1e07ba71cd566f343f8596e2e368ff102
                                                                                                                                                                                                                          • Instruction ID: be49cd10a61ce521679c11bd591e3b596db597a48ff7c0172772962ff9f42318
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f82e22adf3c9b0d7c40b99c43a627ab1e07ba71cd566f343f8596e2e368ff102
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 15319C317283109BDB208B18E880A6BB7E5FF85710FA0092FE546C3350E679D886875B
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049C74F Relevance: 10.6, APIs: 7, Instructions: 94windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049E254: __EH_prolog.LIBCMT ref: 0049E259
                                                                                                                                                                                                                            • Part of subcall function 0049846F: GetWindowLongA.USER32(?,000000F0), ref: 0049847B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000001A1,00000000,00000000), ref: 0049C798
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 0049C7A7
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 0049C7C0
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000018E,00000000,00000000), ref: 0049C7E8
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000018B,00000000,00000000), ref: 0049C7F7
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000198,?,?), ref: 0049C80D
                                                                                                                                                                                                                          • PtInRect.USER32(?,000000FF,?), ref: 0049C819
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$H_prologLongRectWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2846605207-0
                                                                                                                                                                                                                          • Opcode ID: 2c4054f48202e952e8c2f875b85f271fbc9aa54e3ea204cb214d2c78ea0c221f
                                                                                                                                                                                                                          • Instruction ID: bcf074973c10c32dae1a6e3d370497a0c3e2a2ba247140d3d823ced372102840
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c4054f48202e952e8c2f875b85f271fbc9aa54e3ea204cb214d2c78ea0c221f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18312971A0020DFFDF10EF98CC81DAEBBB9EB44348B10816AE511A72A1D774AE02DB14
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00482072 Relevance: 10.6, APIs: 7, Instructions: 87windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindow.USER32(?,00000002), ref: 0048208D
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 004820A0
                                                                                                                                                                                                                            • Part of subcall function 00482019: GetWindowLongA.USER32(?,000000F0), ref: 00482031
                                                                                                                                                                                                                            • Part of subcall function 00482019: GetParent.USER32(?), ref: 0048204A
                                                                                                                                                                                                                            • Part of subcall function 00482019: GetWindowLongA.USER32(?,000000EC), ref: 0048205D
                                                                                                                                                                                                                          • GetWindow.USER32(?,00000002), ref: 004820C3
                                                                                                                                                                                                                          • GetWindow.USER32(?,00000002), ref: 004820D5
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000EC), ref: 004820E5
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 004820FE
                                                                                                                                                                                                                          • GetTopWindow.USER32(?), ref: 00482124
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Long$Parent$Visible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3473418232-0
                                                                                                                                                                                                                          • Opcode ID: 19d8ea408498d28783bce5d27a65b73b57ef5695553ab5ac437e80292fb33a8c
                                                                                                                                                                                                                          • Instruction ID: cf05c17545250070e148a87bd33e503f31919e2712cd36f1b8b794ad62ef7aa7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 19d8ea408498d28783bce5d27a65b73b57ef5695553ab5ac437e80292fb33a8c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C721F1316007146FCA32BF698D0DF2F7AAC9F45344F190D2AFA51A7292C66CEC0187AC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049F06C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?,?,00000000), ref: 0049F09A
                                                                                                                                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0049F0BD
                                                                                                                                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?,?,00000000), ref: 0049F0DC
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0049F0EC
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0049F0F6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseCreate$Open
                                                                                                                                                                                                                          • String ID: software
                                                                                                                                                                                                                          • API String ID: 1740278721-2010147023
                                                                                                                                                                                                                          • Opcode ID: 9dd7dda1fe351900b31ac599d59091fb4052402e9482ed239e32ae4d10607562
                                                                                                                                                                                                                          • Instruction ID: b38e3716b15be53f4030e96c4f13172fbeabd1d734f5951f82ede6a791ca8d83
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dd7dda1fe351900b31ac599d59091fb4052402e9482ed239e32ae4d10607562
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C11E372900118FBDB21CB9ACD88DEFFFBCEF85704B1540BAA515E2122D6709A54DB64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047B53E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 61stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0047B57C
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000000), ref: 0047B594
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(00000001), ref: 0047B59B
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,DISPLAY), ref: 0047B5BF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: System$Metrics$InfoParameterslstrcpy
                                                                                                                                                                                                                          • String ID: B$DISPLAY
                                                                                                                                                                                                                          • API String ID: 1409579217-3316187204
                                                                                                                                                                                                                          • Opcode ID: 0200077293e8c940cf404e459bd1a14e6ea7ccfa880a22c655fd304b506ecf78
                                                                                                                                                                                                                          • Instruction ID: b1fdedacc70b71d2e2b63c5883d4d75a5ac5888456701cd0daafa601f3cab485
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0200077293e8c940cf404e459bd1a14e6ea7ccfa880a22c655fd304b506ecf78
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2211E072600225BBCB129F649C80BDBBFE9EF0A745B10C063FC089A185D3B5D944CBE8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049A20F Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 0049A21B
                                                                                                                                                                                                                          • GetSysColor.USER32(00000010), ref: 0049A222
                                                                                                                                                                                                                          • GetSysColor.USER32(00000014), ref: 0049A229
                                                                                                                                                                                                                          • GetSysColor.USER32(00000012), ref: 0049A230
                                                                                                                                                                                                                          • GetSysColor.USER32(00000006), ref: 0049A237
                                                                                                                                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0049A244
                                                                                                                                                                                                                          • GetSysColorBrush.USER32(00000006), ref: 0049A24B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$Brush
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2798902688-0
                                                                                                                                                                                                                          • Opcode ID: 580fd0694843a51aa88d0d05906f83431eecca7d15f7d3bf8b6645facf0b29e4
                                                                                                                                                                                                                          • Instruction ID: 48d44501f9e0f568b7e6552cdcce238975e372346dc012f60ba61245e50b3a97
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 580fd0694843a51aa88d0d05906f83431eecca7d15f7d3bf8b6645facf0b29e4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1F01C71940748ABD730BFB69D09B47BEE1FFC4B10F06092ED2858BA90E6B5A400DF44
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004414E0 Relevance: 9.2, APIs: 6, Instructions: 176windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$ChildFocusVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 372613587-0
                                                                                                                                                                                                                          • Opcode ID: a635681804ca18e63726da38d626059435693433472bfb1e8759d212b859144d
                                                                                                                                                                                                                          • Instruction ID: 9da54fc124da1efbc50e52ad744df809244548a487df9b7746737d0bc55b93c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a635681804ca18e63726da38d626059435693433472bfb1e8759d212b859144d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4B5183715043459FD720DF26C880DABB7E9BF84348F06492EF95587251DB38EC45CBAA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00461140 Relevance: 9.1, APIs: 6, Instructions: 133windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 0046116C
                                                                                                                                                                                                                            • Part of subcall function 00493EF0: InterlockedIncrement.KERNEL32(-000000F4), ref: 00493F05
                                                                                                                                                                                                                          • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 0046119D
                                                                                                                                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,?,?,00000000), ref: 004611E5
                                                                                                                                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(?,?,?,00000000,00000000,0000000E,00000000,?,00000000,00000000,00000000,00000002,00000000), ref: 00461272
                                                                                                                                                                                                                          • ClosePrinter.WINSPOOL.DRV(?,?,?,?,00000000,00000000,0000000E,00000000,?,00000000,00000000,00000000,00000002,00000000), ref: 004612A7
                                                                                                                                                                                                                            • Part of subcall function 0049417B: InterlockedDecrement.KERNEL32(-000000F4), ref: 0049418F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DocumentInterlockedProperties$CloseDecrementIncrementMessageOpenPrinterPrinter.Send
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1978028495-0
                                                                                                                                                                                                                          • Opcode ID: 1041a324ed39fa8c4bcf0748bf8c506ec1b90fbc6e4b8544aee89c5238a60c4d
                                                                                                                                                                                                                          • Instruction ID: b7f07f0a7f3fd4e5dcc5a179d9559de3ad063d1d884f27648427101953b81e27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1041a324ed39fa8c4bcf0748bf8c506ec1b90fbc6e4b8544aee89c5238a60c4d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E041F374104345ABC724EF25C881EEF7BA9EFD8724F404A0EF84987291D7789945C7AA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00453400 Relevance: 9.1, APIs: 6, Instructions: 124COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CopyRect.USER32(?,00000000), ref: 00453442
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 00453473
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000000,?), ref: 004534C3
                                                                                                                                                                                                                          • LPtoDP.GDI32(?,?,00000002), ref: 004534F8
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00453507
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 0045351C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$ClientCopyEmptyIntersectOffset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1743551499-0
                                                                                                                                                                                                                          • Opcode ID: 4eddf4bbc118fdab6fbd75f40d9646b6ffd1e54476f4a6e534631af311bae55e
                                                                                                                                                                                                                          • Instruction ID: 5eb659fa308b828df522689964173c2a7d66de674dc07349977db4256a08ba36
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4eddf4bbc118fdab6fbd75f40d9646b6ffd1e54476f4a6e534631af311bae55e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 914109B66047019FC318CF69C88095BBBE9FBC8710F048A2EF55687291DB34D949CBA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048F2AE Relevance: 9.1, APIs: 6, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(00000001,004B386C,00000001,-00000030,004DBB43,00000000,-00000030,?,004DBB40,00483631,00000000,0043B8E6,00000000), ref: 0048F2ED
                                                                                                                                                                                                                          • GetStringTypeA.KERNEL32(00000000,00000001,004B3868,00000001,?,?,004DBB40,00483631,00000000,0043B8E6,00000000), ref: 0048F307
                                                                                                                                                                                                                          • GetStringTypeA.KERNEL32(-00000030,0043B8E6,00000000,00483631,004DBB40,004DBB43,00000000,-00000030,?,004DBB40,00483631,00000000,0043B8E6,00000000), ref: 0048F33B
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,00000000,00483631,00000000,00000000,004DBB43,00000000,-00000030,?,004DBB40,00483631,00000000,0043B8E6,00000000), ref: 0048F373
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,00000000,00483631,?,?,?,?,?,?,004DBB40,00483631,00000000,0043B8E6), ref: 0048F3C9
                                                                                                                                                                                                                          • GetStringTypeW.KERNEL32(0043B8E6,?,00000000,004DBB40,?,?,?,?,?,?,004DBB40,00483631,00000000,0043B8E6), ref: 0048F3DB
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: StringType$ByteCharMultiWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3852931651-0
                                                                                                                                                                                                                          • Opcode ID: 0e4ee81a2459bf7e5a650da332a1c3290d2cf5605193b8931bd65af2915f2fd4
                                                                                                                                                                                                                          • Instruction ID: a01fbda952caa46558788770f9302aef9dd9a37019ec5754c4dbeea114233ea1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e4ee81a2459bf7e5a650da332a1c3290d2cf5605193b8931bd65af2915f2fd4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18418A72A00219AFCF21AF95DC85AEF3F78EB09714F104836F911D2290C3399955CBA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048C6BC Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000000,00002020,?,?,'BI,00000000,0048CB88,00000000,00000010,0043B1CC,00000009,00000009,'BI,00484401,00000010,00000000), ref: 0048C6DD
                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00002000,00000004), ref: 0048C701
                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004), ref: 0048C71B
                                                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 0048C7DC
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000), ref: 0048C7F3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocVirtual$FreeHeap
                                                                                                                                                                                                                          • String ID: 'BI
                                                                                                                                                                                                                          • API String ID: 714016831-252468676
                                                                                                                                                                                                                          • Opcode ID: 0b1ea7c6087e5557d553389fe5c348cb288623332930f3827c0dc140dce34088
                                                                                                                                                                                                                          • Instruction ID: c5778037447ea452d239a0e262f0f9665617cf68389e8723c0a2886f0ebb2c70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b1ea7c6087e5557d553389fe5c348cb288623332930f3827c0dc140dce34088
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E31D8759407029FD334AF29DC84F2ABBE4E745B58F20893BE66597390E778A801CB5C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00449200 Relevance: 9.1, APIs: 6, Instructions: 100COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00449170: CreateDIBitmap.GDI32(?,?,00000004,?,?,00000000), ref: 004491EB
                                                                                                                                                                                                                          • CreateCompatibleDC.GDI32(?), ref: 0044925A
                                                                                                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 0044926F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Create$BitmapCompatibleDeleteObject
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3709961035-0
                                                                                                                                                                                                                          • Opcode ID: 56aa93681236b3fa0b1c1cefe4c99ea51573593d78352da4195ad06c80c7bc6d
                                                                                                                                                                                                                          • Instruction ID: 6b83ff98954c1d089319fef612ee1352e1818fe662ca1e9747824941470664f1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 56aa93681236b3fa0b1c1cefe4c99ea51573593d78352da4195ad06c80c7bc6d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC3172762047019FC310DF69D984F5BBBE8FB89724F048A2EF56A83281D778E805C766
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00445880 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wsprintf
                                                                                                                                                                                                                          • String ID: - $ - [$%d / %d]$?? / %d]
                                                                                                                                                                                                                          • API String ID: 2111968516-3107364983
                                                                                                                                                                                                                          • Opcode ID: 26cd571e6499648df20f1fa037b3487da05807107e7112f25e52d3391bc2aed3
                                                                                                                                                                                                                          • Instruction ID: 9dbbf621556df9c204d0b0570b2b4efffac43f99bb0d617d494350f29f56de05
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 26cd571e6499648df20f1fa037b3487da05807107e7112f25e52d3391bc2aed3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6331B574204700EFD714EB15C845F6BBBE4AFC4724F00892EF4AA87291DB78E805CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049DFC7 Relevance: 9.1, APIs: 6, Instructions: 85memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(004FB50C,004FB4FC,00000000,00000000,004FB50C,?,0049E22F,004FB4FC,00000000), ref: 0049DFD2
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(004FB528,00000010,?,0049E22F,004FB4FC,00000000), ref: 0049E021
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(004FB528,00000000,?,0049E22F,004FB4FC,00000000), ref: 0049E034
                                                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000000,00000004,?,0049E22F,004FB4FC,00000000), ref: 0049E04A
                                                                                                                                                                                                                          • LocalReAlloc.KERNEL32(?,00000004,00000002,?,0049E22F,004FB4FC,00000000), ref: 0049E05C
                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(004FB50C,00000000,0049E22F,004FB4FC,00000000), ref: 0049E098
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocCriticalLocalSectionValue$EnterLeave
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4117633390-0
                                                                                                                                                                                                                          • Opcode ID: f9b7da0558e9f9dad8977c4745dcdd9280b679d4441488cdb682c465f8a26044
                                                                                                                                                                                                                          • Instruction ID: 041c07853d1d02d1a31e9150e5f01f0825e7f730bf88602795e648bb12377fb5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f9b7da0558e9f9dad8977c4745dcdd9280b679d4441488cdb682c465f8a26044
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2E319C31100615EFDB24DF26C889F6ABBE8FB49754F04863AE41A87690D7B4E805CB64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00496905 Relevance: 9.1, APIs: 6, Instructions: 82windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0049690A
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00496957
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 00496979
                                                                                                                                                                                                                          • GetCapture.USER32 ref: 0049698B
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 0049699A
                                                                                                                                                                                                                          • WinHelpA.USER32(?,?,?,?), ref: 004969AE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CaptureH_prologHelp
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 432264411-0
                                                                                                                                                                                                                          • Opcode ID: 5c9a3f5ae58aaaae28ed3629fa7389954355a050043ed814dc713d1389848436
                                                                                                                                                                                                                          • Instruction ID: febf315f39cbeacc5cb3bbb7b46b9a9b37fc3e90e0db8c13863eae29b7af92ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c9a3f5ae58aaaae28ed3629fa7389954355a050043ed814dc713d1389848436
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2D218171600309BFEF206F65DC86EAABEB9EF44758F15457EB2119B1E2CB749C009B14
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049BEF7 Relevance: 9.1, APIs: 6, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0049BF2A
                                                                                                                                                                                                                          • GetLastActivePopup.USER32(?), ref: 0049BF39
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(?), ref: 0049BF4E
                                                                                                                                                                                                                          • EnableWindow.USER32(?,00000000), ref: 0049BF61
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 0049BF73
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0049BF81
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 670545878-0
                                                                                                                                                                                                                          • Opcode ID: c6c4dc76f102c869f0f3cbf3de38acd8e73455f4b86e12aff95ff5cc56e52339
                                                                                                                                                                                                                          • Instruction ID: 643b3c68c0da7de6c0ddc7daa78d5ea949e5a479f97e1fba7ccf2f73ef5cbb22
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6c4dc76f102c869f0f3cbf3de38acd8e73455f4b86e12aff95ff5cc56e52339
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A11A032605325AB8E215A696E88B2BBE98DF59F60F090176EC41D331CDB28DC014EED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049FED6 Relevance: 9.1, APIs: 6, Instructions: 61stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,?,0042A088,?,?), ref: 0049FEEC
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001,?,?,?,0042A088,?,?), ref: 0049FF13
                                                                                                                                                                                                                          • CLSIDFromString.OLE32(?,?,?,00000001,?,?,?,0042A088,?,?), ref: 0049FF1D
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,?,?,0042A088,?,?), ref: 0049FF2E
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000001,?,?,?,0042A088,?,?), ref: 0049FF55
                                                                                                                                                                                                                          • CLSIDFromProgID.OLE32(?,?,?,00000001,?,?,?,0042A088,?,?), ref: 0049FF5F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharFromMultiWidelstrlen$ProgString
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2475774695-0
                                                                                                                                                                                                                          • Opcode ID: 136355bb066a9d507bb611b3b703ca50b37167a11b7ad816145c84057d84973e
                                                                                                                                                                                                                          • Instruction ID: f01197f0253332d988548f3fe19d85d9a05db4e261fbcec141b9db9259cabd89
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 136355bb066a9d507bb611b3b703ca50b37167a11b7ad816145c84057d84973e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C11E537404206B7DF212FA1DC09FAB3F68FB83361F250532F919C6194E734951697A9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004560D0 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 004560F2
                                                                                                                                                                                                                          • ScreenToClient.USER32(00000001,?), ref: 00456101
                                                                                                                                                                                                                            • Part of subcall function 00456180: DPtoLP.GDI32(?,?,00000001), ref: 00456297
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F85), ref: 00456131
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 00456138
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F84), ref: 00456157
                                                                                                                                                                                                                          • SetCursor.USER32(00000000), ref: 0045615E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Cursor$Load$ClientScreen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 789353160-0
                                                                                                                                                                                                                          • Opcode ID: 3d73a5ff9cdc55884bec767d6612440b1be5278f3d047c3917e7e0eeabbca0bd
                                                                                                                                                                                                                          • Instruction ID: e97993256f9805382356be24b296656e40dc54646c0472be981daa0b5d9040da
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3d73a5ff9cdc55884bec767d6612440b1be5278f3d047c3917e7e0eeabbca0bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4711E532504301ABDA10DF74EC49EAF7BA8AB84B06F01452EF54583281EA74E808C7AB
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00432500 Relevance: 9.1, APIs: 6, Instructions: 54windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000002,?), ref: 0043251B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001101,00000000,00000000), ref: 0043252D
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000002,?), ref: 0043253B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000001,?), ref: 0043254D
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001101,00000000,00000000), ref: 0043255F
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000001,?), ref: 0043256D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: e17f026bce89c74b99c777ab8d7864bb3d41c7270173c19f385ae2f12343f657
                                                                                                                                                                                                                          • Instruction ID: 2e8b7de1c132adfd52061c7300ac280882665cd0f70241090096327758d8cce6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e17f026bce89c74b99c777ab8d7864bb3d41c7270173c19f385ae2f12343f657
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7A0186B2B403053EF534DA699CC2FA3A2AD9F9CF91F018619B701DB1C0C5E5EC424A34
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049B8C0 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 0049B8C3
                                                                                                                                                                                                                            • Part of subcall function 0049B765: GetWindowLongA.USER32(00000000,000000F0), ref: 0049B776
                                                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 0049B8EA
                                                                                                                                                                                                                            • Part of subcall function 0049B765: GetClassNameA.USER32(00000000,?,0000000A), ref: 0049B791
                                                                                                                                                                                                                            • Part of subcall function 0049B765: lstrcmpiA.KERNEL32(?,combobox), ref: 0049B7A0
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 0049B905
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0049B913
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0049B917
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,0000014F,00000000,00000000), ref: 0049B92B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$LongParent$ClassDesktopFocusMessageNameSendlstrcmpi
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2818563221-0
                                                                                                                                                                                                                          • Opcode ID: 3da3cf15cedc3cfa79424526404beb02000151d79e6b0dab6108b292dd8ee631
                                                                                                                                                                                                                          • Instruction ID: 46de70b8dcf0265c58ad1c1beea832822b00909db825f1e558f2d7c2f20eb4ad
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3da3cf15cedc3cfa79424526404beb02000151d79e6b0dab6108b292dd8ee631
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8BF0817160473176DE2226297E89F6F5D59DB8AB58F1E0236FA10A62A8DB188C0141ED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049B7DA Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0049B7E9
                                                                                                                                                                                                                          • GetWindow.USER32(?,00000005), ref: 0049B7FA
                                                                                                                                                                                                                          • GetDlgCtrlID.USER32(00000000), ref: 0049B803
                                                                                                                                                                                                                          • GetWindowLongA.USER32(00000000,000000F0), ref: 0049B812
                                                                                                                                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0049B824
                                                                                                                                                                                                                          • PtInRect.USER32(?,?,?), ref: 0049B834
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1315500227-0
                                                                                                                                                                                                                          • Opcode ID: e998de4aa13066ea2fcd913d527ba2d0de734a8a5fbe03d228e091b176c81956
                                                                                                                                                                                                                          • Instruction ID: 62bfadc54d7607971d772892c4fda5ad746be6af14976de66ef6ef5792371b32
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e998de4aa13066ea2fcd913d527ba2d0de734a8a5fbe03d228e091b176c81956
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DB017C35500129BBDB11AB65EC08EAF7F6DEF4A710F094036F921D11A4EB348A128BE8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043C440 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 291COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: <$x?L$x?L
                                                                                                                                                                                                                          • API String ID: 0-3063870398
                                                                                                                                                                                                                          • Opcode ID: 0146f82c5597038fcd751c1821a563906c7ba5d11bb26e61a8ab4c4adb307765
                                                                                                                                                                                                                          • Instruction ID: 047f1c8fa055ffcb4131967d803e0744b45e040d4aa80f7921897b87185072d6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0146f82c5597038fcd751c1821a563906c7ba5d11bb26e61a8ab4c4adb307765
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B6B197755087428FC714CF24C884A5BB7E5FBC9310F149A2EF99AE7380DB38E9458B86
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00472EB0 Relevance: 9.0, APIs: 6, Instructions: 39sleepCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountTick$ConnectHangSleepStatus
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1629681604-0
                                                                                                                                                                                                                          • Opcode ID: 54ba95706135c32bbe53ec616a3ab07d33bea88deac62ea318c90e6713954af7
                                                                                                                                                                                                                          • Instruction ID: cbdb42367098fdafaf7672c69e3116f044259399f0994c335e2070fa4eeac734
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 54ba95706135c32bbe53ec616a3ab07d33bea88deac62ea318c90e6713954af7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 37F024316003481BDA50AB34DD48BAF7B68FB82310F44483BF988C3281DB6CA409876B
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047F511 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 280memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0047F516
                                                                                                                                                                                                                          • CoTaskMemAlloc.OLE32(?,?,?,00000000), ref: 0047F632
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?,00000000), ref: 0047F819
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Task$AllocFreeH_prolog
                                                                                                                                                                                                                          • String ID: $(
                                                                                                                                                                                                                          • API String ID: 1522537378-55695022
                                                                                                                                                                                                                          • Opcode ID: b774eabb24c69cc3042a7fc2b17fbfd8bebbfc01b714e6406c3f5ddfd593e99a
                                                                                                                                                                                                                          • Instruction ID: ebf252c8bcad7162e778f5749dad30b003a831b9552abc368803863ae20fbebe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b774eabb24c69cc3042a7fc2b17fbfd8bebbfc01b714e6406c3f5ddfd593e99a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04B11A70A006059FCB14DFA9C884AAEFBF5FF88304B20856EE01AEB351D775A945CB65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00432D20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                            • Part of subcall function 0049A989: GetClipBox.GDI32(?,?), ref: 0049A990
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 00432D66
                                                                                                                                                                                                                          • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 00432DED
                                                                                                                                                                                                                          • GetCurrentObject.GDI32(?,00000006), ref: 00432E7A
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00432EEC
                                                                                                                                                                                                                            • Part of subcall function 0049AE4A: __EH_prolog.LIBCMT ref: 0049AE4F
                                                                                                                                                                                                                            • Part of subcall function 0049AE4A: EndPaint.USER32(?,?,?,?,0042EB43), ref: 0049AE6C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prologPaintRect$BeginClientClipCurrentEmptyObject
                                                                                                                                                                                                                          • String ID: 4#K
                                                                                                                                                                                                                          • API String ID: 3717962522-2206497575
                                                                                                                                                                                                                          • Opcode ID: 570a1bd9cfb9497ff426739f259802d5815e9b55b7370847d88a5ba8de21894b
                                                                                                                                                                                                                          • Instruction ID: 8f1f5294191f136781ad0078099b23ef8299c1d5f27f220771fa8bd2990eba68
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 570a1bd9cfb9497ff426739f259802d5815e9b55b7370847d88a5ba8de21894b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 106161711083409FC724DB65C946F9BBBE8EB98714F04492EF19A83291DB78E909CB97
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00487FA1 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetVersionExA.KERNEL32 ref: 00487FC0
                                                                                                                                                                                                                          • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00487FF5
                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00488055
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                                                                                                          • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                                                                                                          • API String ID: 1385375860-4131005785
                                                                                                                                                                                                                          • Opcode ID: a6679a3cb3ed1c6f1040c1232e945dd61aff60c68f035b43c13209ad6ee0b654
                                                                                                                                                                                                                          • Instruction ID: b2825ddf960b663cba93c0feef357ab5f9432d786f82c1e33b5f72131e580dbb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6679a3cb3ed1c6f1040c1232e945dd61aff60c68f035b43c13209ad6ee0b654
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6A312571D052446DEB31B6706C51BEF3B689B03308FA50CDFE284D5242EA399E8D8B1A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004962F2 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 004963AB
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000FC), ref: 004963BC
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000FC), ref: 004963CC
                                                                                                                                                                                                                          • SetWindowLongA.USER32(?,000000FC,?), ref: 004963E8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                          • String ID: (
                                                                                                                                                                                                                          • API String ID: 2178440468-3887548279
                                                                                                                                                                                                                          • Opcode ID: 80c4eeaf35d516a5025ea474cd7f46bc5f850c7978fbfdacfbad17987587686c
                                                                                                                                                                                                                          • Instruction ID: 9bd799e1a3c0508560a763ae6f7fcd966f6db4049fce603b964b9daa033234ef
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80c4eeaf35d516a5025ea474cd7f46bc5f850c7978fbfdacfbad17987587686c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B318D316007009FDF31AF69C885A6EBFB5BF08714F56463EE941A7691DB79E800CB98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049EB2A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 88stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 0049EB5B
                                                                                                                                                                                                                            • Part of subcall function 0049EC47: lstrlenA.KERNEL32(?,?,?,00494DF1,?,?,?,?), ref: 0049EC7E
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 0049EBFC
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 0049EC29
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleNamelstrcatlstrcpylstrlen
                                                                                                                                                                                                                          • String ID: .HLP$.INI
                                                                                                                                                                                                                          • API String ID: 2421895198-3011182340
                                                                                                                                                                                                                          • Opcode ID: da957796093062f777be8f12127a052f8ee7d0a9a5d6af1b1ab29de1511d47a7
                                                                                                                                                                                                                          • Instruction ID: 9448dc60c763adc8719f7ee094332f2da535118adc6d1056f32714751ebbbfcd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da957796093062f777be8f12127a052f8ee7d0a9a5d6af1b1ab29de1511d47a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 403163B29047189FDB20EB75D885BC6BBFCBB04304F1049BBE18AD2151EB74A9C48B14
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00447EA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalLock.KERNEL32(?), ref: 00447EE0
                                                                                                                                                                                                                          • GlobalSize.KERNEL32(?), ref: 00447F03
                                                                                                                                                                                                                          • GlobalSize.KERNEL32(?), ref: 00447F33
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(?,00000000,00000000), ref: 00447F43
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Size$LockUnlock
                                                                                                                                                                                                                          • String ID: BM
                                                                                                                                                                                                                          • API String ID: 2233901773-2348483157
                                                                                                                                                                                                                          • Opcode ID: c7ceeb390c8fa617f547625e4371eaabdcfa38596cf59a0c33acf4bf181849dc
                                                                                                                                                                                                                          • Instruction ID: 7ec3ca5a56e8f2a2c5b6816ae249617edbc51b3cb819fc73ad43b374f6568257
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c7ceeb390c8fa617f547625e4371eaabdcfa38596cf59a0c33acf4bf181849dc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6121C876A00258ABCB10DFA9D841BDDFFB8FF49720F14426AE819E3381D779590187A9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049680B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wsprintf$ClassInfo
                                                                                                                                                                                                                          • String ID: Afx:%x:%x$Afx:%x:%x:%x:%x:%x
                                                                                                                                                                                                                          • API String ID: 845911565-79760390
                                                                                                                                                                                                                          • Opcode ID: 185380c17f3e10f88137a9faca9fc27fa13544327abe8820db251f053bfe582e
                                                                                                                                                                                                                          • Instruction ID: 5e2bc0c9903e67d624e6904b377db7cab433215c77962a9fd301ffb529028e81
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 185380c17f3e10f88137a9faca9fc27fa13544327abe8820db251f053bfe582e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3E210BB1901209AF8F10EFA9DD849DF7FB8EF59754B05403AF904A3201E7398A51DBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043FE60 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • Shell_NotifyIconA.SHELL32(00000001,?,?,00000058), ref: 0043FED9
                                                                                                                                                                                                                          • DestroyCursor.USER32(?), ref: 0043FEE6
                                                                                                                                                                                                                          • Shell_NotifyIconA.SHELL32(?,?,00000000,00000058), ref: 0043FF19
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: IconNotifyShell_$CursorDestroy
                                                                                                                                                                                                                          • String ID: X$d
                                                                                                                                                                                                                          • API String ID: 3039372612-651813629
                                                                                                                                                                                                                          • Opcode ID: 1d62806413a8ebbcc31434d8d1920f85dac1c8bd170452ec60b9791dcd9b4c7f
                                                                                                                                                                                                                          • Instruction ID: 5bdddd06a69a95be67eea1523c6cc597edcc4b148a53bd90775eb2547d44ee0a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1d62806413a8ebbcc31434d8d1920f85dac1c8bd170452ec60b9791dcd9b4c7f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A52108756087009FE310DF15D805B9BBBE5ABD9B04F00892EB9D992390E7B9990C8B96
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047D002 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                                                                          • String ID: (*K$H)K$d)K$h*K
                                                                                                                                                                                                                          • API String ID: 3519838083-2802786149
                                                                                                                                                                                                                          • Opcode ID: 1a16d0e60c224899f954e3295413f2bb397a2d8d8dce564312e7f28fd7c193b2
                                                                                                                                                                                                                          • Instruction ID: 61c8c593d88e16ab1e6d38bef71bda3f77ae03b9e57ad02fb19dd54afca0d640
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a16d0e60c224899f954e3295413f2bb397a2d8d8dce564312e7f28fd7c193b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B21BFB1A01B008FD360DF6A8545786FBE8BFA5314F008A1FD0AE97620C7F46108CB29
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00494E49 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000F0), ref: 00494E8A
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00494EA9
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00494EB4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000111,00000002,00000000), ref: 00494ECA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$EnabledItemLongMessageSend
                                                                                                                                                                                                                          • String ID: Edit
                                                                                                                                                                                                                          • API String ID: 3499652902-554135844
                                                                                                                                                                                                                          • Opcode ID: c979b8b86c45dc73f1d27a49a0335bb6e6e10029214f551616b75f4b11e9c216
                                                                                                                                                                                                                          • Instruction ID: 7ab8633536543f7d6b00309207e95aa9b22870a72bdad73e2e67cbb57791574f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c979b8b86c45dc73f1d27a49a0335bb6e6e10029214f551616b75f4b11e9c216
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E018030200205AAEE241A26DC09F6BBFA5BFD1B28F18453BF512D56E0DB68DC62D65C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00496258 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                                                                          • String ID: hK$hK$hK$hK
                                                                                                                                                                                                                          • API String ID: 3519838083-2217674060
                                                                                                                                                                                                                          • Opcode ID: 79504453efb1c4634facd7ff2425d6851b3dabbfdc64a5c61c6e10db041a4f3e
                                                                                                                                                                                                                          • Instruction ID: b57a664d84a8173f200f46419e5284df35e6b9f59f9b25d84aa4237e460f63e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79504453efb1c4634facd7ff2425d6851b3dabbfdc64a5c61c6e10db041a4f3e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B017171A006148BCF34AF58C3447AE7BA4EF46714F1641BF94959BBE1C7B8AC40CA8D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00453C90 Relevance: 7.7, APIs: 5, Instructions: 229COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Client$Copy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 472922470-0
                                                                                                                                                                                                                          • Opcode ID: dd1b39bc256b02288dc7ec23ee782160844ce5bb7b93b2e7e67eb61db15b9e99
                                                                                                                                                                                                                          • Instruction ID: 9fe39665c06b746c8983a986ec7d20cad30860b32537bc12dae3217f9e8ba849
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd1b39bc256b02288dc7ec23ee782160844ce5bb7b93b2e7e67eb61db15b9e99
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5581A1712043419FC724DF69C481B6FB7F5BBC474AF00491EF59A87282DB789D098BA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004799D0 Relevance: 7.7, APIs: 5, Instructions: 211COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004799F5
                                                                                                                                                                                                                            • Part of subcall function 00496595: GetWindowTextLengthA.USER32(?), ref: 004965A2
                                                                                                                                                                                                                            • Part of subcall function 00496595: GetWindowTextA.USER32(?,00000000,00000000), ref: 004965BA
                                                                                                                                                                                                                          • GetCurrentObject.GDI32(?,00000006), ref: 00479A65
                                                                                                                                                                                                                          • OffsetRect.USER32(?,00000001,00000001), ref: 00479B2C
                                                                                                                                                                                                                            • Part of subcall function 0049417B: InterlockedDecrement.KERNEL32(-000000F4), ref: 0049418F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: RectTextWindow$ClientCurrentDecrementInterlockedLengthObjectOffset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2119403043-0
                                                                                                                                                                                                                          • Opcode ID: f22761a5c48d89f6369a24c364b5e66080cfa87670939a485ded755c4f57f867
                                                                                                                                                                                                                          • Instruction ID: 4fe93102d429800466449a3a1279948c5acd216d2a7108f58f7c3514a910e0a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f22761a5c48d89f6369a24c364b5e66080cfa87670939a485ded755c4f57f867
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B68116B52083409FC714DF54C8849AABBEABFC9710F104A1EF99A87390D778ED45CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004A07E0 Relevance: 7.7, APIs: 5, Instructions: 208stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 004A07E5
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 004A0810
                                                                                                                                                                                                                            • Part of subcall function 004A0561: VariantChangeType.OLEAUT32(?,?,00000000,00000008), ref: 004A062C
                                                                                                                                                                                                                            • Part of subcall function 004A0561: SysFreeString.OLEAUT32(00000000), ref: 004A0659
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(0000000C), ref: 004A094D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Variant$ChangeClearFreeH_prologStringTypelstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2273458292-0
                                                                                                                                                                                                                          • Opcode ID: 83f6bd9a1bcf415a8d3a07f41f65c802499a57fdbd81c3cfbb0c646e692ff7e4
                                                                                                                                                                                                                          • Instruction ID: 1957fb23aa53b512f3f1a76b6e9190315ff8e9b425a5be74cb50ed044c83ce81
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 83f6bd9a1bcf415a8d3a07f41f65c802499a57fdbd81c3cfbb0c646e692ff7e4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6271D57590020AEBDF10DF95D891AAF7BB4FF2A350F14802AF8059B261D738DD81DB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00442960 Relevance: 7.7, APIs: 5, Instructions: 196windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00442A3C
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00008003,00000000,00000000), ref: 00442A53
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,00000000), ref: 00442AA5
                                                                                                                                                                                                                          • GetClientRect.USER32(?,00000000), ref: 00442AFD
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,00000000), ref: 00442B21
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: RectWindow$ClientMessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1071774122-0
                                                                                                                                                                                                                          • Opcode ID: 95dd2e822e27e7c4744a0d4cdc4a93235e7e5f9f2962157c038a63055ed2dde3
                                                                                                                                                                                                                          • Instruction ID: 415f9b3d1d1852ff733a0be11cf413b64ddc95d12abf0885856f71ef94399996
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95dd2e822e27e7c4744a0d4cdc4a93235e7e5f9f2962157c038a63055ed2dde3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2861E3716043529FD720DF25C980A6FBBE4EF88708F404A1EF98597381DB78E905CB9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00434B30 Relevance: 7.7, APIs: 5, Instructions: 155windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$ClientCreateEmptyFill
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 97219908-0
                                                                                                                                                                                                                          • Opcode ID: e806523dd5eb9c97673d2ffcc69bc4cf8224ad3761acf948fba7cd65d7c6af8c
                                                                                                                                                                                                                          • Instruction ID: 2cd513ce0f29b74fb5b8e5a97b791223ff1ea378f5f65fa344e3c2c9adbae9e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e806523dd5eb9c97673d2ffcc69bc4cf8224ad3761acf948fba7cd65d7c6af8c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7512AB1204702AFD704DF65C985E6BB7E9FB88714F04892EF55683251E738F814CBA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00487CEA Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetStartupInfoA.KERNEL32(?), ref: 00487D48
                                                                                                                                                                                                                          • GetFileType.KERNEL32 ref: 00487DF3
                                                                                                                                                                                                                          • GetStdHandle.KERNEL32(-000000F6), ref: 00487E56
                                                                                                                                                                                                                          • GetFileType.KERNEL32(00000000), ref: 00487E64
                                                                                                                                                                                                                          • SetHandleCount.KERNEL32 ref: 00487E9B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1710529072-0
                                                                                                                                                                                                                          • Opcode ID: 7a6ccfb208cd9335d220676002de9bea85f337cf6350dd23e4628f62f87741d2
                                                                                                                                                                                                                          • Instruction ID: 804ca7bbeff7da515a0483a1b67b384aaa5f3e9fe117059addb4604d385b6524
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a6ccfb208cd9335d220676002de9bea85f337cf6350dd23e4628f62f87741d2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92513D315086058FD720EB28D86477E7BE0EF12368F398AAED562872E1D738DC05D749
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00478C50 Relevance: 7.6, APIs: 5, Instructions: 127windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001009,00000000,00000000), ref: 00478C66
                                                                                                                                                                                                                          • ImageList_GetImageCount.COMCTL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,0047752E), ref: 00478CEC
                                                                                                                                                                                                                          • ImageList_GetImageCount.COMCTL32(?), ref: 00478D12
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001006,00000000,?), ref: 00478D57
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001007,00000000,00000007), ref: 00478D9A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Image$MessageSend$CountList_
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 102003083-0
                                                                                                                                                                                                                          • Opcode ID: e1d72bd9c292e2c3276e215e46bc735796ed8209cb4a41ffd7fb27c05138a8b7
                                                                                                                                                                                                                          • Instruction ID: 59ed528c03736bc59be99f082ec220c529aff76d8629cdd4e2648e388ffe9fa2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e1d72bd9c292e2c3276e215e46bc735796ed8209cb4a41ffd7fb27c05138a8b7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C641AF719053418FC724CF29C84469BBBE5FF89714F044A2EF898D7381DB78D9018BAA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047BB37 Relevance: 7.6, APIs: 5, Instructions: 127windowthreadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0047BB3C
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000138,?,?), ref: 0047BBD6
                                                                                                                                                                                                                          • GetBkColor.GDI32(?), ref: 0047BBDF
                                                                                                                                                                                                                          • GetTextColor.GDI32(?), ref: 0047BBEB
                                                                                                                                                                                                                          • GetThreadLocale.KERNEL32(0000F1C0), ref: 0047BC7A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$H_prologLocaleMessageSendTextThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 741590120-0
                                                                                                                                                                                                                          • Opcode ID: e4208e50fa9aea4b54520a06e7700f3833fa0e0196522941d9770b6231e84219
                                                                                                                                                                                                                          • Instruction ID: bb9e03fc8e7110021d82b5226d5088192284b46759ac94ff8201e902bb58ec6c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4208e50fa9aea4b54520a06e7700f3833fa0e0196522941d9770b6231e84219
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EC514E71800705DFCB21DF65C8446DAB7F0FF05314B21C91EE86A9B6A0EB78A941CB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00440AD0 Relevance: 7.6, APIs: 5, Instructions: 104windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00440BA0
                                                                                                                                                                                                                          • WinHelpA.USER32(?,00000000,00000002,00000000), ref: 00440BBB
                                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 00440BCB
                                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 00440BD8
                                                                                                                                                                                                                          • DestroyMenu.USER32(00000000), ref: 00440BE3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$DestroyHelpWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 427501538-0
                                                                                                                                                                                                                          • Opcode ID: 742056d1a04df481e186a4a611b40f2007a8fb9a61fa444bd37fb01539880af6
                                                                                                                                                                                                                          • Instruction ID: 72f07f1a20007ff203e42fabe4ad8377c817712873553fa41da689e47e55c3bb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 742056d1a04df481e186a4a611b40f2007a8fb9a61fa444bd37fb01539880af6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0F312871900249AFD3149FA6DC45E6BBBACFF45748F05491EF60553340DB39B8108BAE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044C3C0 Relevance: 7.6, APIs: 5, Instructions: 103synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • midiStreamStop.WINMM(?,00000000,-000001B1,00000000,0044BF2A,00000000,004DBB40,00442F26,004DBB40,?,0043DC7F,004DBB40,0043BC43,00000001,00000000,000000FF), ref: 0044C3F5
                                                                                                                                                                                                                          • midiOutReset.WINMM(?,?,0043DC7F,004DBB40,0043BC43,00000001,00000000,000000FF,?,00443441,?,?,0043B2F5), ref: 0044C413
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000007D0,?,0043DC7F,004DBB40,0043BC43,00000001,00000000,000000FF,?,00443441,?,?,0043B2F5), ref: 0044C436
                                                                                                                                                                                                                          • midiStreamClose.WINMM(?,?,0043DC7F,004DBB40,0043BC43,00000001,00000000,000000FF,?,00443441,?,?,0043B2F5), ref: 0044C473
                                                                                                                                                                                                                          • midiStreamClose.WINMM(?,?,0043DC7F,004DBB40,0043BC43,00000001,00000000,000000FF,?,00443441,?,?,0043B2F5), ref: 0044C4A7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: midi$Stream$Close$ObjectResetSingleStopWait
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3142198506-0
                                                                                                                                                                                                                          • Opcode ID: 825f0a6b5ef27a65a2d8a8ba56798936d377f9168bf482f08183e8f4d5280728
                                                                                                                                                                                                                          • Instruction ID: fa203d1c1954b06e91b90e9334344cff764df60792a679215be00325075efe3b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 825f0a6b5ef27a65a2d8a8ba56798936d377f9168bf482f08183e8f4d5280728
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 323181767017108BEB70DFA9D9D452BB7E5FB94305718893FE282C7A00C778E8458B98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043CD90 Relevance: 7.6, APIs: 5, Instructions: 92windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 0043CE00
                                                                                                                                                                                                                          • GetMenu.USER32(?), ref: 0043CE0F
                                                                                                                                                                                                                          • DestroyAcceleratorTable.USER32(?), ref: 0043CE5C
                                                                                                                                                                                                                          • SetMenu.USER32(?,00000000), ref: 0043CE71
                                                                                                                                                                                                                          • DestroyMenu.USER32(?,?,?,00439254,?), ref: 0043CE81
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$Destroy$AcceleratorTableWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1240299919-0
                                                                                                                                                                                                                          • Opcode ID: d533049b3a5780389831e6c0fba8ac17e56d5d69553319bbad1ca12d5e4bf58c
                                                                                                                                                                                                                          • Instruction ID: 36b40c700467bb807b4bc8392a59241ee56a3f06d8f599ee916909f249bf1748
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d533049b3a5780389831e6c0fba8ac17e56d5d69553319bbad1ca12d5e4bf58c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3331D6B16003026FC620EF75DC85DAB77A9EF85718F07852DF90597241EA38E806CBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004427F0 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsChild.USER32(?,?), ref: 0044280C
                                                                                                                                                                                                                            • Part of subcall function 004376E0: IsChild.USER32(?,?), ref: 0043775D
                                                                                                                                                                                                                            • Part of subcall function 004376E0: GetParent.USER32(?), ref: 00437777
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00442824
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 00442833
                                                                                                                                                                                                                          • PtInRect.USER32(?,?,?), ref: 00442854
                                                                                                                                                                                                                          • SetCursor.USER32(?,?,00000000,?,?,?,?,00442480), ref: 004428D2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ChildCursorRect$ClientParent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1110532797-0
                                                                                                                                                                                                                          • Opcode ID: 09ea6a2985657116545076e25bda4d3b0cf33206156dd603b046293c65ffc224
                                                                                                                                                                                                                          • Instruction ID: f4787d51e758b27275e011bc06a23a625495d4fe17315cede56d60024a0bd230
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09ea6a2985657116545076e25bda4d3b0cf33206156dd603b046293c65ffc224
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA21E671600201ABE720EF25CC45F5F77E9AF88754F454A2EF845E3280EA78E80586A9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00491CED Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 00491CF2
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00491D2F
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000464,00000104,00000000), ref: 00491D57
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00491D80
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000465,00000104,00000000), ref: 00491D9D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageParentSend$H_prolog
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1056721960-0
                                                                                                                                                                                                                          • Opcode ID: 80fae21ddbf6c5e499fd801d3cd67dc827dd3f90d140e62820777a8b875fac9d
                                                                                                                                                                                                                          • Instruction ID: 7c8dde7c0805d7d36ced7a0b618dfc5a4e7836bfb78fad370918703e0a895019
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80fae21ddbf6c5e499fd801d3cd67dc827dd3f90d140e62820777a8b875fac9d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30314070500616ABCF04EBA5CC56EAEBB74FF55328F10463AE521671E1DB38AE06CB58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042DE90 Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049AD24: __EH_prolog.LIBCMT ref: 0049AD29
                                                                                                                                                                                                                            • Part of subcall function 0049AD24: GetWindowDC.USER32(?,?,?,0042DEC1), ref: 0049AD52
                                                                                                                                                                                                                          • GetClientRect.USER32 ref: 0042DED2
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0042DEE1
                                                                                                                                                                                                                            • Part of subcall function 0049AADE: ScreenToClient.USER32(?,?), ref: 0049AAF2
                                                                                                                                                                                                                            • Part of subcall function 0049AADE: ScreenToClient.USER32(?,?), ref: 0049AAFB
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 0042DF0C
                                                                                                                                                                                                                            • Part of subcall function 0049AA1B: ExcludeClipRect.GDI32(?,?,?,?,?,75A4A5C0,?,?,0042DF1C,?), ref: 0049AA40
                                                                                                                                                                                                                            • Part of subcall function 0049AA1B: ExcludeClipRect.GDI32(?,?,?,?,?,75A4A5C0,?,?,0042DF1C,?), ref: 0049AA55
                                                                                                                                                                                                                          • OffsetRect.USER32(?,?,?), ref: 0042DF2F
                                                                                                                                                                                                                          • FillRect.USER32(?,?,?), ref: 0042DF4A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$Client$ClipExcludeOffsetScreenWindow$FillH_prolog
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2829754061-0
                                                                                                                                                                                                                          • Opcode ID: 6568a85ad6524b033a74358acf76c76aa3e8be67a82b8dbbb3cc08d0cb75f2ca
                                                                                                                                                                                                                          • Instruction ID: ba93f5679d1917c1a50e201b3f64d5db1cda0473420b78c2ae29b0aebf457a4e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6568a85ad6524b033a74358acf76c76aa3e8be67a82b8dbbb3cc08d0cb75f2ca
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 683150B5208702AFD714DF24D845EABBBE9FBC9714F008A1DF49687290DB38E905CB56
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00479520 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049846F: GetWindowLongA.USER32(?,000000F0), ref: 0049847B
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00479544
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0047955D
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,00000001,?,?), ref: 004795AC
                                                                                                                                                                                                                          • UpdateWindow.USER32(?), ref: 004795B2
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000000), ref: 004795D1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect$InvalidateWindow$ClientLongParentUpdate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 529115757-0
                                                                                                                                                                                                                          • Opcode ID: 216d9d577008a02cb7876ac15bd9acad37b1f07bec19dc60e0c5cfe0fea4c9e2
                                                                                                                                                                                                                          • Instruction ID: e3afa65dd693c18eb269195630ab3b220c0ba65ea7d1e6e3b9f159fc03da4746
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 216d9d577008a02cb7876ac15bd9acad37b1f07bec19dc60e0c5cfe0fea4c9e2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 67213E75604301AFCB14DF25C885A5BB7B9EFC8314F14892EF95997340D638E80A8B69
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049CF5F Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMapMode.GDI32(?,?,?,?,?,?,0047D28E,?,00000000,?,?), ref: 0049CF6F
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,00000058), ref: 0049CFA9
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,0000005A), ref: 0049CFB2
                                                                                                                                                                                                                            • Part of subcall function 0049AC07: GetWindowExtEx.GDI32(?,?,00000000,?,?,00000000,?,?), ref: 0049AC18
                                                                                                                                                                                                                            • Part of subcall function 0049AC07: GetViewportExtEx.GDI32(?,?), ref: 0049AC25
                                                                                                                                                                                                                            • Part of subcall function 0049AC07: MulDiv.KERNEL32(?,00000000,00000000), ref: 0049AC4A
                                                                                                                                                                                                                            • Part of subcall function 0049AC07: MulDiv.KERNEL32(?,00000000,00000000), ref: 0049AC65
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,000009EC,00000060), ref: 0049CFD6
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,000009EC,?), ref: 0049CFE1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsDevice$ModeViewportWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2598972148-0
                                                                                                                                                                                                                          • Opcode ID: 6eb9a3d6c6bf1e77c29405792ae83dcd22a573eea978c76078fae5e906495b00
                                                                                                                                                                                                                          • Instruction ID: e582160c4f5d19bce01473f8b2f636daae97243e6253c52d366c5c4af72aaa7b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6eb9a3d6c6bf1e77c29405792ae83dcd22a573eea978c76078fae5e906495b00
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2A11CE72200604AFDB21AF15CC84C2EBFAAEF89750B16443AF945973A1C771AC02DF99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049CFED Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMapMode.GDI32(?,00000000,?,?,?,?,0047D2C2,?), ref: 0049CFFD
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,00000058), ref: 0049D037
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(?,0000005A), ref: 0049D040
                                                                                                                                                                                                                            • Part of subcall function 0049AB9E: GetWindowExtEx.GDI32(?,0047D2C2,00000000,?,?,?,0047D2C2,?), ref: 0049ABAF
                                                                                                                                                                                                                            • Part of subcall function 0049AB9E: GetViewportExtEx.GDI32(?,?,?,0047D2C2,?), ref: 0049ABBC
                                                                                                                                                                                                                            • Part of subcall function 0049AB9E: MulDiv.KERNEL32(0047D2C2,00000000,00000000), ref: 0049ABE1
                                                                                                                                                                                                                            • Part of subcall function 0049AB9E: MulDiv.KERNEL32(46892C46,00000000,00000000), ref: 0049ABFC
                                                                                                                                                                                                                          • MulDiv.KERNEL32(0047D2C2,00000060,000009EC), ref: 0049D064
                                                                                                                                                                                                                          • MulDiv.KERNEL32(46892C46,?,000009EC), ref: 0049D06F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CapsDevice$ModeViewportWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2598972148-0
                                                                                                                                                                                                                          • Opcode ID: 80f6e550ef1fcd592c52f65b8ff231d48c988b27c2df7d74f628f7458572d5ff
                                                                                                                                                                                                                          • Instruction ID: 305b18ab9f982547a03e98a55c293febcb774dc9f99326b6989ef8618979486c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80f6e550ef1fcd592c52f65b8ff231d48c988b27c2df7d74f628f7458572d5ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B11CE72A01600AFDB219F15CC44C2EBFAAEF89714B15442AFA4197361C776EC42CF98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00432480 Relevance: 7.6, APIs: 5, Instructions: 56windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004926F5: SendMessageA.USER32(?,0000110C,00000000,00000040), ref: 00492716
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000004,?), ref: 004324A5
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000004,00000000), ref: 004324C5
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001101,00000000,00000000), ref: 004324D7
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000004,00000000), ref: 004324E5
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00001101,00000000,00000000), ref: 004324F7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: f4c7fe97a7cb10b4152e24ad20870f39d26abdc002614de07d3768f5a8148a74
                                                                                                                                                                                                                          • Instruction ID: 0b81c1e7f465de37c11db3a7e9c00d904b4706c787fac18b0327cc26a7204783
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f4c7fe97a7cb10b4152e24ad20870f39d26abdc002614de07d3768f5a8148a74
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 50016CB17407053AF534DA694DC1F67A29DAFDCB55F05451AF701D71C0CAE4EC064634
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049676A Relevance: 7.6, APIs: 5, Instructions: 52stringregistryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0049676F
                                                                                                                                                                                                                          • GetClassInfoA.USER32(?,?,?), ref: 0049678A
                                                                                                                                                                                                                          • RegisterClassA.USER32(00000000), ref: 00496795
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000034,?,00000001), ref: 004967CC
                                                                                                                                                                                                                          • lstrcatA.KERNEL32(00000034,?), ref: 004967DA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Classlstrcat$H_prologInfoRegister
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 106226465-0
                                                                                                                                                                                                                          • Opcode ID: 8a4fb0dbbbb3e8914a10eedb9de6dc4d2c168f85905261a2b179f2dd3d7b3027
                                                                                                                                                                                                                          • Instruction ID: da07893cebe2ac9f1eadf56f65a9247be07b369c7f0834437d7c99c66740b2c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a4fb0dbbbb3e8914a10eedb9de6dc4d2c168f85905261a2b179f2dd3d7b3027
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E112576900204BFCF10AFA69C04BAEBFB8AF05304F00446BF801A7291C3B99604CB68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047A84D Relevance: 7.5, APIs: 5, Instructions: 49memorystringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0047A86D
                                                                                                                                                                                                                          • SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 0047A875
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0047A87D
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000001), ref: 0047A8A3
                                                                                                                                                                                                                          • SysAllocString.OLEAUT32 ref: 0047A8AA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocByteStringlstrlen$CharMultiWide
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1909028937-0
                                                                                                                                                                                                                          • Opcode ID: 02ccbca2ec1e2aebcf3526a6858017e5f6d1c0268c1eb18b5e0606d186f9c26a
                                                                                                                                                                                                                          • Instruction ID: 8aa6d48765f3badfcb76d4cb024656c11ec337ca2a2815646646f53bebc3f7a3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 02ccbca2ec1e2aebcf3526a6858017e5f6d1c0268c1eb18b5e0606d186f9c26a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C401DF72500214ABDB106BA2DC44AEFBBACFF86365716802AFC15C2210D779891987AA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00487F0D Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000001,?,00486D0A,0048EA52,00000000,0048E9D8,?,?,00000001,00000800,004DBB41,?,?,0048D564,?,00000000), ref: 00487F0F
                                                                                                                                                                                                                          • TlsGetValue.KERNEL32(?,0048D564,?,00000000,?,0048CF94,00000000,00000000,00000000), ref: 00487F1D
                                                                                                                                                                                                                          • SetLastError.KERNEL32(00000000,?,0048D564,?,00000000,?,0048CF94,00000000,00000000,00000000), ref: 00487F69
                                                                                                                                                                                                                            • Part of subcall function 0048D60B: HeapAlloc.KERNEL32(00000008,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0048D701
                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(00000000,?,0048D564,?,00000000,?,0048CF94,00000000,00000000,00000000), ref: 00487F41
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 00487F52
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2020098873-0
                                                                                                                                                                                                                          • Opcode ID: ab0062158083fdb742e69add3bd433f0ab569b779b2160e5b1956544caecd155
                                                                                                                                                                                                                          • Instruction ID: 6bb9b5a492e064f0e63d29024273ad00c28438a59f6ba54605c4c41517946cf9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ab0062158083fdb742e69add3bd433f0ab569b779b2160e5b1956544caecd155
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BAF0F6326496116BCA303B35BC59F1E3F509F0A7717290A3AFA55992E0DB28C8018B98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049DE01 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • TlsFree.KERNEL32(00000000,?,?,0049E30E,00000000,00000001), ref: 0049DE0D
                                                                                                                                                                                                                          • GlobalHandle.KERNEL32(008A10D0), ref: 0049DE35
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,0049E30E,00000000,00000001), ref: 0049DE3E
                                                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0049DE45
                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(004FB4F0,?,?,0049E30E,00000000,00000001), ref: 0049DE4F
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$Free$CriticalDeleteHandleSectionUnlock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2159622880-0
                                                                                                                                                                                                                          • Opcode ID: 594fc57f10e6400ae663dbb1364461b5b0b063853c83f8662d3ae254b9b798f4
                                                                                                                                                                                                                          • Instruction ID: 74aebadd751aa3e607aad1dc94cb28e411ce5654341c3253129a0fcab2925885
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 594fc57f10e6400ae663dbb1364461b5b0b063853c83f8662d3ae254b9b798f4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E4F054327005105BDE219F39AC08A6B7EEDAF9671071A456AF915D7291CB64DC024768
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00430DA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 204windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DestroyCursor.USER32(?), ref: 00430F01
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F7,00000001,?), ref: 00430FA3
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000F7,00000000,?), ref: 00430FD5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CursorDestroy
                                                                                                                                                                                                                          • String ID: BUTTON
                                                                                                                                                                                                                          • API String ID: 1839592766-3405671355
                                                                                                                                                                                                                          • Opcode ID: 67d1b62946c93602ba56110030904dfdcbc4b6bceca0754b91bbf3f12dd5f2cf
                                                                                                                                                                                                                          • Instruction ID: 5868cfe4175ee455d8af621ff9f004c7cf731c8edc85e28026da949a732cf7f8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 67d1b62946c93602ba56110030904dfdcbc4b6bceca0754b91bbf3f12dd5f2cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2619BB57047049FD624DF25C891B6BB7E8FB88700F548A2EF58683780CB39E844CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047D652 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClearH_prologVariant
                                                                                                                                                                                                                          • String ID: <(K$@
                                                                                                                                                                                                                          • API String ID: 1166855276-1015998300
                                                                                                                                                                                                                          • Opcode ID: d689b8b5f1452c9ed819f13f50e1040b8ae45631934ac8ff85da89875fc28039
                                                                                                                                                                                                                          • Instruction ID: 94bc8820e7ea4c563cc4521baa1aba1d63e9f5be49b09911910b6a62692642cb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d689b8b5f1452c9ed819f13f50e1040b8ae45631934ac8ff85da89875fc28039
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9851A474E002099FDB04CFA9C988AEEB7F9FF48304F14856AE51AE7251E774A905CF60
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049A064 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 109COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GlobalLock.KERNEL32 ref: 0049A080
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 0049A0D3
                                                                                                                                                                                                                          • GlobalUnlock.KERNEL32(?), ref: 0049A16A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Global$ByteCharLockMultiUnlockWide
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 231414890-2766056989
                                                                                                                                                                                                                          • Opcode ID: afd239b9079d32a6dc9f85c50e21f9863779d70c5ccce2b6d3db3e90feca3c35
                                                                                                                                                                                                                          • Instruction ID: 5268b7d6b916c0ba725dcfaabd34a44efafb9f6c448f820f5fb52c2f756c4cf7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: afd239b9079d32a6dc9f85c50e21f9863779d70c5ccce2b6d3db3e90feca3c35
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8410672800215EFCF10DF98C8859AEBFB8FF40354F14817AE8159B254D7399A56CB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049E713 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMenuCheckMarkDimensions.USER32 ref: 0049E71F
                                                                                                                                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 0049E7CE
                                                                                                                                                                                                                          • LoadBitmapA.USER32(00000000,00007FE3), ref: 0049E7E6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2596413745-3916222277
                                                                                                                                                                                                                          • Opcode ID: 1ab8057fdc04ecade4e8dc18c99faf456c0bc54a9e7fa17626d0934b5ae298bb
                                                                                                                                                                                                                          • Instruction ID: bb746fbcfac3c0692dce3646bec03a43b74d10bfa3386712b9ef3919b1fc801d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ab8057fdc04ecade4e8dc18c99faf456c0bc54a9e7fa17626d0934b5ae298bb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3210371E00215AFEF10CFB9DC85BAE7BB8EB44700F0541B6E905EB282DB349A048B95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00461300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 63windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00491AB0: __EH_prolog.LIBCMT ref: 00491AB5
                                                                                                                                                                                                                            • Part of subcall function 00491AB0: lstrcpynA.KERNEL32(0043B24D,00000104,00000104,0049E22F,004FB4FC), ref: 00491BA2
                                                                                                                                                                                                                            • Part of subcall function 00491C12: lstrlenA.KERNEL32(?,?,?,0000000C,?,?,00447269,?,-00000001,00000000,?,?,?,004C8B88), ref: 00491C1C
                                                                                                                                                                                                                            • Part of subcall function 00491C12: GetFocus.USER32 ref: 00491C37
                                                                                                                                                                                                                            • Part of subcall function 00491C12: IsWindowEnabled.USER32(?), ref: 00491C60
                                                                                                                                                                                                                            • Part of subcall function 00491C12: EnableWindow.USER32(?,00000000), ref: 00491C72
                                                                                                                                                                                                                            • Part of subcall function 00491C12: GetOpenFileNameA.COMDLG32(?,?), ref: 00491C9D
                                                                                                                                                                                                                            • Part of subcall function 00491C12: EnableWindow.USER32(?,00000001), ref: 00491CBB
                                                                                                                                                                                                                            • Part of subcall function 00491C12: IsWindow.USER32(?), ref: 00491CC1
                                                                                                                                                                                                                            • Part of subcall function 00491C12: SetFocus.USER32(?), ref: 00491CCF
                                                                                                                                                                                                                            • Part of subcall function 00491CED: __EH_prolog.LIBCMT ref: 00491CF2
                                                                                                                                                                                                                            • Part of subcall function 00491CED: GetParent.USER32(?), ref: 00491D2F
                                                                                                                                                                                                                            • Part of subcall function 00491CED: SendMessageA.USER32(?,00000464,00000104,00000000), ref: 00491D57
                                                                                                                                                                                                                            • Part of subcall function 00491CED: GetParent.USER32(?), ref: 00491D80
                                                                                                                                                                                                                            • Part of subcall function 00491CED: SendMessageA.USER32(?,00000465,00000104,00000000), ref: 00491D9D
                                                                                                                                                                                                                            • Part of subcall function 00498505: SetWindowTextA.USER32(?,004459AA), ref: 00498513
                                                                                                                                                                                                                            • Part of subcall function 0049417B: InterlockedDecrement.KERNEL32(-000000F4), ref: 0049418F
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 004613AD
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004613BC
                                                                                                                                                                                                                            • Part of subcall function 0049866F: SetFocus.USER32(?,0049C8D5), ref: 00498679
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$MessageSend$Focus$EnableH_prologParent$DecrementEnabledFileInterlockedNameOpenTextlstrcpynlstrlen
                                                                                                                                                                                                                          • String ID: out.prn$prn
                                                                                                                                                                                                                          • API String ID: 4074345921-3109735852
                                                                                                                                                                                                                          • Opcode ID: 786a745146ab3c7d82ba917ca808348c7309fb5e30e4730bc28b766c27a11683
                                                                                                                                                                                                                          • Instruction ID: de3a4f55c5bbf1580e352cf1b507ea3c4c78d6a661e13da62942d76c09912d83
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 786a745146ab3c7d82ba917ca808348c7309fb5e30e4730bc28b766c27a11683
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A921A475144380ABD770EB14C88AF9BBBA4ABD4B14F104B1EF4A9572D1CBB85444C75A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0043E610 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClassInfoA.USER32(?,WTWindow,?), ref: 0043E638
                                                                                                                                                                                                                          • LoadCursorA.USER32(00000000,00007F00), ref: 0043E649
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000005), ref: 0043E653
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassCursorInfoLoadObjectStock
                                                                                                                                                                                                                          • String ID: WTWindow
                                                                                                                                                                                                                          • API String ID: 1762135420-3503404378
                                                                                                                                                                                                                          • Opcode ID: 0c31f5b0967281d8cfae216b3a95303004edcaa6137876831956632c23eeba54
                                                                                                                                                                                                                          • Instruction ID: e911e2fd7ed5a32462156f8401bfe2c9297703cf6ba11df7cfebaa65d694abe3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0c31f5b0967281d8cfae216b3a95303004edcaa6137876831956632c23eeba54
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DC11CBB1909300AFC300EF26988091BFFE8FF88714F85183EF98893351D33899458B8A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00475E70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCursorPos.USER32(?), ref: 00475E79
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00475E94
                                                                                                                                                                                                                          • PostMessageA.USER32(?,00000401,00000000,00000000), ref: 00475ED9
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClientCursorMessagePostScreen
                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                          • API String ID: 4019823077-2766056989
                                                                                                                                                                                                                          • Opcode ID: 50f2b6302a80dae7b0563eedb8e080c09f4f89fc18f7ba1a10f4e11b8c1a6ed7
                                                                                                                                                                                                                          • Instruction ID: 6931cb1c6211f9cdd9e5d8aa53c21c967a362a80f73892ccfaa4d06a2b205b77
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 50f2b6302a80dae7b0563eedb8e080c09f4f89fc18f7ba1a10f4e11b8c1a6ed7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84F08670504701BFCA20DB64D945A5B7BECAB84704F00C91DF84AD7244E774ED09C79A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049B765 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowLongA.USER32(00000000,000000F0), ref: 0049B776
                                                                                                                                                                                                                          • GetClassNameA.USER32(00000000,?,0000000A), ref: 0049B791
                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(?,combobox), ref: 0049B7A0
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClassLongNameWindowlstrcmpi
                                                                                                                                                                                                                          • String ID: combobox
                                                                                                                                                                                                                          • API String ID: 2054663530-2240613097
                                                                                                                                                                                                                          • Opcode ID: fbfc58109f8e179f3b65755b9cb5a8eb6ce2b28dd3c65ffaef55222214484fa4
                                                                                                                                                                                                                          • Instruction ID: bf1e242dd545b4cf18a543751dd377042885c8d15297c9bcb7fa40dfbe8c91d1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fbfc58109f8e179f3b65755b9cb5a8eb6ce2b28dd3c65ffaef55222214484fa4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2E06531554109BFCF009FB0EC49E9A3F68E711345F544231B812D51E0D774E546C799
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00488404 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,00482B20), ref: 00488409
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00488419
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                                                                                                                                          • Opcode ID: 4683de36982fd32e8951fad2e4d4699c307b9512dec383992120381576e5eab5
                                                                                                                                                                                                                          • Instruction ID: 09fe43ca9abea5ab4ee59e61eb69a6514d51cf1478c51a357a6c19c0016764b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4683de36982fd32e8951fad2e4d4699c307b9512dec383992120381576e5eab5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 83C0126178430275DA303F710C0975E2A484B14F03F64082A6409D01D0EF68C200463D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00484CC1 Relevance: 6.5, APIs: 5, Instructions: 278COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3cf9fa8f4a1c1fc87873a98753c734d28995b54e97314d05705a93ca3f64d06a
                                                                                                                                                                                                                          • Instruction ID: 1a3767fdf3dfabfaff423e041fb9da5a4691e5abf3bf76f280551656f3eec355
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3cf9fa8f4a1c1fc87873a98753c734d28995b54e97314d05705a93ca3f64d06a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92911871C01619AECF11BB69DC40AEF7AB8EB85764F240D2BF914B6290D7398D40C7AC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048BBE8 Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 265memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00008000,00004000,00000000,00000000,0043B1CC,00000000), ref: 0048BE40
                                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0048BE9B
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?), ref: 0048BEAD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Free$Virtual$Heap
                                                                                                                                                                                                                          • String ID: 'BI
                                                                                                                                                                                                                          • API String ID: 2016334554-252468676
                                                                                                                                                                                                                          • Opcode ID: a5a3c384d3652790658a851ced709558dec40b5aa35f8dec3e9363c31ddb300d
                                                                                                                                                                                                                          • Instruction ID: 17e7a78ceb45d060f815b52490dd6385b8b38f194d10b8f38e1161c05d147460
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a5a3c384d3652790658a851ced709558dec40b5aa35f8dec3e9363c31ddb300d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FCB17B34A002459FDB15DF04C5D0AAABBA1FF59318F24C5AED9595B3A2CB31ED42CB84
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044CD20 Relevance: 6.2, APIs: 4, Instructions: 246COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • midiStreamOpen.WINMM(-00000195,-0000016D,00000001,0044D340,-000001B1,00030000,?,-000001B1,?,00000000), ref: 0044CD4B
                                                                                                                                                                                                                          • midiStreamProperty.WINMM ref: 0044CE32
                                                                                                                                                                                                                          • midiOutPrepareHeader.WINMM(?,?,00000040,00000001,?,?,-000001B1,?,00000000), ref: 0044CF80
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: midi$Stream$HeaderOpenPrepareProperty
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2061886437-0
                                                                                                                                                                                                                          • Opcode ID: 9e01d250d38e5e5a4e8dce6192c1f29fd56b51385fd5e90d3555be8014e3aa2e
                                                                                                                                                                                                                          • Instruction ID: 817769d6240a7746ee5fbbffcb726d800d72ff615f54e74b8e7da4ca23feed0f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e01d250d38e5e5a4e8dce6192c1f29fd56b51385fd5e90d3555be8014e3aa2e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2FA149B16006068FD724DF28D8D0BAAB7E6FB84304F15492EE696C7650EB39F919CB44
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044B180 Relevance: 6.2, APIs: 4, Instructions: 202windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: __EH_prolog.LIBCMT ref: 0049ADDD
                                                                                                                                                                                                                            • Part of subcall function 0049ADD8: BeginPaint.USER32(?,?,?,?,0042EAC9), ref: 0049AE06
                                                                                                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0044B226
                                                                                                                                                                                                                          • PatBlt.GDI32(?,?,?,?,?,00F00021), ref: 0044B27B
                                                                                                                                                                                                                          • __ftol.LIBCMT ref: 0044B352
                                                                                                                                                                                                                          • __ftol.LIBCMT ref: 0044B35F
                                                                                                                                                                                                                            • Part of subcall function 0045C900: GetClientRect.USER32(?,?), ref: 0045C927
                                                                                                                                                                                                                            • Part of subcall function 0045C900: __ftol.LIBCMT ref: 0045C9FE
                                                                                                                                                                                                                            • Part of subcall function 0045C900: __ftol.LIBCMT ref: 0045CA11
                                                                                                                                                                                                                            • Part of subcall function 0049A9D9: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 0049A9FD
                                                                                                                                                                                                                            • Part of subcall function 0049A9D9: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 0049AA13
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Rect__ftol$ClientClipExclude$BeginH_prologPaint
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3882505602-0
                                                                                                                                                                                                                          • Opcode ID: c6500ceaff0f06e83c802b000de16f68f9665e3e02bf862010f28fe4e3939213
                                                                                                                                                                                                                          • Instruction ID: a57736b810cd2ef08c71ee59a2f87bf560c6b89a552b9825eaccc6071309b130
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6500ceaff0f06e83c802b000de16f68f9665e3e02bf862010f28fe4e3939213
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7719FB16083019FD714DF69C984A6BBBE9FBC8700F054A2EF59593390DB74DC048B96
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047EFCB Relevance: 6.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0047EFD0
                                                                                                                                                                                                                          • VariantClear.OLEAUT32(?), ref: 0047F082
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?,?,00000000), ref: 0047F11F
                                                                                                                                                                                                                          • CoTaskMemFree.OLE32(?,?,?,00000000), ref: 0047F12D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeTask$ClearH_prologVariant
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 82050969-0
                                                                                                                                                                                                                          • Opcode ID: d8ea4c2898e0b046f14fdfcfba0010bc9171d4d232b6e2854595004121ecd08d
                                                                                                                                                                                                                          • Instruction ID: 8867be347ee361a96d687becb049833791c245e2beb2cf5b9b3a792c7fce21a8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d8ea4c2898e0b046f14fdfcfba0010bc9171d4d232b6e2854595004121ecd08d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B612831600641DFCB20DFA5C8848AAB7F6FF49314754887EE54A9B762CB39EC49CB54
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048E637 Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • ReadFile.KERNEL32(000001D0,000001D0,00000000,000001D0,00000000,00000000,00000000,00000000), ref: 0048E6B1
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0048E6BB
                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,?,00000001,000001D0,00000000), ref: 0048E781
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0048E78B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorFileLastRead
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1948546556-0
                                                                                                                                                                                                                          • Opcode ID: c31a051a803cdb322596d9f73607b7e6e2fe43e03aaad27eab7f7fc81bd5bc4d
                                                                                                                                                                                                                          • Instruction ID: 6eb93e58b2b87b2f7a8940400cfce2434ef651859cbe6d5131226d82c4fa3b6f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c31a051a803cdb322596d9f73607b7e6e2fe43e03aaad27eab7f7fc81bd5bc4d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E251E534A04389DFDF21AF5AC884BAE7BB4BF16304F54489BE8519B355D338D942CB1A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047F306 Relevance: 6.2, APIs: 4, Instructions: 165windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 0047F324
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 0047F337
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0047F34A
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 0047F357
                                                                                                                                                                                                                            • Part of subcall function 00498576: MoveWindow.USER32(?,?,?,00000000,?,?,?,0047F498,?,?,?,?,00000000), ref: 00498592
                                                                                                                                                                                                                            • Part of subcall function 00498606: ShowWindow.USER32(?,?,0047F4A1,00000000,?,?,?,?,00000000), ref: 00498614
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Rect$DesktopMoveShowVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3835705305-0
                                                                                                                                                                                                                          • Opcode ID: 0e382617c5c29ea7b01fc68d4fb69f47fff1a28c0bba7453c75470c74bea1556
                                                                                                                                                                                                                          • Instruction ID: c6ffec0936aba76c5b1b86de711deb28149458cba6b236f993bdb6e0f5fcbcd3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e382617c5c29ea7b01fc68d4fb69f47fff1a28c0bba7453c75470c74bea1556
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 23510AB1A00209AFCB00DFA9C985DEEBBB9FF89305B144469F505EB250DB75AD05CB64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044A570 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: da03e55ee85eb320ac166a6fb6a53ccbce35f5fbc008f30de403323ed7ec4c2a
                                                                                                                                                                                                                          • Instruction ID: 94ab37b5b28b4abc403762ff9e0bf0784b4db0d163ec978fd1f7e0d644b41b6a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da03e55ee85eb320ac166a6fb6a53ccbce35f5fbc008f30de403323ed7ec4c2a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 605178B11483009FD720EF66C885C6BFBE8EAD5314F148A2EF59183251D779E918CBA7
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045D370 Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DeleteObject$Release
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2600533906-0
                                                                                                                                                                                                                          • Opcode ID: bc466ea159585edfb59b5b98fcd9a76ac9821202a8823ba03da4bb0849ae7ef6
                                                                                                                                                                                                                          • Instruction ID: 4566faffba45bdb24984a7323e7f100a7d54552100f68768b3eca6e19d7736cb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bc466ea159585edfb59b5b98fcd9a76ac9821202a8823ba03da4bb0849ae7ef6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2515CB1A002049FDF24DF68C48079A7BA5BF55301F0885BAED49CF34BE7359949CB65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004757A0 Relevance: 6.2, APIs: 4, Instructions: 161windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000102B,?,?), ref: 004758BE
                                                                                                                                                                                                                            • Part of subcall function 0049247F: SendMessageA.USER32(?,0000102E,?,?), ref: 004924A0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                                                                                                          • Opcode ID: 80b2de0f9d1a27def005f9293b4173edffd329c5635832ae704dbe6094f7a394
                                                                                                                                                                                                                          • Instruction ID: 354e2c4417554479b9813d786a70e055e07422bdbfe534b8743de7e6e5183f86
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 80b2de0f9d1a27def005f9293b4173edffd329c5635832ae704dbe6094f7a394
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3251C5716007019BD724DF16DC41BABB7E4FBC8760F45892EF949DB280D2B8E9058B9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00439350 Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 004393C4
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00439414
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00439434
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000013), ref: 004394AF
                                                                                                                                                                                                                            • Part of subcall function 00498606: ShowWindow.USER32(?,?,0047F4A1,00000000,?,?,?,?,00000000), ref: 00498614
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$ParentShow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2052805569-0
                                                                                                                                                                                                                          • Opcode ID: b8e232aab234976ffc4715d170dd7221aa9478c3c7466bce1ea00a2a9549a722
                                                                                                                                                                                                                          • Instruction ID: 4614bf75122210b064f89725b8022e47c902fa8754f8214284ec76b7e34819b1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8e232aab234976ffc4715d170dd7221aa9478c3c7466bce1ea00a2a9549a722
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B841B4726043016BC720DE65DC81FAB73A8AF58714F05452EFD489B381D7B8EC06CBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042D8B0 Relevance: 6.1, APIs: 4, Instructions: 144windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049862D: IsWindowEnabled.USER32(?), ref: 00498637
                                                                                                                                                                                                                          • IsWindowVisible.USER32(?), ref: 0042D8EA
                                                                                                                                                                                                                            • Part of subcall function 00496595: GetWindowTextLengthA.USER32(?), ref: 004965A2
                                                                                                                                                                                                                            • Part of subcall function 00496595: GetWindowTextA.USER32(?,00000000,00000000), ref: 004965BA
                                                                                                                                                                                                                            • Part of subcall function 00492834: SendMessageA.USER32(?,00000466,00000000,00000000), ref: 00492840
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 0042D984
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B1,00000000,000000FF), ref: 0042D9B0
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0042D9BF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$MessageSend$Text$EnabledLengthVisiblewsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1914814478-0
                                                                                                                                                                                                                          • Opcode ID: f27acc655ca3a5050ebddb903154574db99d8414c185a809e7833f7fbdbc9b86
                                                                                                                                                                                                                          • Instruction ID: a6b80bd5a35d029e77132260b538706df51f37ccfd678897b786ce2c9901b0a4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f27acc655ca3a5050ebddb903154574db99d8414c185a809e7833f7fbdbc9b86
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C5167B1608741AFD724DF18D981B5BB7F5BB88710F50891EF59A8B780CB78E801CB96
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048EA65 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 0048EB2C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileWrite
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                                                                                                          • Opcode ID: ef58a937c42e40004a9446f877379accd1a844c6c8478b09530e7d5e00d061f6
                                                                                                                                                                                                                          • Instruction ID: fef9d74f5294bfae0959f0d0a2afbe4011d15e202785244261189256e8e736b9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef58a937c42e40004a9446f877379accd1a844c6c8478b09530e7d5e00d061f6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3551B631A00108EFCB11EF6AC884A9D7BF1FF85344F1589A6E9169B251D734EA41CB55
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00430560 Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e7c788f1564a3711d2777653932898eaf6a4a1e7fcf247a202180adfc854d41a
                                                                                                                                                                                                                          • Instruction ID: cc87cea01a69f5ee47f18c93b96076dec7d2ce1e5c02996c2b5875ecb9e69e03
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e7c788f1564a3711d2777653932898eaf6a4a1e7fcf247a202180adfc854d41a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E3180723146019FE720DF68EC51B6B73E5EB88710F014D2EF542DB281E669E8418BA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049D210 Relevance: 6.1, APIs: 4, Instructions: 111networkCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InternetCanonicalizeUrlA.WININET(00000801,?,00000101,?), ref: 0049D25A
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0049D260
                                                                                                                                                                                                                          • InternetCanonicalizeUrlA.WININET(00000801,00000000,00000824,?), ref: 0049D286
                                                                                                                                                                                                                          • InternetCrackUrlA.WININET(?,00000000,?,-00000009), ref: 0049D2AC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Internet$Canonicalize$CrackErrorLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2691905175-0
                                                                                                                                                                                                                          • Opcode ID: 09ffce501d4c66e13ae2a4558dbe1dab2397b799a434cc044e314044ca26d2da
                                                                                                                                                                                                                          • Instruction ID: a299cc3b7a744fbe5bac91697f04c7e1136b9971ba25fe06946058a8740b3a28
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09ffce501d4c66e13ae2a4558dbe1dab2397b799a434cc044e314044ca26d2da
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 254157B590020A9FDF21DF64D940AAB7FA4FB09391F6044A2EC1197390D779DD81CBAA
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00456B20 Relevance: 6.1, APIs: 4, Instructions: 108windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00456B94
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B1,?,000000FF), ref: 00456BED
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 00456BFC
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000C2,00000000,?), ref: 00456C2A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2326795674-0
                                                                                                                                                                                                                          • Opcode ID: 2a3bc3b11cbb4e6e9a41f6881f40232f74db78d3b16b96b94a43e392f0f9b243
                                                                                                                                                                                                                          • Instruction ID: 79e6cee4d4a598d969ac3817475886eb721dfa729ff8332e807cb9abcab8877c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a3bc3b11cbb4e6e9a41f6881f40232f74db78d3b16b96b94a43e392f0f9b243
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8A41D6722487419BD321DF59C840B5BB7E4EB95710F448A2EF995873D1C738D409CB9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004738F0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID: Accept: */*
                                                                                                                                                                                                                          • API String ID: 0-2827933647
                                                                                                                                                                                                                          • Opcode ID: fc55a7dc20be76df2236ed4287ada7c6a5fc3bf044c710fb25fa0fad30514308
                                                                                                                                                                                                                          • Instruction ID: 2e8fa90f893eff2aa07eef977580e7d26bdc28b76754c13f50eb779a6f4c18f7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc55a7dc20be76df2236ed4287ada7c6a5fc3bf044c710fb25fa0fad30514308
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB3181F27012098BCF14DF65D880AE6B798EB50316B14C56FEA4ACB241DBB5D940D7A8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004636E0 Relevance: 6.1, APIs: 4, Instructions: 100windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateSolidBrush.GDI32(?), ref: 0046376A
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000030,00000000,00000000), ref: 004637AE
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B1,?,000000FF), ref: 004637E4
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004637F3
                                                                                                                                                                                                                            • Part of subcall function 00498505: SetWindowTextA.USER32(?,004459AA), ref: 00498513
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$BrushCreateSolidTextWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3501373727-0
                                                                                                                                                                                                                          • Opcode ID: f2ecf7438ff5c0f1396fdcf9d530045ffff1e0b28a975d7e9b6e861d601be71d
                                                                                                                                                                                                                          • Instruction ID: f44754faf13994f8dded99449853293d72941f9254f85942fedaf38b1ff681d8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f2ecf7438ff5c0f1396fdcf9d530045ffff1e0b28a975d7e9b6e861d601be71d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC317AB0204740AFD714DF19C851B2AFBE4FB89B14F108A1EF59587790DBB8E900CB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047ED49 Relevance: 6.1, APIs: 4, Instructions: 98COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeString$ClearVariant
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3349467263-0
                                                                                                                                                                                                                          • Opcode ID: 2b654779ce074e32c34002e76117a00abce35b0c64276c3af4708f16ba5c3499
                                                                                                                                                                                                                          • Instruction ID: 08d56a1f8ed2b3aee745efc6ed0f9af382cf6ddc4665cdb9862f1f4d42c69f27
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b654779ce074e32c34002e76117a00abce35b0c64276c3af4708f16ba5c3499
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA314A71A00219EFCB10DFA5C884EDEBBB8FF08B54F50851AF509A6240D774AA44CFA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00476590 Relevance: 6.1, APIs: 4, Instructions: 95windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 004765A5
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000419,?,00000000), ref: 004765DC
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000433,?,?), ref: 00476642
                                                                                                                                                                                                                          • ClientToScreen.USER32(?,?), ref: 0047666E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$ClientScreenWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4074774880-0
                                                                                                                                                                                                                          • Opcode ID: eb090b1104d3cd79500e29f823f11a9a6b4d7471d5e59aacb1faad42591948cc
                                                                                                                                                                                                                          • Instruction ID: 508f25af4b443bc9955ca1e7a91c6a56ae0866c26655ffc607715437370ec6b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb090b1104d3cd79500e29f823f11a9a6b4d7471d5e59aacb1faad42591948cc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6318EB16087019FD724CF29D880A5BB7F9FBC8344F41892EF94587340D774E8058B6A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049BD7F Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049BEF7: GetParent.USER32(?), ref: 0049BF2A
                                                                                                                                                                                                                            • Part of subcall function 0049BEF7: GetLastActivePopup.USER32(?), ref: 0049BF39
                                                                                                                                                                                                                            • Part of subcall function 0049BEF7: IsWindowEnabled.USER32(?), ref: 0049BF4E
                                                                                                                                                                                                                            • Part of subcall function 0049BEF7: EnableWindow.USER32(?,00000000), ref: 0049BF61
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 0049BDB5
                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,?,00000000), ref: 0049BE23
                                                                                                                                                                                                                          • MessageBoxA.USER32(00000000,?,?,00000000), ref: 0049BE31
                                                                                                                                                                                                                          • EnableWindow.USER32(00000000,00000001), ref: 0049BE4D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$EnableMessage$ActiveEnabledFileLastModuleNameParentPopupSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1958756768-0
                                                                                                                                                                                                                          • Opcode ID: 7df20d289a4e89a89e04587778b0530cc56ec6ada4d20e7f26c086a3d28a70f8
                                                                                                                                                                                                                          • Instruction ID: e1bd994d3fa006c95de6f25dd417e617698f38c6f00f2ebe6036a0cdc3f365ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7df20d289a4e89a89e04587778b0530cc56ec6ada4d20e7f26c086a3d28a70f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A219172A00104AFDF219F94ED85BEEBFB9EB04714F14053AE611E6280C7759D408BD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00498896 Relevance: 6.1, APIs: 4, Instructions: 85stringtimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(00498892,?,00000104,?,?,?,?,?,?,?,00498880,?), ref: 004988C0
                                                                                                                                                                                                                          • GetFileTime.KERNEL32(00000000,00498880,?,?,?,?,?,?,?,?,?,00498880,?), ref: 004988E1
                                                                                                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,00498880,?), ref: 004988F0
                                                                                                                                                                                                                          • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,?,?,00498880,?), ref: 00498911
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: File$AttributesSizeTimelstrcpyn
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1499663573-0
                                                                                                                                                                                                                          • Opcode ID: 30b5831473250eb76787f0292c10e58d9b531a9f9b46526ce08f4608b3889db4
                                                                                                                                                                                                                          • Instruction ID: 0e4edd3a3860ec58a841a787454f7a1ba312803206a19e9861935ed0bff10bdc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 30b5831473250eb76787f0292c10e58d9b531a9f9b46526ce08f4608b3889db4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 763181B2500205AFCB10DF64C885EABBFF8FB15314F10493EE256D7590DB74A985CB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00435020 Relevance: 6.1, APIs: 4, Instructions: 84windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetMessagePos.USER32 ref: 004350B8
                                                                                                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 004350DA
                                                                                                                                                                                                                          • ChildWindowFromPointEx.USER32(?,?,?,00000005), ref: 004350F0
                                                                                                                                                                                                                          • GetFocus.USER32 ref: 004350FB
                                                                                                                                                                                                                            • Part of subcall function 0049866F: SetFocus.USER32(?,0049C8D5), ref: 00498679
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Focus$ChildClientFromMessagePointScreenWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3117237277-0
                                                                                                                                                                                                                          • Opcode ID: 1cd28c8d0b3f524d0d62af28c62ee95a72072bfc1be5d10b72396ac3541fa451
                                                                                                                                                                                                                          • Instruction ID: d9ae45b041b5afabd8b820668bc8815017d2bd9a0a38eee9a5c58f62d45f8832
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1cd28c8d0b3f524d0d62af28c62ee95a72072bfc1be5d10b72396ac3541fa451
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2921E9317006026FD624AB24DC42F6F77A9AF84704F15852EF94587282DB38E916C79A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004648D0 Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemMetrics.USER32(0000002D), ref: 004648F9
                                                                                                                                                                                                                          • SystemParametersInfoA.USER32 ref: 00464953
                                                                                                                                                                                                                          • CreateFontIndirectA.GDI32(?), ref: 00464961
                                                                                                                                                                                                                          • CreatePalette.GDI32(00000300), ref: 004649B9
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateSystem$FontIndirectInfoMetricsPaletteParameters
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 934993634-0
                                                                                                                                                                                                                          • Opcode ID: a1d70e6538d0a6169ad1d88aa25297e57ff459821e26a753b0f66b4ee70a318f
                                                                                                                                                                                                                          • Instruction ID: d93bbbc6f8e356b1c9b4e89db02d5766645bc9cbdd2a46206675527101960ff9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a1d70e6538d0a6169ad1d88aa25297e57ff459821e26a753b0f66b4ee70a318f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02318CB40047808FD320CF29C888AABFBF5FF85304F44896EE19A8B691D775A448CB51
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00435940 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • StartPage.GDI32(?), ref: 00435985
                                                                                                                                                                                                                          • EndPage.GDI32(?), ref: 004359AB
                                                                                                                                                                                                                            • Part of subcall function 00443580: wsprintfA.USER32 ref: 0044358F
                                                                                                                                                                                                                            • Part of subcall function 00498505: SetWindowTextA.USER32(?,004459AA), ref: 00498513
                                                                                                                                                                                                                          • UpdateWindow.USER32(?), ref: 004359FA
                                                                                                                                                                                                                          • EndPage.GDI32(?), ref: 00435A12
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Page$Window$StartTextUpdatewsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 104827578-0
                                                                                                                                                                                                                          • Opcode ID: 7107ad28c7b0bea78b7252b889bc54c13e780d02974a1f3e48dcbd9c60f39735
                                                                                                                                                                                                                          • Instruction ID: 35276802cfe97a730785c3a20e6e9f4798cc32d5f790e00af89a7d73d12de059
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7107ad28c7b0bea78b7252b889bc54c13e780d02974a1f3e48dcbd9c60f39735
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D4218371601F009BC224EF3ADC84A9BB7E9EFC8704F14892EE59F87210E634A4458B58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042E9B0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Parent$RectWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2276825053-0
                                                                                                                                                                                                                          • Opcode ID: aa2d7ffa71e72811b1edddfe67a8bed5dce9a9a57f186bc9af84ca070f91bd52
                                                                                                                                                                                                                          • Instruction ID: 1006ab9d2f702c7ece7e3ca3aa65624bd97e2c388aaad9829761fb133e4f2870
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: aa2d7ffa71e72811b1edddfe67a8bed5dce9a9a57f186bc9af84ca070f91bd52
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E1163B52007059FDB24DF69D885E6B7BA9EB84304F04892DF85583341DA78ED058778
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004795E0 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004796C0: GetTopWindow.USER32(75A51AC0), ref: 004796CD
                                                                                                                                                                                                                            • Part of subcall function 004796C0: IsWindowVisible.USER32(00000000), ref: 004796E2
                                                                                                                                                                                                                            • Part of subcall function 004796C0: GetTopWindow.USER32(00000000), ref: 004796ED
                                                                                                                                                                                                                            • Part of subcall function 004796C0: GetWindow.USER32(00000000,00000002), ref: 00479708
                                                                                                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00479648
                                                                                                                                                                                                                          • IntersectRect.USER32(?,?,?), ref: 00479655
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 00479660
                                                                                                                                                                                                                            • Part of subcall function 0049AADE: ScreenToClient.USER32(?,?), ref: 0049AAF2
                                                                                                                                                                                                                            • Part of subcall function 0049AADE: ScreenToClient.USER32(?,?), ref: 0049AAFB
                                                                                                                                                                                                                          • RedrawWindow.USER32(?,00000705,00000000,00000705,?,?,?,?,?,75A51AC0,?,?,004A4F08,000000FF,004795C6,?), ref: 00479689
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Rect$ClientScreen$EmptyIntersectRedrawVisible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1303225554-0
                                                                                                                                                                                                                          • Opcode ID: ea91a97ce81b0b89d805a35122d5e1f1f2b88845191480337edf633445928be2
                                                                                                                                                                                                                          • Instruction ID: 67fe35eb63ea2f18877aaa5443b0717b0fef37fe09eadc479ac6a17923ea4d76
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ea91a97ce81b0b89d805a35122d5e1f1f2b88845191480337edf633445928be2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2421D0B2108741ABC700DF54D845EAFB7A8FBC9714F044E1DF14997290E738A908CBAB
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048FFED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,?,?), ref: 0049001C
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,?,00000000,00000000), ref: 0049002F
                                                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0049007B
                                                                                                                                                                                                                          • CompareStringW.KERNEL32(00468526,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00490093
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharMultiWide$CompareString
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 376665442-0
                                                                                                                                                                                                                          • Opcode ID: 5dbff2935aaa79c75d4d1e9444301eb34a4242fdaf22d86b59a15c12be387c9c
                                                                                                                                                                                                                          • Instruction ID: 2f4d7421976d9a318cc0c0c767c2de3cb3c0a0bb68367161356880fabe428c58
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5dbff2935aaa79c75d4d1e9444301eb34a4242fdaf22d86b59a15c12be387c9c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A7211832900209EFCF218F94DD41ADFBFB6FF49360F15452AFA2562160C3369922DB94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047A1D0 Relevance: 6.1, APIs: 4, Instructions: 63windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(00000001,00000030,?,00000001), ref: 0047A22D
                                                                                                                                                                                                                          • SendMessageA.USER32(00000001,00000030,?,00000001), ref: 0047A246
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0047A251
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 0047A264
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$ObjectStock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1309931672-0
                                                                                                                                                                                                                          • Opcode ID: 4dc6ffbd53d2571f276636e82404702e4db613dfe139a846a87057a9ecb77172
                                                                                                                                                                                                                          • Instruction ID: ae0983a377ded57976b8878c416a6938841c3452cbe48f28592f4183a9f2a871
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dc6ffbd53d2571f276636e82404702e4db613dfe139a846a87057a9ecb77172
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5B115E32310210AFC614DF55E944B9B77A9AFC8B10F05855AF6189B281C775EC02CBA6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0042BFA0 Relevance: 6.1, APIs: 4, Instructions: 63windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000030,?,00000001), ref: 0042BFFD
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000030,?,00000001), ref: 0042C016
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0042C021
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 0042C034
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$ObjectStock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1309931672-0
                                                                                                                                                                                                                          • Opcode ID: 07fa2c52ef425e3fbdf17a3fbdec539d08b734858408eeec16ade84fabf52dac
                                                                                                                                                                                                                          • Instruction ID: 79acb8d1d28fa0730f2671d4a2d9be26f2112df72736882a6f51480f2498b402
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 07fa2c52ef425e3fbdf17a3fbdec539d08b734858408eeec16ade84fabf52dac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DA116D32310220ABDA14DF59E944F9BB7A9EF88B10F05451AF6059B281C7B5EC42CBE5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049F403 Relevance: 6.1, APIs: 4, Instructions: 61stringwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __EH_prolog.LIBCMT ref: 0049F408
                                                                                                                                                                                                                          • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,00000000,00000000,00000000,?,?,004BC3E0,?,?,0047A82A,?,0047B0E6,00000000), ref: 0049F478
                                                                                                                                                                                                                          • lstrcpynA.KERNEL32(?,00000000,?,?,?,004BC3E0,?,?,0047A82A,?,0047B0E6,00000000), ref: 0049F494
                                                                                                                                                                                                                          • LocalFree.KERNEL32(00000000,?,?,004BC3E0,?,?,0047A82A,?,0047B0E6,00000000), ref: 0049F49D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FormatFreeH_prologLocalMessagelstrcpyn
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1069405352-0
                                                                                                                                                                                                                          • Opcode ID: 3def864415f6d25df02dfec52cdc5301e1484788f5bbf91728df896bc268f821
                                                                                                                                                                                                                          • Instruction ID: c1e3592d19cfb515cc830f66db74e12d48923814a5ed1a9ad39d9ca5cbb90077
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3def864415f6d25df02dfec52cdc5301e1484788f5bbf91728df896bc268f821
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6C119A72500208EFEF21DFA4CC81AAF7FA8EB08764F10853AF955CA190D3759945CBA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004378A0 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTopWindow.USER32(?), ref: 004378AD
                                                                                                                                                                                                                            • Part of subcall function 004376E0: IsChild.USER32(?,?), ref: 0043775D
                                                                                                                                                                                                                            • Part of subcall function 004376E0: GetParent.USER32(?), ref: 00437777
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,000000F0,00000000,00000000), ref: 00437906
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,000000F1,00000000,00000000), ref: 00437916
                                                                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 0043791B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSendWindow$ChildParent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1043810220-0
                                                                                                                                                                                                                          • Opcode ID: a6a7a0ad820b1777b95dd14a3873d6a284ad9d8712ac3d6eae049e20d707297e
                                                                                                                                                                                                                          • Instruction ID: 218599b841cc9ec3d274d5f72184f5fda96a3f465a4c578f4f3d610d5bddd1e4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6a7a0ad820b1777b95dd14a3873d6a284ad9d8712ac3d6eae049e20d707297e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F701D4B138571237F23166299C56F6B724C9F0EB60F150266F750EB2D1DE58ED0091BD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045BC00 Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 0045BC1B
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000083EB,?,00000000), ref: 0045BC45
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000083EC,?,00000000), ref: 0045BC59
                                                                                                                                                                                                                          • SendMessageA.USER32(?,000083E9,?,00000000), ref: 0045BC7C
                                                                                                                                                                                                                            • Part of subcall function 0049855B: GetDlgCtrlID.USER32(?), ref: 00498565
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CtrlParent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1383977212-0
                                                                                                                                                                                                                          • Opcode ID: c8373693680d6b33bdcea81fb298d7a2f95edfc7c1a09c59b60989ad528dc412
                                                                                                                                                                                                                          • Instruction ID: 66e93c3f21a7322bff7c76617fcb7066b9360db9daaf6737c1aed0d90deba339
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c8373693680d6b33bdcea81fb298d7a2f95edfc7c1a09c59b60989ad528dc412
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76018472200B047BD61166AD8CC6D2FB7ACEB85B15B01451EF90587282CF6CED0647AD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049487C Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 004948B0
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(?,00000000), ref: 004948B6
                                                                                                                                                                                                                          • DuplicateHandle.KERNEL32(00000000), ref: 004948B9
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 004948D3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentProcess$DuplicateErrorHandleLast
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3907606552-0
                                                                                                                                                                                                                          • Opcode ID: 8c951dcdacd5adcfdd185ef9e6ea606b76e1a97842f6bbd78a4edad71fc804b1
                                                                                                                                                                                                                          • Instruction ID: 6bd3f54b2a1d6af4cb1bc7d96dfbf454ffb6135a01b6750db497a336991004e9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c951dcdacd5adcfdd185ef9e6ea606b76e1a97842f6bbd78a4edad71fc804b1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A017135700204ABDF10EBAACD49F2A7FADAF84710F14407AFA08CB2C1EA64DC018764
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00492C32 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • WindowFromPoint.USER32(?,?), ref: 00492C4A
                                                                                                                                                                                                                          • GetParent.USER32(00000000), ref: 00492C57
                                                                                                                                                                                                                          • ScreenToClient.USER32(00000000,?), ref: 00492C78
                                                                                                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00492C91
                                                                                                                                                                                                                            • Part of subcall function 0049B765: GetWindowLongA.USER32(00000000,000000F0), ref: 0049B776
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$ClientEnabledFromLongParentPointScreen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2204725058-0
                                                                                                                                                                                                                          • Opcode ID: 9dcd81581d482c5071b55c87baadf57dca2ae8b0f9321986388f940922b20cdf
                                                                                                                                                                                                                          • Instruction ID: b687b16adfc69dbf6b694e8dee420961f86298e93fd20b001dbd853d7b59c8aa
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dcd81581d482c5071b55c87baadf57dca2ae8b0f9321986388f940922b20cdf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7601B53A600914BB8B015F589D04D6F7EADEF86740705407AF505D3314EB74CE009758
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047A270 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(00000030,00000030,?,00000001), ref: 0047A2A1
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000030,?,00000001), ref: 0047A2B9
                                                                                                                                                                                                                          • GetStockObject.GDI32(00000011), ref: 0047A2C3
                                                                                                                                                                                                                          • SendMessageA.USER32(?,00000030,00000000,00000001), ref: 0047A2E3
                                                                                                                                                                                                                            • Part of subcall function 0042BF40: CreateFontIndirectA.GDI32 ref: 0042BF89
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CreateFontIndirectObjectStock
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1613733799-0
                                                                                                                                                                                                                          • Opcode ID: cde28751f8acdeb548d833fb555fbfe44502346e055b5b67110fba0b9037f420
                                                                                                                                                                                                                          • Instruction ID: 159ab8520a0415a6d78811182494f552152c9ebe3d42098f1a6f92809c4d9a70
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cde28751f8acdeb548d833fb555fbfe44502346e055b5b67110fba0b9037f420
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2101B136210310AFCB10DB94ED45FDB3BA8AF8C710F0A8499F6049B291C775EC42CB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00497234 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 0049723F
                                                                                                                                                                                                                          • GetTopWindow.USER32(00000000), ref: 00497252
                                                                                                                                                                                                                          • GetTopWindow.USER32(?), ref: 00497282
                                                                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 0049729D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Item
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 369458955-0
                                                                                                                                                                                                                          • Opcode ID: bae8f90fc85e67afca86ce4d32be9d61bb38573cd0b50cc53d5feb49c8510511
                                                                                                                                                                                                                          • Instruction ID: eb284bc7495a8380e6da015bbb6d63d8d38df62bc9d24bf7d8fa137fe17fe939
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bae8f90fc85e67afca86ce4d32be9d61bb38573cd0b50cc53d5feb49c8510511
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7018B3213A615ABCF222F62CC05EAF3F68AF96764F0540B6FD0091251D739C9119BAE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004972AD Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTopWindow.USER32(?), ref: 004972BB
                                                                                                                                                                                                                          • SendMessageA.USER32(00000000,?,?,?), ref: 004972F1
                                                                                                                                                                                                                          • GetTopWindow.USER32(00000000), ref: 004972FE
                                                                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 0049731C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$MessageSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1496643700-0
                                                                                                                                                                                                                          • Opcode ID: ce13c5c50b27241fa0d88865d92e4f78939217473438d1953a9703fd4169ea81
                                                                                                                                                                                                                          • Instruction ID: 8b69929d19da41af25f8645c177b5e615d1c7f95b7cf80e3babf045433f460f8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce13c5c50b27241fa0d88865d92e4f78939217473438d1953a9703fd4169ea81
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 76014C3202451ABBCF126F95DC09EDF3F69BF49354F044022FE1050161C73AC922EBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00498E70 Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Item$EnableFocusMenuNextParent
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 988757621-0
                                                                                                                                                                                                                          • Opcode ID: 221790fa475fdf7a61a0c99694905eb319ed2893445aada30d8a3013c04f8aa6
                                                                                                                                                                                                                          • Instruction ID: 3c444f589eddda46cad7955ece23275daf7dc2833eaf619da0738427bdfd50a9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 221790fa475fdf7a61a0c99694905eb319ed2893445aada30d8a3013c04f8aa6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC117C311006009BCF289F28D829B6ABBB5EF41315F248A2EF142866A1CB78E8418B1C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049C123 Relevance: 6.0, APIs: 4, Instructions: 44registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004,?,?), ref: 0049C14F
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,?,?), ref: 0049C158
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 0049C174
                                                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 0049C18D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ClosePrivateProfileStringValueWritewsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1902064621-0
                                                                                                                                                                                                                          • Opcode ID: 324e5179436ee6cdd2b1de554f3653091f94164c639f77804f3582d68088c45f
                                                                                                                                                                                                                          • Instruction ID: 72cf3f7357b699a85c533d470400cf0341a892016b88bcb5cf7f0db4026c23c0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 324e5179436ee6cdd2b1de554f3653091f94164c639f77804f3582d68088c45f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 45016D32400219BBDF11AF64EC0AFAB3FA8AF09714F094436FA15A61A1D775D920CB98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004979A1 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetObjectA.GDI32(00000000,0000000C,?), ref: 004979DF
                                                                                                                                                                                                                          • SetBkColor.GDI32(00000000,00000000), ref: 004979EB
                                                                                                                                                                                                                          • GetSysColor.USER32(00000008), ref: 004979FB
                                                                                                                                                                                                                          • SetTextColor.GDI32(00000000,?), ref: 00497A05
                                                                                                                                                                                                                            • Part of subcall function 0049B765: GetWindowLongA.USER32(00000000,000000F0), ref: 0049B776
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Color$LongObjectTextWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2871169696-0
                                                                                                                                                                                                                          • Opcode ID: 92e777d803013529b6a1691f90f60943cb0c4864b0665741e8333730d534206c
                                                                                                                                                                                                                          • Instruction ID: 81cf341783841fe7412f0c8560a01f9c3fb7feaf044be55109d18e06109e5deb
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92e777d803013529b6a1691f90f60943cb0c4864b0665741e8333730d534206c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 13014B30118108ABEF219F64EC49EAF3F65EB05394F144932F902E52E0D735CA90DB6D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00461D60 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wsprintf
                                                                                                                                                                                                                          • String ID: %d.%d$gfff
                                                                                                                                                                                                                          • API String ID: 2111968516-3773932281
                                                                                                                                                                                                                          • Opcode ID: 9c1d42a6f47372285da47a8f87087cc80eb6150f4ae2f553b8d629dca3c18a43
                                                                                                                                                                                                                          • Instruction ID: e579c0c0c45b5a734bc76d4d0835166a9f6c646877d17e87393de44ff2a2a8dd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c1d42a6f47372285da47a8f87087cc80eb6150f4ae2f553b8d629dca3c18a43
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D7F0E07170020017C74C951EBC19F571A96ABD9711F09843FF449D7390D524DC51827E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049AB9E Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowExtEx.GDI32(?,0047D2C2,00000000,?,?,?,0047D2C2,?), ref: 0049ABAF
                                                                                                                                                                                                                          • GetViewportExtEx.GDI32(?,?,?,0047D2C2,?), ref: 0049ABBC
                                                                                                                                                                                                                          • MulDiv.KERNEL32(0047D2C2,00000000,00000000), ref: 0049ABE1
                                                                                                                                                                                                                          • MulDiv.KERNEL32(46892C46,00000000,00000000), ref: 0049ABFC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ViewportWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1589084482-0
                                                                                                                                                                                                                          • Opcode ID: 9158f16470104fcc877b53ee1457819fe69547787a8cc1e5ce758da18365de1a
                                                                                                                                                                                                                          • Instruction ID: f8b8983070312cfa7ef12a20792e525c6d532adba86e0b0e89033e656b951e7d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9158f16470104fcc877b53ee1457819fe69547787a8cc1e5ce758da18365de1a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0AF069B2400148FFEB007B61EC06CAEBFBDFF50320711082AF961A2170EB726D519B58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049AC07 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetWindowExtEx.GDI32(?,?,00000000,?,?,00000000,?,?), ref: 0049AC18
                                                                                                                                                                                                                          • GetViewportExtEx.GDI32(?,?), ref: 0049AC25
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000000,00000000), ref: 0049AC4A
                                                                                                                                                                                                                          • MulDiv.KERNEL32(?,00000000,00000000), ref: 0049AC65
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ViewportWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1589084482-0
                                                                                                                                                                                                                          • Opcode ID: a0e6e20e51f1f6315ce59d75a048bc7f1a734108458e6124699c343f457fb84a
                                                                                                                                                                                                                          • Instruction ID: 4426abf5b3816e65fac86daadd34e47b63f4861b6c41221aa07c6dc2e31a66d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0e6e20e51f1f6315ce59d75a048bc7f1a734108458e6124699c343f457fb84a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A0F069B2400148FFEB007B61EC06CAEBFBDFF50320711082AF961A2170EB726D519B58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049F01F Relevance: 6.0, APIs: 4, Instructions: 41memoryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SysStringLen.OLEAUT32(?), ref: 0049F029
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?,004A0669,00000000), ref: 0049F041
                                                                                                                                                                                                                          • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 0049F049
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,00000000,?,?,?,004A0669,00000000), ref: 0049F05E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3384502665-0
                                                                                                                                                                                                                          • Opcode ID: d1c0264bde7e34d895c3308d65bb7c80d705153b5d673ebf420fdc65254d8c60
                                                                                                                                                                                                                          • Instruction ID: 5b50a1ad94853763eb9aebf30dd4bc3125d8877b6bf9c1f8050fe4ba84bc0e45
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d1c0264bde7e34d895c3308d65bb7c80d705153b5d673ebf420fdc65254d8c60
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1F01CB21062287F96205B67DC4CCEBBFDCEE8F2B5B02452AF94882101C6759801CBF5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004796C0 Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTopWindow.USER32(75A51AC0), ref: 004796CD
                                                                                                                                                                                                                          • IsWindowVisible.USER32(00000000), ref: 004796E2
                                                                                                                                                                                                                          • GetTopWindow.USER32(00000000), ref: 004796ED
                                                                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 00479708
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Visible
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3657826678-0
                                                                                                                                                                                                                          • Opcode ID: 5fbdd0a44e16e0dc54c4f1ece0ecf2083539a14a6b6bea9078d62b3cea3323d3
                                                                                                                                                                                                                          • Instruction ID: 7cdd680f85021340f25d1ea4466db3b6860050c33ce97beaf80ba7c9f09003bf
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5fbdd0a44e16e0dc54c4f1ece0ecf2083539a14a6b6bea9078d62b3cea3323d3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F0A7326026217386216B6A6C85DDFB7DCAF86754B4A4526F90CE3241EF18ED0142FE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0045B5C0 Relevance: 6.0, APIs: 4, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32(?), ref: 0045B5CF
                                                                                                                                                                                                                          • PtInRect.USER32(?,?,?), ref: 0045B5E4
                                                                                                                                                                                                                            • Part of subcall function 0049862D: IsWindowEnabled.USER32(?), ref: 00498637
                                                                                                                                                                                                                            • Part of subcall function 0045BA00: UpdateWindow.USER32(00000002), ref: 0045BA1D
                                                                                                                                                                                                                          • GetCapture.USER32 ref: 0045B60C
                                                                                                                                                                                                                          • SetCapture.USER32(00000002), ref: 0045B617
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CaptureRectWindow$ClientEnabledUpdate
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2789096292-0
                                                                                                                                                                                                                          • Opcode ID: ecd823cbcd56d5349ff29fb59741e1ec898abe5f17625fae4b7a9bbbc8b3d71e
                                                                                                                                                                                                                          • Instruction ID: c05f1dceaa5324bfdad2d7da417aeffd6f0ff61d2f1ad13dda103e4cc589057c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ecd823cbcd56d5349ff29fb59741e1ec898abe5f17625fae4b7a9bbbc8b3d71e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AF04F71604610AFD720AB25DC45A6FBBA8FF48705F08491EF842C2251DB78ED09879E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00432AE0 Relevance: 6.0, APIs: 4, Instructions: 35registrystringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000001,00000000,00000000), ref: 00432AFA
                                                                                                                                                                                                                          • RegQueryValueA.ADVAPI32 ref: 00432B1E
                                                                                                                                                                                                                          • lstrcpyA.KERNEL32(?,00000000), ref: 00432B31
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00432B3C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpenQueryValuelstrcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 534897748-0
                                                                                                                                                                                                                          • Opcode ID: 1f04498db6be9c10a9d35a9aaba3cc1951e5dc9e562d47148e2f1c106b696c41
                                                                                                                                                                                                                          • Instruction ID: 8096a7e0066c89fdab28674583dde8835ac0ac9bb4b28576676deb7ee9d402c5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1f04498db6be9c10a9d35a9aaba3cc1951e5dc9e562d47148e2f1c106b696c41
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CCF04F75108302BFE320DF10DC88EABBBA8EBC5754F01891CB9C982290D670E844CBE6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049B84F Relevance: 6.0, APIs: 4, Instructions: 29stringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 0049B85C
                                                                                                                                                                                                                          • GetWindowTextA.USER32(?,?,00000100), ref: 0049B878
                                                                                                                                                                                                                          • lstrcmpA.KERNEL32(?,?), ref: 0049B88C
                                                                                                                                                                                                                          • SetWindowTextA.USER32(?,?), ref: 0049B89C
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: TextWindow$lstrcmplstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 330964273-0
                                                                                                                                                                                                                          • Opcode ID: 9dfe67d3228443ed8febbff44dfc62f880c45b9579c24d8d596287cc29e55d2c
                                                                                                                                                                                                                          • Instruction ID: 0b405ab43bfc2c0280b28d7e03aa032dee1c4016492062157d6d8f28e64189a6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9dfe67d3228443ed8febbff44dfc62f880c45b9579c24d8d596287cc29e55d2c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 05F08C32400118BBCF22AF20EC48ADE3FADFB08390F098071F859D1260E775CE948B98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049F2E5 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0049F307
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0049F314
                                                                                                                                                                                                                          • CoFreeUnusedLibraries.OLE32 ref: 0049F323
                                                                                                                                                                                                                          • GetTickCount.KERNEL32 ref: 0049F329
                                                                                                                                                                                                                            • Part of subcall function 0049F28A: CoFreeUnusedLibraries.OLE32 ref: 0049F2D2
                                                                                                                                                                                                                            • Part of subcall function 0049F28A: OleUninitialize.OLE32 ref: 0049F2D8
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 685759847-0
                                                                                                                                                                                                                          • Opcode ID: f8f5498aee3617a2cc27ce0e477658853460384639b7aba2c637cce1471f0b79
                                                                                                                                                                                                                          • Instruction ID: d70e17890a6a41cc7a472d1426ea7a728b2d9fc448438ce9c20558e8c6cb43af
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8f5498aee3617a2cc27ce0e477658853460384639b7aba2c637cce1471f0b79
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 84E09A30815211FFCB60BBA0ED48B2BBFA4EB82315F244477E84482220C77C0859DFAE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0047F96A Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 234COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: H_prolog
                                                                                                                                                                                                                          • String ID: 4$?K
                                                                                                                                                                                                                          • API String ID: 3519838083-3334391994
                                                                                                                                                                                                                          • Opcode ID: f8126dff0cd61ff971a05683bcd6f4cd89b3f04e0b71a5b1a9946f78e78e43ec
                                                                                                                                                                                                                          • Instruction ID: 2d64eb7e447f4c71ae0f0bb825348f3df1932ba9d9b84020f9b24876c7546853
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f8126dff0cd61ff971a05683bcd6f4cd89b3f04e0b71a5b1a9946f78e78e43ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 99918071900209DFCF15CF98C844BEEBBB4FF44314F2481AAE819AB251C779EA45CBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00482B92 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • __startOneArgErrorHandling.LIBCMT ref: 00482C22
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorHandling__start
                                                                                                                                                                                                                          • String ID: pow
                                                                                                                                                                                                                          • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                          • Opcode ID: 1947564eb3c1246d4c945d8b4e1e2a5be1e8300371710b8e1b8fa8d60bf6a597
                                                                                                                                                                                                                          • Instruction ID: d3024dd0fc8c2eaaf9b75402276a3f9b07179a1b899c24e79d6ee38f7abf9384
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1947564eb3c1246d4c945d8b4e1e2a5be1e8300371710b8e1b8fa8d60bf6a597
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC512670A0920696CB257B19CA4137F7BD4AB60750F608D6FE486423E9EF7C8C85974E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00456F30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CopyRect.USER32(?,00000000), ref: 00457090
                                                                                                                                                                                                                          • IsRectEmpty.USER32(?), ref: 0045709B
                                                                                                                                                                                                                            • Part of subcall function 00454180: CreateFontIndirectA.GDI32(?), ref: 004542AC
                                                                                                                                                                                                                            • Part of subcall function 004636E0: CreateSolidBrush.GDI32(?), ref: 0046376A
                                                                                                                                                                                                                            • Part of subcall function 004636E0: SendMessageA.USER32(?,00000030,00000000,00000000), ref: 004637AE
                                                                                                                                                                                                                            • Part of subcall function 004636E0: SendMessageA.USER32(?,000000B1,?,000000FF), ref: 004637E4
                                                                                                                                                                                                                            • Part of subcall function 004636E0: SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 004637F3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$CreateRect$BrushCopyEmptyFontIndirectSolid
                                                                                                                                                                                                                          • String ID: 4#K
                                                                                                                                                                                                                          • API String ID: 4199050670-2206497575
                                                                                                                                                                                                                          • Opcode ID: df8b2afe0c2eec8096b5fc945a8a4768067db32364526fc4b05d11d88a80f803
                                                                                                                                                                                                                          • Instruction ID: d593917a6abf5d23bdd08ccbba671369ce626ef80074120d177c6eba9be86510
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: df8b2afe0c2eec8096b5fc945a8a4768067db32364526fc4b05d11d88a80f803
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 786197712087419FD714DF25C841B6BB7E9BBD4709F00492EF98683382EB79E9098766
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00438190 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0043B9C0: GetCurrentThreadId.KERNEL32 ref: 0043B9E3
                                                                                                                                                                                                                            • Part of subcall function 0043B9C0: IsWindow.USER32(000203FE), ref: 0043B9FF
                                                                                                                                                                                                                            • Part of subcall function 0043B9C0: SendMessageA.USER32(000203FE,000083E7,?,00000000), ref: 0043BA18
                                                                                                                                                                                                                            • Part of subcall function 0043B9C0: ExitProcess.KERNEL32 ref: 0043BA2D
                                                                                                                                                                                                                          • DeleteCriticalSection.KERNEL32(004DC5B0,?,?,?,?,?,?,?,?,00442E8D), ref: 004381CA
                                                                                                                                                                                                                            • Part of subcall function 00496258: __EH_prolog.LIBCMT ref: 0049625D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalCurrentDeleteExitH_prologMessageProcessSectionSendThreadWindow
                                                                                                                                                                                                                          • String ID: !$#
                                                                                                                                                                                                                          • API String ID: 2888814780-2504090897
                                                                                                                                                                                                                          • Opcode ID: a6b6025743b6f8611f859ef6ffd20acc1acf38d862ddfa70783c6e89b7c07f7e
                                                                                                                                                                                                                          • Instruction ID: f2dfbfdf041ab57c4ef5c38e84a19bf762550b518e6d3db9cec34c56dc61144a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a6b6025743b6f8611f859ef6ffd20acc1acf38d862ddfa70783c6e89b7c07f7e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C1914D701187818AD312EF79C48579ABFD4EFB6308F54485EE49607393DBB86248C7E6
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044E130 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                                          • Opcode ID: 842a74b5b47f2abca1e97ebb72af84d18338920b0e4e353a0dc0a5f38383a2f9
                                                                                                                                                                                                                          • Instruction ID: 7c24c9f8d7b95fc5f7266bc979f813388783612fa27dcf7d7009950fb97508f9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 842a74b5b47f2abca1e97ebb72af84d18338920b0e4e353a0dc0a5f38383a2f9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 465191712043519BE718DF66C891A6BB7E8FF95318F000A2EF94293391D738E945CB96
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00487266 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Info
                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                          • API String ID: 1807457897-3032137957
                                                                                                                                                                                                                          • Opcode ID: 260b15b4b438e88c9ba58ee03da9906b58774ab5761c45b4b8c85e15602a9e58
                                                                                                                                                                                                                          • Instruction ID: 5b5e36a5efed0d0954c61077ffb5635f7bb7fd2c0b0b7b56e40fb0f8334c2709
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 260b15b4b438e88c9ba58ee03da9906b58774ab5761c45b4b8c85e15602a9e58
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1F4148314082585EEB12A754CD69BFF3FA9DB07700F2408E6DE45C6193C3698A58DBAF
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004824B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • IsChild.USER32(?,?), ref: 004824D1
                                                                                                                                                                                                                          • GetWindowLongA.USER32(?,000000EC), ref: 004824E8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ChildLongWindow
                                                                                                                                                                                                                          • String ID: 0
                                                                                                                                                                                                                          • API String ID: 1178903432-4108050209
                                                                                                                                                                                                                          • Opcode ID: 58ddf5ab56a739d3224bc6d20382b8c24a36adda3f0f81eebcb0e97639392e46
                                                                                                                                                                                                                          • Instruction ID: 13d3bb4d737c7b1368a4c2d8884991513114b3fed44a30a5160fa19543151cb2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58ddf5ab56a739d3224bc6d20382b8c24a36adda3f0f81eebcb0e97639392e46
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4521E5711413157ADB22B6259F61B6F665C9F45B58F240D1BFC05A2282DAFCCE42833C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0044DED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 0-3916222277
                                                                                                                                                                                                                          • Opcode ID: d5c0da62272224300aa8145c5b2b2bfad5a6d1023c662b187e95920d0c378ac2
                                                                                                                                                                                                                          • Instruction ID: f50bcb0ba10fd1cf53bd24ede9a32505acb20c3e1816f7799f31b222acb2ac62
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d5c0da62272224300aa8145c5b2b2bfad5a6d1023c662b187e95920d0c378ac2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8D318C716083409FD724DF24C844B6BB7F4FB95728F044A2EF89693290D738A909CB9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004967FB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0049EFB3: LeaveCriticalSection.KERNEL32(0043B1CC,0049E28C,00000010,00000010,0043B1CC,00000100,00000000,?,?,0049DC5C,0049DCBF,0049D53B,00499B97,00000100,00499B30,00000000), ref: 0049EFCB
                                                                                                                                                                                                                            • Part of subcall function 00485B2C: RaiseException.KERNEL32(004BAE78,?,?,0049E22F,00000000,00000000,004BAE78,?,?,0049DDA5,?,0049E22F,004FB4FC), ref: 00485B5A
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 00496841
                                                                                                                                                                                                                          • wsprintfA.USER32 ref: 0049685D
                                                                                                                                                                                                                          • GetClassInfoA.USER32(?,-00000058,?), ref: 0049686C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wsprintf$ClassCriticalExceptionInfoLeaveRaiseSection
                                                                                                                                                                                                                          • String ID: Afx:%x:%x
                                                                                                                                                                                                                          • API String ID: 2529146597-2071556601
                                                                                                                                                                                                                          • Opcode ID: 304b165a45a12de3347e5e323abdd2ca9c9e14f6c588d586edf3708297a17f4c
                                                                                                                                                                                                                          • Instruction ID: 42ec0f646c63e861fa5c1ab95820e9eccd648bac5fb194cbe46e4e9f19b97b1d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 304b165a45a12de3347e5e323abdd2ca9c9e14f6c588d586edf3708297a17f4c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 42111D71901209AFDF10EFA999819DFBFB8EF19754B05403BE904A3201E7789940CBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00475AE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00492771: SendMessageA.USER32(00001111,00001111,00000000,?), ref: 00492791
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110B,00000009,00000000), ref: 00475B14
                                                                                                                                                                                                                          • IsWindow.USER32(?), ref: 00475B1B
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Window
                                                                                                                                                                                                                          • String ID: F
                                                                                                                                                                                                                          • API String ID: 2326795674-1304234792
                                                                                                                                                                                                                          • Opcode ID: 723459a8fa456d293924dd0d281e4e55499d002220e1c3b40a086790debbe2cf
                                                                                                                                                                                                                          • Instruction ID: 0065f8167f334cc0fe618d084f2f7ffcdb36e7862e444b3f92656bc364546538
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 723459a8fa456d293924dd0d281e4e55499d002220e1c3b40a086790debbe2cf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41019271508700AFE310DF14C984BABBBF8BFC8B04F44491DF54996280D7F4A8048B9A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00451630 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateFontIndirectA.GDI32(00000000), ref: 00451682
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateFontIndirect
                                                                                                                                                                                                                          • String ID: ($x?L
                                                                                                                                                                                                                          • API String ID: 3720817429-1704310238
                                                                                                                                                                                                                          • Opcode ID: 88065b2649dc94fe9531b4b6f191bb5c4884b7fd0d62e323f1c2d9b23d30b873
                                                                                                                                                                                                                          • Instruction ID: f9e49ba0596b7e1d63b958c14f7da09ab821341293db3bb07939e262a8dc8761
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 88065b2649dc94fe9531b4b6f191bb5c4884b7fd0d62e323f1c2d9b23d30b873
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3AF0F63150834496C708C629C419B5FBFD1BFD9318F044A2DF98E832E1DAB88608C396
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00478810 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000100C,000000FF,00000001), ref: 00478836
                                                                                                                                                                                                                          • PostMessageA.USER32(?,00000401,00000000,00000000), ref: 0047884C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$PostSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2264170824-3916222277
                                                                                                                                                                                                                          • Opcode ID: 9cbbf20c4adcd1bfd578ff27c4188e928b3315b7d3cc24f4d34d529d8509fd3d
                                                                                                                                                                                                                          • Instruction ID: 655af698805ee9bd51d819831896f2b2242d070c5b2975a06eb5e6e2140510cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9cbbf20c4adcd1bfd578ff27c4188e928b3315b7d3cc24f4d34d529d8509fd3d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DDE04831650311ABE7306B248C89F977B987B05714F158B2EB5A5E61D0CFB4D8408719
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00475E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00475E23
                                                                                                                                                                                                                          • PostMessageA.USER32(?,00000401,00000000,00000000), ref: 00475E39
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Message$PostSend
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2264170824-3916222277
                                                                                                                                                                                                                          • Opcode ID: 1fc509c3a0c18ddf74f4ef7c0cabb0f737be9f47d2cdfd230e35eabef79fdf8e
                                                                                                                                                                                                                          • Instruction ID: f1cb59d627cf4139dd12f97d2103bd403be42c38f36b62b71a0702587cf37478
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1fc509c3a0c18ddf74f4ef7c0cabb0f737be9f47d2cdfd230e35eabef79fdf8e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEE04831740700ABEA349B249C45F9777996B04B01F05851EB656DB1C0CAF8E8428718
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00443BF0 Relevance: 5.1, APIs: 4, Instructions: 97COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wsprintf
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2111968516-0
                                                                                                                                                                                                                          • Opcode ID: e3f8101b163cc94c822466f392524aaf19e4a7d5d134ce6cfc21539812af7dd5
                                                                                                                                                                                                                          • Instruction ID: 8375ecd03b601dd23895302d4a511a74e384d752ccdd86fd7de9eb5fe555818e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3f8101b163cc94c822466f392524aaf19e4a7d5d134ce6cfc21539812af7dd5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8431C6B15043005BD204DF65D885EAFB7E8EFC4719F040A1EF94693281DB79DA08C6AB
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049E0CD Relevance: 5.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(?), ref: 0049E12A
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(?,?), ref: 0049E13A
                                                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 0049E143
                                                                                                                                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 0049E159
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2949335588-0
                                                                                                                                                                                                                          • Opcode ID: c1e4bb5abe587199fd7954d036914066515cbe1375ccd31a2dcbb1f2d7882cb9
                                                                                                                                                                                                                          • Instruction ID: 2bbd391dc4db89d824528a0111f7bdf476e00aeda4c34d43ade1cdeffae7f9bc
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1e4bb5abe587199fd7954d036914066515cbe1375ccd31a2dcbb1f2d7882cb9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 80219A31200200EFCB24CF56C84AF6A7BB4FF45752F04807EE9428B2A2C7B5E841CB54
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048C21A Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,0048BFE2,00000000,?,0043B1CC,004843A3,?,00000000,00000000,0043B1CC), ref: 0048C242
                                                                                                                                                                                                                          • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,0048BFE2,00000000,?,0043B1CC,004843A3,?,00000000,00000000,0043B1CC), ref: 0048C276
                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 0048C290
                                                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,?), ref: 0048C2A7
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AllocHeap$FreeVirtual
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3499195154-0
                                                                                                                                                                                                                          • Opcode ID: b16fbd1ff32b0683a540a8d41612da189da0cde74d620e917d753eb5dd8f2acf
                                                                                                                                                                                                                          • Instruction ID: 6c276b31497488818bfb4280d04d1e21e4b8ea8488d53c2c6e50829f37904a88
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b16fbd1ff32b0683a540a8d41612da189da0cde74d620e917d753eb5dd8f2acf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72118F352003809FC7219F58EC859377BB5FB9A310B514A6EE261C62F0CF719822DB98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0049EF43 Relevance: 5.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(004FB6D8,?,00000000,?,00000000,0049E275,00000010,0043B1CC,00000100,00000000,?,?,0049DC5C,0049DCBF,0049D53B,00499B97), ref: 0049EF7E
                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,00000000,0049E275,00000010,0043B1CC,00000100,00000000,?,?,0049DC5C,0049DCBF,0049D53B,00499B97), ref: 0049EF90
                                                                                                                                                                                                                          • LeaveCriticalSection.KERNEL32(004FB6D8,?,00000000,?,00000000,0049E275,00000010,0043B1CC,00000100,00000000,?,?,0049DC5C,0049DCBF,0049D53B,00499B97), ref: 0049EF99
                                                                                                                                                                                                                          • EnterCriticalSection.KERNEL32(00000000,00000000,?,00000000,0049E275,00000010,0043B1CC,00000100,00000000,?,?,0049DC5C,0049DCBF,0049D53B,00499B97,00000100), ref: 0049EFAB
                                                                                                                                                                                                                            • Part of subcall function 0049EEB0: GetVersion.KERNEL32(?,0049EF53,00000000,0049E275,00000010,0043B1CC,00000100,00000000,?,?,0049DC5C,0049DCBF,0049D53B,00499B97,00000100,00499B30), ref: 0049EEC3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalSection$Enter$InitializeLeaveVersion
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1193629340-0
                                                                                                                                                                                                                          • Opcode ID: ba6105ab4c58377ab1d5fe4d0f65a3b7e616629aa4f288cfb98daa4bf7ac3bef
                                                                                                                                                                                                                          • Instruction ID: 26392ca4e970dae7d2403543d47ec860ab6de2b309beed2ed3fa594396ce34f2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba6105ab4c58377ab1d5fe4d0f65a3b7e616629aa4f288cfb98daa4bf7ac3bef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D8F03C3200021AEFDB10EF56EC84966BBADFB52316B010437E64583525E734E465DAAD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0048A86B Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(?,00487EAC), ref: 0048A878
                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(?,00487EAC), ref: 0048A880
                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(?,00487EAC), ref: 0048A888
                                                                                                                                                                                                                          • InitializeCriticalSection.KERNEL32(?,00487EAC), ref: 0048A890
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000001.00000002.3191934885.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3191790225.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192171512.00000000004A6000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004C0000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004CF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192270570.00000000004F9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192587179.00000000004FE000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192637621.0000000000508000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192734071.000000000050E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192872231.000000000055D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192915107.0000000000560000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3192967719.0000000000564000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193006640.0000000000565000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          • Associated: 00000001.00000002.3193078221.0000000000579000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                          • Snapshot File: hcaresult_1_2_400000_SecuriteInfo.jbxd
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CriticalInitializeSection
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 32694325-0
                                                                                                                                                                                                                          • Opcode ID: 1e5741acb162fea7d0041d5cd27cd7ba2c8f4c4e6f5c9a86dd6dbcc6d7ba564c
                                                                                                                                                                                                                          • Instruction ID: ef3645364f995487a57d56d151ad8c0f5507331bc645384930bb351699e9382c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e5741acb162fea7d0041d5cd27cd7ba2c8f4c4e6f5c9a86dd6dbcc6d7ba564c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 91C00232901038ABCE927B65FE86D8A3F66EB072A03050072E10C528308AA21C60EFC8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%